The Device Certificate did not install

rfreeborn
New Contributor III

After upgrade to Casper 9.2 Getting report in Jamf Log that "The computer was not Enrolled in MDM with the JSS. The Device Certificate did not install" The computers enroll and update inventory in JSS and install policies. Profile does not show in System Preferences. No Certificate or Private Key listed in Keychain. Looking at computers in JSS they show enrolled and contacting and Managed but MDM capability says No. Other computers that were already enrolled show contacting fine and receiving policies and MDM capability Yes and the Profile can be seen in System Preferences. I get the error whether I run QuikAdd.pkg, Recon, or command jamf enroll in Terminal.

1 ACCEPTED SOLUTION

rfreeborn
New Contributor III

Give credit to my Comrad in Arms DVG and Mr. Fink. It turned about to be our SSL Certificate was corrupted. Stopped TomCat on JSS. Logged into JSS and Clicked System Settings, Apache Tomcat Setting, Edit, Change the SSL certificate used for HTTPS, Generated new certificate. Restarted TomCat server on JSS and good to go, enrollment working fine again on iOS and Mac OS devices.

View solution in original post

11 REPLIES 11

quedayone
Contributor

Me to.

rfreeborn
New Contributor III

Give credit to my Comrad in Arms DVG and Mr. Fink. It turned about to be our SSL Certificate was corrupted. Stopped TomCat on JSS. Logged into JSS and Clicked System Settings, Apache Tomcat Setting, Edit, Change the SSL certificate used for HTTPS, Generated new certificate. Restarted TomCat server on JSS and good to go, enrollment working fine again on iOS and Mac OS devices.

alan_trewartha
New Contributor III

had exactly the same problem after the 9.2 update, followed freeborn's refresh of the SSL certificate - thanks

AKuzenkov
New Contributor III

I had the same issue with 9.2. Recreating the SSL cert seemed to fix it.

libertyuniversi
New Contributor II

I'm getting this too after 9.2

dvasquez
Valued Contributor

Thanks for this. I am about to upgrade from 8.73 and knowing this ahead of time is good.

matt_jamison
Contributor

I have enrolled about 10 computers in the last 2 days, all remote. Out of the 10, 2 are getting the OPs error and they receive no profiles but my FileVault and other policies run just fine. How can I enroll them remotely via a script? I tried sudo jamf manage and get "The management framework will be enforced as soon as all policies are done executing." but still nothing....

Any ideas?

dderusha
Contributor
Give credit to my Comrad in Arms DVG and Mr. Fink. It turned about to be our SSL Certificate was corrupted. Stopped TomCat on JSS. Logged into JSS and Clicked System Settings, Apache Tomcat Setting, Edit, Change the SSL certificate used for HTTPS, Generated new certificate. Restarted TomCat server on JSS and good to go, enrollment working fine again on iOS and Mac OS devices.

after stopping tomcat, I can't login to the JSS? Are these steps out of order? I saw it had a solved badge. I changed the SSL cert and started and stopped tomcat and I still get the error

Downloading the JSS CA Certificate...
This computer was successfully enrolled to the JSS with the following device certificate: "29E3A3C4-8A35-5D9E-9D57-781AE65268FE"
Retrieving inventory preferences from https://server.company.com:8443/...
Locating hard drive information...
Finding extension attributes...
Locating applications...
Locating accounts...
Locating package receipts...
Searching path: /Users
Locating software updates...
Locating printers...
Searching path: /Applications
Locating hardware information (Mac OS X 10.8.5)...
Gathering application usage information...
Submitting data to https://server.company.com:8443/...
<computer_id>899</computer_id>
Getting management framework from the JSS...
Enforcing management framework...
Checking availability of https://server.company.com:8443/...
The JSS is available.
Enforcing login/logout hooks...
Problem installing MDM profile.
Problem detecting MDM profile after installation.

Enforcing scheduled tasks...
Creating launch daemon...
Creating launch agent...
Checking for policies triggered by enrollmentComplete

This is a 10.8.5 mac that was just re-formatted and re-enrolled but fails.
I went through and removed this mac from all profiles and still no good.
our server is 9.3 on OSX 10.8.5

johnnasset
Contributor

@dderusha

I had similar issues with the installation of the MDM profile after the 9.3 upgrade. I cleared out the address in Global Management-JSS URL-JSS URL for Enrollment Using Built-in SCEP and iPCU and that fixed the issue.

rfreeborn
New Contributor III

Has this device been enrolled to JSS before. i.e is there already a record of it in JSS. If so try delete the existing record and then try to re-enroll.

dderusha
Contributor

@johnnasset

Clearing the field worked. Thank you!!!