Jamf Nation Community

rstoner · ‎01-24-2019

We've found ourselves in a situation where to fix a problem with our 802.1x configuration we need to reissue the certificates in the payload. This particular problem doesn't prevent all our devices from connecting but it will eventually. Being the proactive bunch of nerds we are, we'd like to deploy the fix before it becomes a problem.

The issue we're facing is that the if we just update the existing profile while they're connected to wifi s it disconnects them and they can't get the new profile. We tried issuing a new profile along side the existing wifi profile. But, that screws with the Preferred networks order and still disconnects from the SSID when the original payload is removed.

Can anyone suggest a way to update the Wifi profile en-masse without disconnecting machines that are currently connected in the process?

sshort · ‎01-24-2019

I know this won't work in all environments, but if your users have ready access to ethernet + adapters have them plug in at their desk.

rstoner · ‎01-24-2019

That is our default plan right now. But it requires user action prior to the fix, which means we can't roll it our company wide proactively, only reactively when they call and complain about their wifi not working.

m_donovan · ‎01-24-2019

Is it possible to setup a temporary SSID that uses a shared key authentication. You could push out a profile for the temp SSID and when it connects and updates inventory gets added to a smart group that has the repaired profile scoped to it. After you get everyone moved shutdown the temp SSID and remove the profile.

rstoner · ‎01-25-2019

That isn't a bad idea, but still suffers from the same basic problem. We'd have to go through our security people to something like that approved and their slogan is "No".

Jamf Nation Community

Reissuing Wifi Profiles without disruption