Jamf Nation Community

D1anna · ‎03-20-2023

Hello,

We have a few devices that have not checked in to Jamf pro since 9/23/23. These are active devices.

What are the reasons Macs stop check-in, and how to fix these issues?

Thanks

jcarr · ‎03-20-2023

Is it possible to try to check in manually? If you have physical access to one of the devices, or can have the user run one or both of the following commands:

sudo /usr/local/bin/jamf policy

or

sudo /usr/local/bin/jamf recon

mvu · ‎03-20-2023

What do you see when you open Terminal and enter:

jamf checkJSSConnection

D1anna · ‎03-22-2023

JSS is available

mvu · ‎03-22-2023

Try this on one of the Macs:

sudo profiles renew -type enrollment

or

sudo jamf enroll -prompt

https://www.alansiu.net/2020/03/18/fixing-jamf-device-signature-error/

D1anna · ‎03-22-2023

What I do next after running the sudo profiles renew -type enrollment

Sorry I'm new to jamf

mvu · ‎03-22-2023

After you enter the admin password in Terminal, did you see any profile prompts? Might depend on what OS you're on.

Try going to System Preferences/Settings, Privacy and Security, Profiles. Find MDM profile. Does it ask you to install or accept?

D1anna · ‎03-22-2023

The profiles icon is greyed out.

mvu · ‎03-22-2023

Is this what you're seeing? https://discussions.apple.com/thread/253657493

Try to remove Jamf framework and then try to re-enroll to Jamf.

D1anna · ‎03-22-2023

I was not able to re-enroll in the device.

D1anna · ‎03-22-2023

I don't see any profile prompt after running the enrollment command

mvu · ‎03-22-2023

Back up the data, wipe, and re-provision?

D1anna · ‎03-22-2023

Yes, I was thinking of doing that. I tried to get other solutions before doing that, so I can try if this happens again.

tdooley · ‎05-10-2024

Exactly what I was looking for, thanks!

jcaleshire · ‎03-20-2023

As obi-k and jcarr mentioned above, you can run

sudo jamf checkJSSconnection

to make sure that the Mac can contact your server,

sudo jamf recon

to have the Mac check-in and update inventory, and finally

sudo jamf policy

to run any pending policies that are waiting for check-in.

If the Mac is unable to check-in, however, then you may be looking at some other problems. Since it sounds like only a handful of machines are exhibiting the issue, it's safe to say that it's not a server-side issue (again, probably). Assuming that the Mac is powered on and connected to a known-good network, but is still unable to check-in, the cause could be a few things:

The management profile has expired/is missing
Local endpoint protection software could be blocking MDM traffic
Broken Jamf agent on the Mac
Missing/expired identity certificate on the Mac

The best way to figure it out is to get your hands on one of the Macs with the problem and run a few terminal commands, then go from there.

D1anna · ‎03-22-2023

When I run the sudo jamf recon I get : Device Signature Error - A valid device signature is required to perform the action.

D1anna · ‎03-22-2023

How can we check these? IT will give me an idea of what was causing this issue

The management profile has expired/is missing
Local endpoint protection software could be blocking MDM traffic
Broken Jamf agent on the Mac
Missing/expired identity certificate on the Mac

bhabibintercom · ‎03-29-2023

Try redeploy the Jamf management framework https://pro4tlzz.github.io/JamfHealComputer.html

The device will reenroll and trigger enrollment policies

d_sutton · ‎09-25-2023

I too recently had a bunch of machines failing to check in. What I found is that majority/all of these machines were stuck running "jamf policy", some of them went back a month or more even.

After working with support who suggested re-enrolling devices, which is not ideal in a hybrid work status or working with 30-40+ people giving them instructions. I did some trial and error on my end. What I found was that if I ran a "sudo killall jamf" on impacted devices, followed by "jamf policy" and they would start checking in again without the need to re-enroll the device(s).

I do have a 3rd party patching tool though that allows me to push out scripts and stuff to machines, so that helped bypass Jamf where it couldn't talk to machines.

Hope this help others.

ganidran · ‎10-18-2023

Interesting point! What tool is that by the way?

d_sutton · ‎10-19-2023

We are using Endpoint Central Cloud UEM edition, its made by ManageEngine. They have just a patching tool the supports many 3rd party apps on windows and macs, but we went with the full suite as we also have their ticketing system so they all integrate. The full suite gives you the ability to push out scripts without needing to install another MDM, just requires a small lightweight on all machines/servers it runs on.

Jamf Nation Community

Macs not checking in Jamf Pro