Changing the JSS FQDN url

hcodfrie
Contributor

Hallo JAMFnation,

Has any one changed their JSS FQDN name ?
We are about to move from a Windows Server 2008 R2 to a CentOS 6 server and would like to use a splitdns with a different FQDN name.

Does anyone have a checklist that i can use with the things i need to do ?

Some information :

We run a full JSS which is windows and a limited JSS which is linux. We got 50 OSX and 50 iOS managed clients, the iOS clients i will re-enroll to the new JSS URL how should i handle the OSX clients ?
We use self-signed certificates and PKI. ( our AD guy will generate a new certificate for us for the new FQDN )
We also use MDM and APN

Thanks

1 ACCEPTED SOLUTION

kitzy
Contributor III

Hi @hcodfrie

There's some good information in this thread, but I'll sum up my thoughts here.

First, you'll want to make sure the new DNS name is pointing to your new JSS. You'll want to keep the original URL also pointing at your old JSS for now (we'll need it in a later step).

Second, you'll need to update the JSS URL within the new JSS. In version 9, this can be found in Settings > Global Management > JSS URL.

Third, replace the Tomcat SSL certificate to reflect the new URL. It sounds like you'll be getting a new cert from your AD guy, so once you upload that to your JSS, you'll be good to go. You'll need to restart Tomcat (https://jamfnation.jamfsoftware.com/article.html?id=117) to use the new certificate.

The last thing we'll need to do is get all your devices pointing to the new URL.

For OS X, you can do this one of two ways. The first is to update the jss_url in /Library/Preferences/com.jamfsoftware.jamf.plist. You could do this by modifying the plist, capturing it with Composer, and deploying it with a policy. You could also use a more surgical approach by running a defaults command in a policy, similar to the following.

defaults write /Library/Preferences/com.jamfsoftware.jamf.plist jss_url https://new.jss.url:8443

Make sure you keep your old JSS URL pointing to your old JSS until all your computers are checking in with the new URL.

For iOS, the answer is a lot shorter, but far more labor intensive. You have to re-enroll all iOS devices to the new JSS URL. Unfortunately, there is no other way around it.

If you get stuck, feel free to reach out to your account manager for more support.

Alternatively, if you'd like some hands on help, a member of our Professional Services team would be more than happy to work side by side with you until all of your devices are migrated to the new URL. For more info on JAMF Software Professional Services, you can view this link: http://www.jamfsoftware.com/services/. JAMF Software Professional Services can be engaged through your account manager.

I hope that helps!

Take care,
John

View solution in original post

5 REPLIES 5

kitzy
Contributor III

Hi @hcodfrie

There's some good information in this thread, but I'll sum up my thoughts here.

First, you'll want to make sure the new DNS name is pointing to your new JSS. You'll want to keep the original URL also pointing at your old JSS for now (we'll need it in a later step).

Second, you'll need to update the JSS URL within the new JSS. In version 9, this can be found in Settings > Global Management > JSS URL.

Third, replace the Tomcat SSL certificate to reflect the new URL. It sounds like you'll be getting a new cert from your AD guy, so once you upload that to your JSS, you'll be good to go. You'll need to restart Tomcat (https://jamfnation.jamfsoftware.com/article.html?id=117) to use the new certificate.

The last thing we'll need to do is get all your devices pointing to the new URL.

For OS X, you can do this one of two ways. The first is to update the jss_url in /Library/Preferences/com.jamfsoftware.jamf.plist. You could do this by modifying the plist, capturing it with Composer, and deploying it with a policy. You could also use a more surgical approach by running a defaults command in a policy, similar to the following.

defaults write /Library/Preferences/com.jamfsoftware.jamf.plist jss_url https://new.jss.url:8443

Make sure you keep your old JSS URL pointing to your old JSS until all your computers are checking in with the new URL.

For iOS, the answer is a lot shorter, but far more labor intensive. You have to re-enroll all iOS devices to the new JSS URL. Unfortunately, there is no other way around it.

If you get stuck, feel free to reach out to your account manager for more support.

Alternatively, if you'd like some hands on help, a member of our Professional Services team would be more than happy to work side by side with you until all of your devices are migrated to the new URL. For more info on JAMF Software Professional Services, you can view this link: http://www.jamfsoftware.com/services/. JAMF Software Professional Services can be engaged through your account manager.

I hope that helps!

Take care,
John

hcodfrie
Contributor

Hey John,

Thanks for the information i will work it out many thanks !

tomt
Valued Contributor

@hcodfrie @johnkitzmiller This was perfect timing as I am doing the exact same migration today. So far so good.

Cheers!

thedanielmatt
New Contributor III

Thanks for the walk-through, John.

Curious if this caused any hiccups for anyone? Things to watch out for with profiles, certificates, etc?

michaelhusar
Contributor II

@thedanielmatt
I had the following hiccup: MDM broke since the client certificates were for the "old" setup.
Luckily I only have OSX clients - no iOS at the moment.
I tired the commands, I knew, like
jamf manage
jamf createConf
jamf enroll –invite
run a Quickadd package

Nothing helped. The "bad" MDM Profiles stayed on the clients and did not get exchanged automatically.
I had to explicitly remove the MDM Profile first with jamf removeFramework.
So I "pimped" a QuickAdd package script and put a "backup" jamf binary with the script in place.

#!/bin/sh
####################################################
##### remove everything
####################################################
sudo jamf removeFramework

####################################################
##### copy backup jamf.bin back into place
####################################################
sudo cp /Users/Shared/.jamf /usr/sbin/jamf

####################################################
## Create the configuration file at:
## /Library/Preferences/com.jamfsoftware.jamf.plist
####################################################
/usr/sbin/jamf createConf -url 'https://yourjss:8443/' -k

####################################################
## Turn on SSH
####################################################
/usr/sbin/jamf startSSH

####################################################
## Run enroll
####################################################
/usr/sbin/jamf enroll -invitation 19xxxxxx

So far it is running smoothly and MDM is working with the new certs.
Thanx for your thoughts!