Help

protectctl with offline HA product

Go to solution
mntbighker
New Contributor III

Posted on ‎11-22-2024 10:08 AM

I'm trying to get Jamf Protect offline client/policy talking from Mac to SIEM. It appears that protectctl is only useful with the full cloud product, or else my clients are broken. If protectctl needs cloud version, why is it installed on my Macs? And how do you debug without it. The files in the db folder are totally opaque for debugging. It appears that protectctl diagnose is also useless without cloud.

Ideas?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
matteo_bolognin
New Contributor III
New Contributor III

Posted on ‎11-26-2024 01:41 AM

There's 2 + 1 steps involved, depending on the macOS version targeted.

- Package downloaded from "Downloads"
- Configuration Profile downloaded from "Plans" - this profile will contain the:

<key>offlineToken</key>

which is the License Key.
This part is covered here: https://learn.jamf.com/en-US/bundle/jamf-protect-offline-deployment/page/High_Compliance_Protect_Dep...

The 3rd step is for macOS 15 and later devices which is the non-removable system extension, which can be obtained from the "Downloads" section.

View solution in original post

Reply
6 REPLIES 6

Go to solution
mntbighker
New Contributor III

Posted on ‎11-22-2024 10:21 AM

Sorry, should say HC (High Compliance)

0 Kudos
Reply

Go to solution
mntbighker
New Contributor III

Posted on ‎11-22-2024 03:46 PM

Support said try re-scope / reinstall, but so far 2 Macs have the same problem. I have uploaded to Jamf Pro for deploy multiple times too. Working on a third one now that has never had Protect before.

0 Kudos
Reply

Go to solution
matteo_bolognin
New Contributor III
New Contributor III

Posted on ‎11-25-2024 01:52 AM

The deployment of Protect, be that the regular or Offline Mode/High Compliance is made in 2 steps:
- the package installer
- the Configuration Profile
Ref: https://learn.jamf.com/en-US/bundle/jamf-protect-offline-deployment/page/Configuring_Offline_Deploym...

If only the package is deployed, Protect won't be able to properly configure on the device as information like the license key and the SIEM details are contained on the Configuration Profile.

0 Kudos
Reply

Go to solution
mntbighker
New Contributor III
In response to matteo_bolognin

Posted on ‎11-25-2024 10:42 AM

Actually with Sequoia it's a package and two profiles, but apparently the tenant is producing a profile with no license attached, so nothing works. The license "says" it expires next April.

0 Kudos
Reply

Go to solution
matteo_bolognin
New Contributor III
New Contributor III

Posted on ‎11-26-2024 01:41 AM

There's 2 + 1 steps involved, depending on the macOS version targeted.

- Package downloaded from "Downloads"
- Configuration Profile downloaded from "Plans" - this profile will contain the:

<key>offlineToken</key>

which is the License Key.
This part is covered here: https://learn.jamf.com/en-US/bundle/jamf-protect-offline-deployment/page/High_Compliance_Protect_Dep...

The 3rd step is for macOS 15 and later devices which is the non-removable system extension, which can be obtained from the "Downloads" section.

Reply

Go to solution
mntbighker
New Contributor III
In response to matteo_bolognin

Posted on ‎11-26-2024 12:41 PM

Thanks, support helped me sort this out today. My logs are hitting the forwarder now, and blocked from the SIEM. ;-) One step "forward" at least.

0 Kudos
Reply