QuickAdd Package creation error

rstasel
Valued Contributor

All,

I have no idea why, but I can't get QuickAdd Package creation to work. I have it creating a management account, random password, create management account if it does not exist, and hide it. Sign with my developer cert, and add to my site, and "use existing site membership, if applicable".

The problem is, when I go to create it, I get:

"Enrollment Failed. Make sure you have the Create privilege for Computer Enrollment Invitations. Also, make sure you have access to at least one site".

We've adjusted permissions as much as we think we need to, but it doesn't seem to work. We want to try using a local, not AD, account within JSS, but I can't figure out how to get Recon or Casper admin to "log out" and let me change my username/password. =/

I'm trying to create this package so I can auto-enroll some computers during deploystudio imaging... this is my first rollout of Casper, so I'm trying to start with my previous image, and slowly migrate, as well as have the ability to push out updates.

Thanks!

1 ACCEPTED SOLUTION

rstasel
Valued Contributor

The issue was conflicting permissions. Apparently JSS defaults to lesser permissions rather than more. We have it tied to AD, and my account was both part of admin, and enrollment, so JSS was giving me enrollment permissions.

Nuked the enrollment group (since it wasn't updating membership after I removed myself from that AD group) and things worked. Thanks very much!

View solution in original post

2 REPLIES 2

were_wulff
Valued Contributor II

@staze

For the permissions on the account you're trying to use, have you double checked under System Settings >> JSS User Accounts & Groups >> Select the account you’re trying to use >> Privileges >> Recon to make sure Create QuickAdd Packages is checked; I know that seems silly to ask, but it does frequently get missed, especially if the account in question has Custom or Enrollment Only privileges instead of Administrator.

We also want to make sure the account being used has Full Access and not just Site Access if we're trying to make a QuickAdd that will enroll any device and just leave it assigned to a site if that device has an existing inventory record that is already assigned to a site.

I can't figure out how to get Recon or Casper admin to "log out" and let me change my username/password. =/

If you hold down the Option key while opening Recon, it should pop up the prompts to enter your JSS URL and credentials again.

If none of the above helps, please get in touch with your TAM so they can dig into it further with you.

Thanks!
Amanda Wulff
JAMF Support

rstasel
Valued Contributor

The issue was conflicting permissions. Apparently JSS defaults to lesser permissions rather than more. We have it tied to AD, and my account was both part of admin, and enrollment, so JSS was giving me enrollment permissions.

Nuked the enrollment group (since it wasn't updating membership after I removed myself from that AD group) and things worked. Thanks very much!