- Jamf Nation Community
- Products
- Jamf Pro
- Re: Multiple machines not checking in
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Multiple machines not checking in
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-30-2023 03:30 AM
I've read multiple posts here about machines not checking in with the JSS anymore.
We have multiple machines that are not checking in anymore with our cloud JSS.
I've tried many things written in previous posts. These are the commands I've tried and the results:
Command: sudo jamf enroll -prompt
Result:
Downloading required CA Certificate(s)...
Restoring JAMF.keychain since an error occurred.
Error submitting enrollment status to the JSS: Security Error - A security error has occurred.
There was an error.
Error enrolling computer: Unable to establish trust with the JSS - Unable to add the certificates to the System keychain...
Command: sudo profiles renew -type enrollment
Result:
Error: Renewing DEP enrollment failed: (null) (NSCocoaErrorDomain:4099)
When computers are connected to our education network I connect to them with ssh. This is how I tried these commands. I prefer to do it like this (when renewing through Jamf doesn't work), because I don't have to disturb those employees (mostly teachers). Of course we can call them to make an appointment and do a re-enroll on the macBook, but I rather do this without users being disturbed. And it applies to multiple macBooks.
On one macBook I removed the Jamf framework. When starting the renew the MDM profiles the user is prompted and has to choose 'update'. I spoke to this user and she saw the notification and because of the fact that she didn't know what is was, she would not click on it. So I want to prevent situations like this.
Better; prevent macBooks from not checking in anymore.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-31-2023 01:16 AM
Did you ever find a solution to this?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-12-2023 05:43 PM
I am having this trouble too. I have heard - only you - exclusive to my environment.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-15-2023 09:01 AM
I've run into this as well, bumping it with a response.
I am working through one soon so hopefully I can provide some troubleshooting.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2023 03:36 PM - edited 12-20-2023 07:09 PM
Seeing this as well on a computer that isn't receiving config profiles, but is checking-in and doing inventory updates.
Can't do a sudo profiles renew -type enrollment because I get 'Renewing DEP enrollment failed'.
Can't do a sudo jamf enrollment -prompt because I get a '4294967295: invalid value sudo' and 'error initializing audit plugin sudoers_audit' errors.
So neither of my usual terminal fixes for re-enrolling broken enrollments is working. Trying to fix this one without needing a wipe.
Edit/Update: I was totally stumped by this, but updating from Big Sur > Sonoma on this problem one as a last resort without wiping fixed the sudo terminal error I was getting. Was able to re-enroll from terminal and get the computer all fixed up after that. :shrug:
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-21-2023 04:20 AM
Yes
It has been a nightmare since May 2023. I am left with no reason to renew Jamf Pro. Just trying to limp through the year until renewal in May 2024.
I have been re-enrolling all devices (via ssh in terminal)
Sudo jamf enroll -prompt
I am waiting to identify if the re-enroll – stays in the game; or if it is a matter of time before the re-enrolled device loses connection with Jamf Pro again.
If I have my hands on the machine; I will run the sudo profiles renew -type enrollment; my prestage enrollment is marked as NOT REMOVABLE – but I have seen this command re-enroll a device (THROW ANOTHER WRENCH IN THE MIX. Not all of my ASM assigned to MDM devices (in a prestage) will enroll in Jamf Pro). It is so frustrating!
I paid for a Paid Incident with Apple – and their only resolution was to upgrade to Sonoma (not all my machines are Sonoma devices) and/or wipe the device; so there is a glitch in that matrix. The other caveat – about wipe/erase – is my system - is a “hope for the best.” When I discovered enrolling devices was not 100% - I was in the middle of my summer refresh – which begins with every device being wiped/erased – reenrolled. So repeating that behavior while all my users are actively using their devices – is absolutely an insane idea.
It has been a nightmare since May 2023. I am left with no reason to renew Jamf Pro. Just trying to limp through the year until renewal in May 2024.
I have been re-enrolling all devices (via ssh in terminal)
Sudo jamf enroll -prompt
I am waiting to identify if the re-enroll – stays in the game; or if it is a matter of time before the re-enrolled device loses connection with Jamf Pro again.
If I have my hands on the machine; I will run the sudo profiles renew -type enrollment; my prestage enrollment is marked as NOT REMOVABLE – but I have seen this command re-enroll a device (THROW ANOTHER WRENCH IN THE MIX. Not all of my ASM assigned to MDM devices (in a prestage) will enroll in Jamf Pro). It is so frustrating!
I paid for a Paid Incident with Apple – and their only resolution was to upgrade to Sonoma (not all my machines are Sonoma devices) and/or wipe the device; so there is a glitch in that matrix. The other caveat – about wipe/erase – is my system - is a “hope for the best.” When I discovered enrolling devices was not 100% - I was in the middle of my summer refresh – which begins with every device being wiped/erased – reenrolled. So repeating that behavior while all my users are actively using their devices – is absolutely an insane idea.
