As of Monday, any device that runs our Self Service policy to bind to Active Directory immediately loses access to Self Service with the message that the MDM Server is not available. We can manually bind to AD in System Preferences which works fine, but using the built in Directory Binding has suddenly stopped Self Service working.
Has anyone else experienced this?
Solved! Go to Solution.
What do you see if you query the Jamf Pro server using Terminal?
ex. "dig jss.jamfproserver.com"
Does it return the expected information? I have never used Self Service for AD binding but I wonder if the Jamf public keys in Keychain have been damaged.
@howie_isaacks I don't uses SS for binding but I have the same issue with Wildly where SS is not reachable.
I have reimaged 2 workstations and still the same results
I have ran the Dig command and received the expected output
; <<>> DiG 9.10.6 <<>> jssproserver.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50564
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;jssproserver.com. IN A
;; AUTHORITY SECTION:
com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1650997885 1800 900 604800 86400
;; Query time: 131 msec
;; SERVER: xxx.xxx.xxx.xxx#xxx(xxx.xxx.xxx.xxx)
;; WHEN: Tue Apr 26 13:32:02 CDT 2022
;; MSG SIZE rcvd: 118
Why not unenroll the system from Jamf Pro and then re-enroll it? Running "/usr/local/jamf/bin/jamf removeFramework" will remove the Jamf agent, the keychain items, and everything else installed by Jamf Pro including Self Service. I'm trying to understand how binding to AD would cause this.
I had a client who insisted on binding Macs to Open Directory until I finally talked them out of it. I used a configuration profile for that. I worked really well. Directory binding would really screw up my auto enrollment and setup process. Jamf Connect works great for that.