OSX-Sierra does NOT like JAMF

cruess
New Contributor III

We are currently running JSS 9.93 , Self service 9.93 and have only updated a handful of machines to Sierra (10.12).

Immediately, there are all sorts of issues. Everything from profiles not getting installed, tons of "pending" commands, Apps fail to run (google drive specifically the worst), VPN fails, etc. Even self service is having issues checking in..

Is there something I'm missing as far as configuring JAMF for Sierra or vice versa??

1 ACCEPTED SOLUTION

gskibum
Contributor III

Reenroll devices?

View solution in original post

19 REPLIES 19

chriscollins
Valued Contributor

@cruess 9.96 is the Sierra compatible version so you need to upgrade your Casper environment.

mrice
New Contributor II

9.96 is officially supported for Sierra.

cruess
New Contributor III

Ok, so I've updated to 9.96, Self serv 9.96 for entire system. The issues remain.

For example, on my admin MacBook Pro (10.12) I have 8 pending commands, which I've canceled then restarted the machine and forced check-in, yet they will never complete nor fail. They just sit in pending for hours.

On other machines, we're seeing problems where JAMF says the profile has been removed, but it still shows on the device itself. Even after forcing a reboot/check-in..

The log shows "completed".

This is currently happening on 18 different devices...(that I'm aware of) and probably more.

Luckily, we've blocked all iOS from updating...

Look
Valued Contributor III

We have about 20 Sierra machines enrolled in 9.93 without issues, the only real issue I have encountered so far is Casper Remote logs don't work at all.

alexjdale
Valued Contributor III

We're actually still on 9.81. We don't use MDM, but everything we do use with Sierra works perfectly.

gskibum
Contributor III

Reenroll devices?

vinny83
New Contributor III

Same as the others, up until a few hours ago we were running JSS 9.82 and it was working with Sierra beta and GM (generally speaking): policies (package installs and scripts). Have upgraded our instance to 9.96 to ensure full compatibility.

ivanlovisi
Contributor

do you have a proxy server? or proxy settings?

cruess
New Contributor III

@ivanlovisi Nope. No proxy at all.

ivanlovisi
Contributor

the command jamf checkJSSConnection works?

cruess
New Contributor III

"The JSS is available."

I have also used:
jamf policy
jamf recon

Does re-enrolling the same device multiple times cause issues??

ivanlovisi
Contributor

you have a valid connection with JSS but the MDM command will not pushed. Check whether the push certificate is valid and then enrollen equipment new.

cruess
New Contributor III

@ivanlovisi The cert is valid till 7/26/17.

Will enrolling the same device more than once cause issues?

For example, when adding devices to Microsoft SCCM- if there is any kind of duplicate record, it creates a nightmare trying to manage things... Does JAMF act similarly?? Or can I just get re-enroll happy?

Look
Valued Contributor III

@cruess We re-enroll devices pretty often here for a variety of reasons, it seems to just pick up the existing record for the same machine, although I think it flushes the logs as well so you might find once per computer policies being re-run.

ivanlovisi
Contributor

hi @cruess don't worries, you can without problems re-enroll machines .
I hope after that the mdm command works.

Shoesmithlc
New Contributor III

Try the Casper recon with no one log into the system. Watch JSS and see the polices flood in those commands should install

mwoodard87
New Contributor III

One other thing to look at is if your in a clustered environment ensure the "Master" is actually running and connected to the Database. We ran in to this about a month ago thanks to a DNS issue where our "Master was offline" and MDM commands were very hit and miss. Mostly miss.

GabeShack
Valued Contributor III

I usually run the command to remove the mdm profile then do a jamf manage command to bring it back. Seems to work.

#!/bin/sh
sudo jamf removemdmprofile
#!/bin/sh
sudo jamf manage

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools

cruess
New Contributor III

I was given the command:
jamf trustJSS

Which forced a re-download of the certs, once approved- things seem to be functional again. re-enrolling was having issues..