Self Service failures - Device Signature Error

mvalpreda
New Contributor II

Been noticing that Self Service has been failing and saw this in /var/log/jamf.log

Device Signature Error - A valid device signature is required to perform the operation.

I'm not seeing any expired certificates anywhere, in fact they were just renewed only a few months ago. I did sudo jamf -enroll -prompt. That got SS working again, but I need to understand what happened or where to check what might be expired, missing, etc.

Some of these are machines that were JUST enrolled through the pre-stage enrollment that was set up by our Jamf consultant.

3 REPLIES 3

morgan-ai
New Contributor

I've only ever seen that on devices that were previously enrolled in Jamf or we leveraged migration assistant from an old Jamf-managed Mac to a new one, or in rare cases, the time/date were on the Mac. Anything common there?

 

Also, I've be recommended the Redeploy api command to fix that when it does occur. 

Hugonaut
Valued Contributor II

@mvalpredacheck out our self healing script - https://github.com/Rocketman-Tech/Jamf-Self-Healing - should do the trick for ya!

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

ImAMacGuy
Valued Contributor II

we get a ton of these devices there was pre-imaged (meaning hardware received and then all the corporate apps were installed and devices were prepped) and then stored for eventual deployment.  Typically if they've been sitting for about a month and then put back on the network, it's device signature errors... even on reprovisioned.  I have to do the jamf self heal commands to get it to work.  I probably have to do this 2-5 times a day.  

Previously, also had good luck with the https://jss.url.here/enroll/?type=quickadd and then running the Quickadd package to enroll.