We are running Jamf 10.15.1 and have done the switchover for VPP/DEP on Apple School Manager. Yesterday and today, if we setup a new iOS device, the default apps like Contacts, iTunes Store, Notes, etc. show a small cloud at the beginning of their name. The cannot be downloaded/installed on our local Wi-Fi network, but do on outside networks. This only seems to affect Jamf managed devices, not people's personal iOS devices. VPP-purchased apps scoped from Jamf install normally.
We have created new Public Key and Server Tokens for DEP, checked firewall settings, restarted our Jamf server, etc.
Any ideas on what could be causing this?
Thanks in advance,
Same here, after updating JAMF Pro to version 10.15.1, MDM synchronization with DEP services is broken. We've uploaded the public key to ASM, downloaded the new token and uploaded it to JAMF several times. But after a couple of minutes sync between the MDM and DEP breaks again. Even some times when we try to upload the new token we get the error "Problem contacting Apple Services".
We solve that issue by disabling TLSv1.3 as explained on macmule.
#! /bin/sh # Place any and all customizations to your Tomcat instance here. # Examples: # # export JAVA_OPTS="$JAVA_OPTS -Xmx1024M -Xms256M -Djava.awt.headless=true" # export CATALINA_OPTS="$CATALINA_OPT -Xss=192k" # export CATALINA_TMPDIR="/tmp" # # This file will be backed up and restored on upgrades. export JAVA_OPTS="$JAVA_OPTS -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2 -Xmx1024M" # Sets JAVA_HOME if it is NOT set
And restart tomcat & check the entire process command line (ps -auxwww)
@bentoms Thank you for your post...I noticed this yesterday and you came through with a fix that worked well...for the record we were using Amazon Corretto 11.0.4_10 on Windows and corrected this issue on our cluster simply by adding this line quoted above to our Tomcat Java settings on the master node:
PS for anyone who's ever met @bentoms ...he spared us of the donkey work of solving this problem by doing the "faffing around" for us in the macmule post.
@bentoms Ben, thanks for this workaround! I contacted a rather high up colleague of mine at Apple, and he wasn't aware of the issue at all.
I modified your line to be as follows, since TLS 1.0 and 1.1 are deprecated:
I simply added it to the tomcat8w.exe on our Windows Server, present in: C:Program FilesJSSTomcatin
@truong.dao For Mac OS X Server, you will need to add it to the /Library/LaunchDaemons/com.jamfsoftware.tomcat.plist file.
Solution for macOS includes the following, as modifying just the tomcat plist isn't enough, as you also need a modified setenv.sh file in /Library/JSS/Tomcat/bin.
1, Open Terminal and run:
sudo plutil -convert xml1 /Library/LaunchDaemons/com.jamfsoftware.tomcat.plist
2, Then open the file:
sudo nano /Library/LaunchDaemons/com.jamfsoftware.tomcat.plist
3, Add the below new string:
4, Then save and convert the file: sudo plutil -convert binary1 /Library/LaunchDaemons/com.jamfsoftware.tomcat.plist
Create a new file (setenv.sh) that is the one that catalina.sh will read (by default is not present).
1, Create the new file: sudo touch /Library/JSS/Tomcat/bin/setenv.sh
2, Open the new file: sudo nano /Library/JSS/Tomcat/bin/setenv.sh
3, Paste in the below and save:
export CATALINA_OPTS="$CATALINA_OPTS -Xms512m"
export CATALINA_OPTS="$CATALINA_OPTS -Xmx8192m"
export CATALINA_OPTS="$CATALINA_OPTS -Djava.awt.headless=true"
export CATALINA_OPTS="$CATALINA_OPTS -Djdk.tls.client.protocols=TLSv1.2"
4, Then run: sudo chown -R _appserver:_appserveradm /Library/JSS/Tomcat/bin/setenv.sh
5, Stop Tomcat: sudo launchctl unload /Library/LaunchDaemons/com.jamfsoftware.tomcat.plist
Start Tomcat using the catalina script, this should allow tomcat to startup reading the setenv.sh file that contains the "TLS specification"
Provided and tested by Jamf Support, I can confirm that the above fix does work for macOS.
Same issue here after upgrading to JAMF 10.15.1 two days ago. Our DEP/Apple School Manager sync stopped working and when I tried to download a new token from ASM and upload to JAMF, I would get the "Problem connecting to Apple Services" error message.
Confirmed that the above fix did work for us as well (we are running Ubuntu 18.04). Disabled TLS1.3 by editing the setenv.sh file as suggested. After that I was able to successfully upload the new token and sync appears good again.
According to that Mac Mule article it seems like there will be a fix for this in the OpenJDK v.11.0.5 patch slated for release on October 15.