Posted on 10-15-2013 08:17 AM
We are looking forward to new features for MDM's in iOS 7, so I am setting up a new server instance on 10.8.
How can I go about getting all machines and iOS devices moved over to the new JSS?
The new server has a different DNS name and it is not possible to redirect the DNS name either. How can I go about making sure all Computers jump onto the new JSS? I know for iOS devices, they will all have to be physically touched in order to enroll in the new JSS.
Solved! Go to Solution.
Posted on 10-15-2013 08:39 AM
When I was going about moving dns's, in order for everything to play nice the easiest way was to export the backup, import the new backup to the new server, and have re-enroll the machines through quick add as an automated policy which was built on the new server.
This way kept our Sys logs/filevault encryption keys intact.
Make sure you re-issue an APN cert for the new server or MDM won't play nice.
Posted on 10-15-2013 10:31 AM
We did a full DNS and IP change so we started over. What I did was kept both JSS's up at the same time and then did an export to a Spreadsheet, then launched RECON and added the machines by network segments.
Posted on 10-15-2013 08:39 AM
When I was going about moving dns's, in order for everything to play nice the easiest way was to export the backup, import the new backup to the new server, and have re-enroll the machines through quick add as an automated policy which was built on the new server.
This way kept our Sys logs/filevault encryption keys intact.
Make sure you re-issue an APN cert for the new server or MDM won't play nice.
Posted on 10-15-2013 10:31 AM
We did a full DNS and IP change so we started over. What I did was kept both JSS's up at the same time and then did an export to a Spreadsheet, then launched RECON and added the machines by network segments.
Posted on 10-15-2013 10:46 AM
@rderewianko Would that work even if the IP, DNS and essentially everything else, has changed if I used the Quick Add package?
@Matt I haven't thought about that solution. I haven't played around much with RECON, would that allow me to set what management user I would want created etc or would it use the same saved credentials?
Posted on 10-15-2013 10:53 AM
Usher, yes, however you have to keep the OLD dns available for machines to check into one last time.. I assume your client machines are still the same.
One downside is if you do a static tie to AD under user and location you'll need to manually put them back in.
You still use recon for this to create your base package.
@matt's way works, but it requires you to be able to hit the mac's inside your network, as your pushing a package to them vs hosting it for clients to pull.
Posted on 10-15-2013 10:53 AM
You would need to set the user in the JSS then in Recon you can add the credentials for what account to use. RECON is just an automated quickadd installer.
Posted on 10-15-2013 10:55 AM
Thanks for the replies :)
I will try making a policy on the old JSS for clients to fetch and install the new QuickAdd.pkg
I will post my results once I start seeing some
Posted on 10-15-2013 10:57 AM
Make sure you make your QuickAdd in recon ;) just grabbing it from /enroll will not work, as that'll not work. (quickadd on /enroll has a 1 use token assigned to it)
Posted on 10-15-2013 11:57 AM
I have restored a backup of the database to the new JSS server and it has converted everything over.
For some reason it says there are Computers enrolled but doesn't list any when searching. I looked in the MySQL database and there are computers listed in the "computers" table. How can I go about getting these to show up in simple finds?
Posted on 10-15-2013 12:15 PM
if your upgrading to v9 they've changed the way you search.. a blank search will return nothing, but a search with * will return everything..
More info here: https://jamfnation.jamfsoftware.com/discussion.html?id=8124
Posted on 10-15-2013 03:39 PM
@rderewianko I tried that and still got no results. I even hit "View" on some of my Smart Groups and there were no results either.
Posted on 10-15-2013 03:44 PM
try rebooting tomcat..
If you go to the gear -> jss information -> generate report. Does it tell you you have managed computers?
Posted on 10-15-2013 03:56 PM
It says I have 0 managed computers
Posted on 10-15-2013 04:48 PM
was the old server v8 and the new v9? I haven't tried doing a copy from a v8, straight without upgrade to v9... that may have something to do with it.
Posted on 10-15-2013 07:33 PM
If you have enough equipment or VM's, have you considered keeping the machines on the existing and only setting up the new JSS for iOS devices? I am not sure if that would change your licensing but if you have a large number of clients it might be beneficial to have unique JSSs for each platform.
Posted on 10-16-2013 07:38 AM
@rderewianko Yes, the old one is V8
@jhalvorson We don't have any VM's available right now, but we have those in a hopeful future purchase. I would like to keep the two things the same, but also get them off the current box as well and make the JSS it's own box
Posted on 10-16-2013 08:39 AM
If your upgrading from v8 - v9 and moving servers, i'd suggest getting v8 up on your new server running (confirm its showing clients.. )then upgrade that server to v9..
Posted on 10-16-2013 08:39 AM
If your upgrading from v8 - v9 and moving servers, i'd suggest getting v8 up on your new server running (confirm its showing clients.. )then upgrade that server to v9..
Posted on 10-16-2013 12:22 PM
Thanks for the advice, but my boss is pushing for us to get the iOS part rolled out tomorrow, so I am going to continue with that and use the old JSS for computers until I can push out a QuickAdd from it to the new server. The Groups and everything will be the same since they were Smart Groups, so I don't forsee any issues there
Posted on 10-17-2013 11:34 AM
@usher.br I asked around last night, and got confirmation from support that you have to run a 8.x version on the new server, import your database, then install 9.x.
Importing a 8.x database into a 9.x server does not work, which would be why your not seeing any machines.
- RD
Posted on 10-17-2013 12:46 PM
Thank you for that @rderewianko
Posted on 10-24-2013 11:48 AM
All, I was just looking into this very issue.
One question I have though is this: right now we have a self-contained instance of the jss restricted to our network by firewall rules (Class B). We were thinking of setting up new servers to have one limited access external server and move the DB off the JSS server. So splitting 1 part into 3. Has anyone done anything similar?
Posted on 10-24-2013 11:48 AM
All, I was just looking into this very issue.
One question I have though is this: right now we have a self-contained instance of the jss restricted to our network by firewall rules (Class B). We were thinking of setting up new servers to have one limited access external server and move the DB off the JSS server. So splitting 1 part into 3. Has anyone done anything similar?