Skip to main content

Been noticing that Self Service has been failing and saw this in /var/log/jamf.log

Device Signature Error - A valid device signature is required to perform the operation.

I'm not seeing any expired certificates anywhere, in fact they were just renewed only a few months ago. I did sudo jamf -enroll -prompt. That got SS working again, but I need to understand what happened or where to check what might be expired, missing, etc.

Some of these are machines that were JUST enrolled through the pre-stage enrollment that was set up by our Jamf consultant.

I've only ever seen that on devices that were previously enrolled in Jamf or we leveraged migration assistant from an old Jamf-managed Mac to a new one, or in rare cases, the time/date were on the Mac. Anything common there?

 

Also, I've be recommended the Redeploy api command to fix that when it does occur. 


@mvalpredacheck out our self healing script - https://github.com/Rocketman-Tech/Jamf-Self-Healing - should do the trick for ya!


we get a ton of these devices there was pre-imaged (meaning hardware received and then all the corporate apps were installed and devices were prepped) and then stored for eventual deployment.  Typically if they've been sitting for about a month and then put back on the network, it's device signature errors... even on reprovisioned.  I have to do the jamf self heal commands to get it to work.  I probably have to do this 2-5 times a day.  

Previously, also had good luck with the https://jss.url.here/enroll/?type=quickadd and then running the Quickadd package to enroll.

 


Reply