Management account is missing

Frank_Sonder
Contributor

Hello everyone!

I'm trying to update our Mac in JAMF Pro (Cloud) to the latest MacOS versions and I'm seeing a lot of computers being Supervised: No and missing our management account in Local User. The funny thing is, they are checking in and inventory updates but I can't seem to send commands or even try to re-enroll through API, I get 401.

 

How can I re-enroll them to have the management account back in and without them to wipe and re-enroll. There must be a way to re-enroll without impacting the user ?

7 REPLIES 7

shaquir
Contributor III

Any recent changes to the management account password?

Not sure if this is the API method you've tried, but Jamf support recently pointed me to this guide for re-erolling machines that are checking into: Jamf https://www.modtitan.com/2022/02/jamf-binary-self-heal-with-jamf-api.html

This didn't resolve my issue (unrelated MDM issues), but may be worth a try for you

Nope, I never changed it, left it in there with a random password since day one.

Yeah, I did try the API pushing with the Jamf Managment Framework, it does the push but then I go into the machine's management and you can see commands are all pending. So it's working half way... I'm trying to find a way to re-enroll without the user doing it manually from https://skjhgs.jamfcloud.com/enroll or email invitation. Thanks

The error I get from the API site: 

Computer with given id does not exist

Media type
application/json
{
  "httpStatus": 400,
  "errors": [
    {
      "code": "8675309",
      "field": "Name",
      "description": "I've just picked up a fault in the AE35 unit. It's going to go 100% failure in 72 hours",
      "id": "3"
    }
  ]
}

Hi @Frank_Sonder , did you solve this? I have a machine that is unsupervised and can't be reenrolled using the API either. I see the same error, no ID found.

Thanks

No, unfortunately, I've never been able to fix this. I see the computer in JAMF but the service account is not there, and all tasks in management are just sitting there doing nothing.

shaquir
Contributor III

Was the MDM profile added via DEP and set to non-removable?  Is it marked as "Verified" in System Preferences?  When was the machine enrolled in Jamf originally? 

Machine was enrolled 2 years ago manually I believe and yes we have a policy config profile that locks the profile and we cannot remove it