Help

please help me have a 'different set of eyes'

ezemke
New Contributor III

Posted on ‎09-12-2013 01:45 PM

I am semi new to jamf admin-ing, and have had reasonable luck so far, but last night the weirdist thing happened.
Within about a 20 minute time frame my macs stopped talking to the Casper server and pulling managed preferences. (no desktop, no auto launch app upon login)...
The weird thing is after running various re-enroll activities ( recon.app, terminal 'sudo jamf enroll', re-enroll via the signed package things have been happier. No (known) server issues, network congestion= some but nothing new.
I have now spent a good portion of the day re-enrolling, but wondering why, and more importantly how do I avoid later.

When checking connection to Jss via kbase= https://jamfnation.jamfsoftware.com/article.html?id=123, Jss is known and talking.
When checking troubleshooting managed prefs via kbase= https://jamfnation.jamfsoftware.com/article.html?id=144, they are showing as running.

I know that there has to be a log(s) that I am missing but at this point need to hear from someone with a little outside perspective

v8.6.4 BTW
Thanks
Eric

0 Kudos
Reply
2 REPLIES 2

RobertHammen
Valued Contributor II

Posted on ‎09-12-2013 02:20 PM

The article at https://jamfnation.jamfsoftware.com/article.html?id=144 is pretty spot on at what to do to troubleshoot MCX.

Do you have the change management log enabled on your JSS? Did you make any configuration changes before anything blew up?

0 Kudos
Reply

Josh_S
Contributor III

Posted on ‎09-12-2013 02:51 PM

I'm not sure what happened. I would investigate the logs on the client machines to see if there is any error, or policy history, which makes sense.

That said, there is one setting that I know of which could cause this type of behavior. In Settings:Computer Management Framework Settings:Security there is a setting labelled "This JSS has a valid certificate installed". If you are using a self signed certificate, and that box gets checked, client machines will check in and update their security settings to no longer trust the JSS. Even if you go into the server and uncheck that box, the client machines won't be able to get that updated setting because they don't trust the server anymore.

You would then need to install a trusted SSL certificate on the server or, with that box now unchecked, re-enroll the machines.

0 Kudos
Reply