Jamf Nation Community

CDZ · ‎04-12-2013

Hi,

We're having a few problems running inventory through Recon's Network Scanner (the error message is "Recon Failed" after installing the JAMF binary). So, it actually installs, but it can't send any information to the JSS.
We (myself and JAMF's support) have troubleshooted the problem for a while and know that the issue is being created due to the proxy (Websense) the machines have configured.

I see all traffic being passed and permitted through our proxy from the machines who are being inventoried.

Has anybody encountered this sort of situation before?
Is there a specific URL or IP that needs to be allowed on the proxy?

CDZ · ‎04-19-2013

The solution was a mix of:

Installing the appliance certificate on the client
Adding the JSS URL to the Websense SSL Decryption Bypass configuration

I'm figuring that when Recon is being processed on the client side, some components need to bypass the SSL Decryption and others require the appliance certificate to be installed in order to reach JSS in HTTPS.

View solution in original post

bentoms · ‎04-12-2013

We use web sense, but our proxy is kerberized & we're not seeing issues like this.

CDZ · ‎04-12-2013

Have you also got MACs trying to communicate with a management platform on the cloud (Casper Suite)?

tkimpton · ‎04-12-2013

we use websense and kerberised no problems

CDZ · ‎04-19-2013

The solution was a mix of:

Installing the appliance certificate on the client
Adding the JSS URL to the Websense SSL Decryption Bypass configuration

I'm figuring that when Recon is being processed on the client side, some components need to bypass the SSL Decryption and others require the appliance certificate to be installed in order to reach JSS in HTTPS.

Jamf Nation Community

Recon's Network Scanner Failing Because of Websense Proxy