Skip to main content
Question

Multiple machines not checking in


Forum|alt.badge.img+5

I've read multiple posts here about machines not checking in with the JSS anymore.

We have multiple machines that are not checking in anymore with our cloud JSS.
I've tried many things written in previous posts. These are the commands I've tried and the results:
Command: sudo jamf enroll -prompt
Result: 

Downloading required CA Certificate(s)...

Restoring JAMF.keychain since an error occurred.

Error submitting enrollment status to the JSS: Security Error - A security error has occurred.

There was an error.

     Error enrolling computer: Unable to establish trust with the JSS - Unable to add the certificates to the System keychain...

Command: sudo profiles renew -type enrollment
Result: 

Error: Renewing DEP enrollment failed: (null) (NSCocoaErrorDomain:4099)

When computers are connected to our education network I connect to them with ssh. This is how I tried these commands. I prefer to do it like this (when renewing through Jamf doesn't work), because I don't have to disturb those employees (mostly teachers). Of course we can call them to make an appointment and do a re-enroll on the macBook, but I rather do this without users being disturbed. And it applies to multiple macBooks.

On one macBook I removed the Jamf framework. When starting the renew the MDM profiles the user is prompted and has to choose 'update'. I spoke to this user and she saw the notification and because of the fact that she didn't know what is was, she would not click on it. So I want to prevent situations like this.
Better; prevent macBooks from not checking in anymore. 

5 replies

dpwlg
Forum|alt.badge.img+4
  • Contributor
  • 24 replies
  • March 31, 2023

Did you ever find a solution to this?


Forum|alt.badge.img+2
  • New Contributor
  • 6 replies
  • September 13, 2023

I am having this trouble too. I have heard - only you - exclusive to my environment.

 


Forum|alt.badge.img+1
  • New Contributor
  • 1 reply
  • November 15, 2023

I've run into this as well, bumping it with a response. 

I am working through one soon so hopefully I can provide some troubleshooting. 


whiteb
Forum|alt.badge.img+9
  • Valued Contributor
  • 121 replies
  • December 20, 2023

Seeing this as well on a computer that isn't receiving config profiles, but is checking-in and doing inventory updates.

Can't do a sudo profiles renew -type enrollment because I get 'Renewing DEP enrollment failed'.

Can't do a sudo jamf enrollment -prompt because I get a '4294967295: invalid value sudo' and 'error initializing audit plugin sudoers_audit' errors.

So neither of my usual terminal fixes for re-enrolling broken enrollments is working. Trying to fix this one without needing a wipe.

Edit/Update: I was totally stumped by this, but updating from Big Sur > Sonoma on this problem one as a last resort without wiping fixed the sudo terminal error I was getting. Was able to re-enroll from terminal and get the computer all fixed up after that. :shrug:


Forum|alt.badge.img+2
  • New Contributor
  • 6 replies
  • December 21, 2023
whiteb wrote:

Seeing this as well on a computer that isn't receiving config profiles, but is checking-in and doing inventory updates.

Can't do a sudo profiles renew -type enrollment because I get 'Renewing DEP enrollment failed'.

Can't do a sudo jamf enrollment -prompt because I get a '4294967295: invalid value sudo' and 'error initializing audit plugin sudoers_audit' errors.

So neither of my usual terminal fixes for re-enrolling broken enrollments is working. Trying to fix this one without needing a wipe.

Edit/Update: I was totally stumped by this, but updating from Big Sur > Sonoma on this problem one as a last resort without wiping fixed the sudo terminal error I was getting. Was able to re-enroll from terminal and get the computer all fixed up after that. :shrug:


Yes
It has been a nightmare since May 2023. I am left with no reason to renew Jamf Pro. Just trying to limp through the year until renewal in May 2024.

I have been re-enrolling all devices (via ssh in terminal)
Sudo jamf enroll -prompt

I am waiting to identify if the re-enroll – stays in the game; or if it is a matter of time before the re-enrolled device loses connection with Jamf Pro again.

If I have my hands on the machine; I will run the sudo profiles renew -type enrollment; my prestage enrollment is marked as NOT REMOVABLE – but I have seen this command re-enroll a device (THROW ANOTHER WRENCH IN THE MIX. Not all of my ASM assigned to MDM devices (in a prestage) will enroll in Jamf Pro). It is so frustrating!

I paid for a Paid Incident with Apple – and their only resolution was to upgrade to Sonoma (not all my machines are Sonoma devices) and/or wipe the device; so there is a glitch in that matrix. The other caveat – about wipe/erase – is my system - is a “hope for the best.” When I discovered enrolling devices was not 100% - I was in the middle of my summer refresh – which begins with every device being wiped/erased – reenrolled. So repeating that behavior while all my users are actively using their devices – is absolutely an insane idea.

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings