"Could not connect to the JSS. Status - 401"

franton
Valued Contributor III

So i'm using a slightly modified version of Rich Trouton's auto populate location info in JSS script. (see http://derflounder.wordpress.com/2011/12/05/auto-populating-the-location-info-in-the-casper-jss-inve... )

What's making me increasingly worried is that this script occasionally fails with the error "Could not connect to the JSS. Status - 401" and i've no idea why. More perplexing when other policies that run on logon then do not fail.

We are getting this with other policies such as our MDM replacement policy but not nearly as often.

Any ideas?

3 REPLIES 3

franton
Valued Contributor III

For the record, here's the modified script.

#!/bin/sh

# Script to auto-populate the location field for a specific mac in the JSS
# The information to do this is obtained from the first logged in user.

# Script lovingly stolen from:
# http://derflounder.wordpress.com/2011/12/05/auto-populating-the-location-info-in-the-casper-jss-inventory/

# Implemented : r.purves@arts.ac.uk
# Version 1.0 : 28-01-2013 - Initial Version
# Version 1.1 : 29-01-2013 - Corrected string comparison for UID. Removed department collection.
# Version 1.2 : 30-01-2013 - Added redirect for dscl errors to /dev/null on accountType variable.

# Gets the name of the logged-in user
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`

# Checks the UID of the logged-in user 
accountType=`dscl . -read /Users/$loggedInUser 2> /dev/null | grep UniqueID | cut -c 11-`

# If the UID is greater than 1000, the logged-in user
# is using a account provided by a directory service
# like Active Directory. If the user account is being
# hosted by a directory service, the directory service
# is polled for the user's information

if [[ "$accountType" -gt "1000" ]]; then
    userFirstname=`dscl . -read /Users/$loggedInUser | grep FirstName: | cut -c 11-`
    userLastname=`dscl . -read /Users/$loggedInUser | grep LastName: | cut -c 11-`
    userEmail=`dscl . -read  /Users/$loggedInUser | grep EMailAddress: | cut -c 15-`
    userPosition=`dscl . -read /Users/$loggedInUser | awk '/^JobTitle:/,/^JPEGPhoto:/' | head -2 | tail -1  | cut -c 2-`
    userPhone=`dscl . -read /Users/$loggedInUser | grep PhoneNumber: | cut -c 14-`
    userRoom=`dscl . -read /Users/$loggedInUser | grep Building: | cut -c 11-`
    echo "Submitting information for network account $loggedInUser..."
    jamf recon -endUsername "$loggedInUser" -realname "$userFirstname $userLastname" -email "$userEmail" -position "$userPosition" -phone "$userPhone" -room "$userRoom"

# If the UID is less than 1000, the logged-in user
# is using a local account. Since no additional
# information is likely to be available, the only
# information reported to the JSS is the username
# and that it is a local account.

else
    echo "Submitting information for local account $loggedInUser..."
    userPosition="Local Account"
    jamf recon -endUsername "$loggedInUser" -position "$userPosition"
fi

exit 0

rtrouton
Release Candidate Programs Tester

I got those errors as well with my script, so I stopped using it once this option became available in the Inventory Collection Preferences:

external image link

It uses our JSS's connection to our AD domain to run the lookups. It's worked pretty well for me.

franton
Valued Contributor III

We're reliant on department/building configuration to push specific application load outs. Won't this repopulate those fields as well?