Managed/UnMamanged discrepancy

mletendre
New Contributor

I have been getting JAMF Pro deployed to some machines, many are via user initiated. Out of 20 of them we have one that I sent him the download link, installed it find, and on his machine it says managed by our company, and the profile is verified, but in the JAMF Pro portal it says unmanaged.  I had him reboot, reinstall, and still no dice. He is installing it from his home network so I dont think he would have ports closed off as he didnt even know what I was talking about when I asked if he had any port rules or any network ACLs.

 

5 REPLIES 5

AJPinto
Honored Contributor III

Its probably not enrolling correctly. If all other devices are working fine there is probably something up with this Mac. 

 

I would do one of two things depending on how much effort I wanted to spend.

  • Open a JAMF success ticket to troubleshoot the enrollment
  • Retrovision the device and start from scratch

Never rule out a possible configuration on the device or the network from causing issues. Also make sure to delete the record in JAMF before you try or enroll again to make sure nothing from the old record carries over.

Moreno
New Contributor

Oh man I am just going through with this exact thing! we had 12 out of 1100 computers in our company set as unmanaged. I opened up a ticket with Jamf and we did find something very interesting...
1. Go to Computers and pick a correctly enrolled Macbook

2. Inventory > General > edit

3. Notice at the bottom there is a Checked off box next to "Allow Jamf Pro to perform management tasks?" with a username and password underneath (this is your user-initiated enrollment account)

4. On an unmanaged laptop in Jamf pro, this box will be unchecked (in our case all 12 were unchecked)

5. Check the box and fill in the username and password (user-initiated enrollment account) 

6. Status will change to managed almost immediately within Jamf pro, give it some time and try to push a policy or config profile to the machine to test

7. If it doesn't fail, machine managed

We just went through this a couple days ago so we are still monitoring the devices and slowly checking in with the users as we can to see if their laptops are correctly managed.

When you say '5. Check the box and fill in the username and password (user-initiated enrollment account) ' I believe youre talking about the account that is set up in the JAMF settings under Global Management settings -> User Initiated Enrollment, which would be fine, however on ours it is set to 'Randomly generate passwords' , so I'm not sure how to  determine the correct password to use.... 

AJPinto
Honored Contributor III

I was thinking the same thing. The enrollment account should have a randomly set password, this is per JAMFs recommendation and security guidelines. I suppose you could use a service account with some obnoxious password, but its still against best practice to have the enrollment password known. Probably something that should have been troubleshot with the jamf manage command.

I asked this exact question to Jamf support via an email thread and they responded to put in a random set of characters. Once we click save up top, it updates and randomly assigns a new password like the setting states. So far we have been seeing great results with this method, the 12 computers are checking in every 5 minutes and policies are pushing through like our Update Inventory running every hour or so