- Jamf Nation Community
- Products
- Jamf Pro
- Re: Valid MDM Authtoken errors
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Valid MDM Authtoken errors
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-26-2012 07:43 PM
Hi All,
I am working through the process of getting Configuration Profiles going at my company and had hit a roadblock that I'm hoping someone can advise on.
I have used both the JSS and Profile Manager to install the profiles which is fine. All necessary ports are open on the firewall, Certs are in place and I can successfully deploy a payload via the profile. The only issue is that is works ONLY the first time. The auto mount network share option in Login items is where I'm having issues. The share will mount first time but not at subsequent logins.
I am getting an error in console when using Profile Manager:
mdmclient: ** ERROR ** [Agent:918917365] Unable to proceed with connection to: https://MDMServer/devicemanagement/api/device/connect (com.apple.mdmconfig.mdm) because don't have valid MDM AuthToken.
Using the JSS method I get:
mdmclient: ** ERROR ** [Agent:1757856424] <MDMClientError:89> Profile with identifier 'A058D2AE-9D82-4DBB-953E-AF7AC9D9AC7A' not found. <MDMClientError:89>
IS this basically telling me I need to replace either my web certificate or my APN certificate or both? I'd like to confirm whether this is the right way to go before I start replacing certs.
Any advice would be appreciated.
Thanks
T
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-30-2012 07:57 PM
Not really one to like bumping my own thread but if any one has any information on this it would be great. Need to make a decision on whether Config Profiles are just wasting my time or do actually work.
In fact if anyone has any success stories with Config Profiles would love to hear them!!
Cheers again
T
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-30-2012 08:51 PM
I think you are to use one or the other not both. Meaning a profile from Profile Manager or one created in the JSS. The profiles worked in my basic testing. You should have received the optional enrollment at login on a client. I have to ask to have the certificate based authentication box checked the JSS? That tripped me up the first go around. I'm also getting ready to do this at my company so hopefully we can find a resolution to your problem.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-30-2012 10:20 PM
Thanks for the response.
Yes, I have two isolated environments set up (JSS and Profile Manager) so there shouldn't be any confusion.
Also have the Enable Certificate-Based Communication box ticked in the JSS.
Some payloads stick consistently( managing Sys Prefs panes) whilst others don't (automount network shares at login).
For now it looks as though an MCX/Profile mix will have to be the answer.
Cheers
T
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-30-2012 10:27 PM
Overlapping MCX and profiles was an issue I had as well. I'm looking at layering my profiles more. A one size fits all seems to ask to much of the technology.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-17-2012 12:33 PM
TimC - Just wondering if you ever found a solution to this. I'm having the same issue in that I have an auto mount set up in Profile Manager but the mount only works the first time. Subsequent logons will not mount the share. I have other policies set up and they are working, just not the share mount. I am getting "don't have valid MDM AuthToken" on the clients on logon. Cheers
