Unable to enroll 1 Mac in my company.

rseide
Contributor

I am unable to enroll a Mac in my company. It is literally the only one that has failed every time. I have tried to enroll this Mac via Recon, a script in ARD, and from the enrollment URL.

The logs seem to indicate it didn't work.

Here are the logs from ARD and Recon:
ARD:
[computername] (10.3.2.25)
TERM environment variable not set.
Moving to working directory at /tmp JAMF Binary is present. The JSS is available.

From Recon:
Recon failed to submit to the JSS. ...
Submitting data to https://jss.mycompany.net:8443/...
Failed to submit inventory
Getting management framework from the JSS...
Enforcing management framework...
Checking availability of https://jss.mycompany.net:8443/...
The JSS is available.
Enforcing login/logout hooks...
Enforcing scheduled tasks...
Creating launch daemon...
Creating launch agent...
Checking availability of https://jss.mycompany.net:8443/...
The JSS is available.
Checking for policies triggered by enrollmentComplete

There is a computer with that IP address in the JSS but there’s no information about it. If I search by computer name, no results are found.

I also tried removing the JAMF Framework and then trying again but it still fails.

Any thoughts?

Thanks in advance.

17 REPLIES 17

ifbell
Contributor

Have you checked to make sure there is not another machine sharing the same JSS ID?

CasperSally
Valued Contributor II

check system profiler and make sure it has correct serial number listed

jguz
New Contributor III

are you using a thunderbolt ethernet adapter?

rseide
Contributor

@ifbell - no, I'm not sure how to do that. Can you tell me how?

@CasperSally - Ok. I will give that a shot.

@johanguz - I can't recall. I will check.

I'll report back my findings here. Thanks so far!

rseide
Contributor

So, I am not sure how to check the JSS ID.

But, the serial number looks fine and he's not using a Thunderbolt Ethernet adapter.

dlondon
Valued Contributor

Hi Rich,

Just a wild thought - try removing the existing machine from the JSS (the one with the same IP) and then re-enroll from the client

Regards,

David

jennifer
Contributor

Is the time/date set right? My JSS gets very cranky when its off on a client machine.

rseide
Contributor

@dlondon and @jennifer_unger

I deleted that computer record in the JSS and verified that the client's mac has the correct date and time.

Enrollment still fails.

I may have to call JAMF support on this unless someone else has another suggestion.

Thanks for all the suggestions so far!

alexjdale
Valued Contributor III

We had an issue where a user had put an emoji into the computer name (he wanted to see the smiling poo icon on his screensaver) and that caused an enrollment failure... removed the emoji and it worked fine.

rseide
Contributor

@alexjdale - that's hilarious! but, there are no emojis in this problematic Mac.

jedfrye
New Contributor III

I am also having a similar issue with about 1 in 70 Macs that try to enroll.

The client will run QuickAdd and it will fail. I’ll see "No Name" enrolled no information about the computer, just the user name that tried to enroll. I was actually able to look at one of the Macs and the JSS certificate was not in Keychain, however the jamf Framework was installed. In terminal I could run all the jamf commands including sudo jamf policy and sudo jamf recon and it would actually run, but when it got to the last step of sending that to the JSS server it failed because it didn't have the certificate.

I tired sudo jamf enroll -prompt and that seemed to work, it said it acquired the certificate, but still nothing in keychain.

I tired sudo jamf removeFramework and deleting the entry from the server, restarting the Mac, running repair permissions and then enrolling, but still failed.

One thing I didn't try was from another account, but there was only one account on the Mac at the time. I should have also done sudo jamf enroll -prompt -verbose

jjones
Contributor II

What version of JSS are you currently running? Also what version of Mac OS does that machine have?
Reason being is if it's 10.10 I believe versions below 9.6 have issues enrolling 10.10 as we've ran into it before. You might try grabbing the new recon, run it and see if it joins it, if so your JSS will downgrade the binary back to the current version you have.

jedfrye
New Contributor III

@jjones we are running JSS 9.61 (I know a little behind). The issues we have had it on (that I have been able to see) have been Mavericks and Yosemite.

Oh yeah I also made a new QuickAdd in Recon to try as well, sorry for got to mention that step. It's just odd that the certificate never adds to Keychain, but these are Macs that users have had... reimaging works, but users don't prefer that.

gskibum
Contributor III

@jedfrye

What do you have in Computer Management/Inventory Collection/Software?

I had this same problem a few months ago and it came back to something I had entered in there. I since removed whatever it was, but I think I may have had the entire volume marked for scan ( / ).

As of now all I have entered is /Applications/ and /Users/ and the problem has not returned.

Edited: FUBAR path in my first line.

jedfrye
New Contributor III

Hey @gskibum,

Thanks for the reply; I checked and we just have /Applications and /Users

89b613ea911c4ea49ceebfa1b40e349d

gskibum
Contributor III

@jedfrye

Now that I'm less under the grips of a gnarly cold virus, let me be more clear.

When I had the problem it wasn't the entry itself in inventory collection that was the cause, rather it was a corrupt app being inventoried that happened to be sitting outside of /Applications or /Users.

So maybe you've got some app (or document) that's tripping things up.

jedfrye
New Contributor III

@gskibum I wouldn't doubt that at all. These are all Macs that they users has had. New & reimaged Macs are unaffected.

Thanks for the suggestion. I'll let you know what happens.