Help

Before I go and re-image this machine

golbiga
Contributor III
Contributor III

Posted on ‎02-06-2015 09:43 AM

The other day I was looking at machines that haven't checked in for awhile. I found one machine that was having issues connecting to my JSS. I removed the machine from the JSS and tried re-enrolling and now I get:

Downloading required CA Certificate(s)...
There was an error. Error enrolling computer: Unable to establish trust with the JSS - Connection failure: "The host is not accessible."

I've removed the framework, removed the management account, tried running the quickadd.pkg and/or the quickadd.pkg from our enroll site. Both fail. I removed the UUID from the certificate_authority_issued table in mysql. Still nothing. Weirdly I can ping, ssh, and even telnet to the server. As well when I go to the jss from Safari there are no warning about a trust issue. I'm almost at the point where I'm just going to re-image this system, but before I do has anyone else ever seen anything like this?

Thanks
Allen

0 Kudos
8 REPLIES 8

rderewianko
Valued Contributor II

Posted on ‎02-06-2015 09:45 AM

Hi @golbiga

Is the time correct on the machine?

-RD

0 Kudos

golbiga
Contributor III
Contributor III

Posted on ‎02-06-2015 10:01 AM

Yup, the time is correct on the machine.

Allen

0 Kudos

jjones
Contributor II

Posted on ‎02-06-2015 10:42 AM

Can you check your keychain to see if it has a keychain item for casper/jss?

0 Kudos

BenDenham
New Contributor

Posted on ‎02-06-2015 02:55 PM

Hey,
i know rderewianko asked already if the time was right, but just double check the date is right. I have had this exact issue and was simply the client date was 1 year out

0 Kudos

brandonusher
Contributor II

Posted on ‎02-06-2015 03:18 PM

I've had similar issues and what I've had to do is run the following:

sudo jamf enroll -prompt

This forces a re-enroll with new information and prompts for credentials both for the local account and a JSS Account that has permission to enroll machines

0 Kudos

golbiga
Contributor III
Contributor III

Posted on ‎02-06-2015 04:48 PM

@jjones the jamf keychain is not present as the machine is not able to communicate with the JSS in order to even download it. I've removed the framework which removes the JAMF folder in /Library/Application Support.

@BenDenham just checked again and the time is indeed correct.

@usher.br sudo jamf enroll -prompt, sudo jamf enroll -invitation [invitation id] all fail with, Error enrolling computer: Unable to establish trust with the JSS - Connection failure: "The host is not accessible."

0 Kudos

davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎02-06-2015 05:43 PM

It does sound like you're going to have to erase it, or at least that would be the quickest route to a working setup.

The only other thing that spring to mind are JSS related certs left in the system keychain.

When you said you removed the framework I take it that was a ```
sudo jamf removeFramework
```

0 Kudos

golbiga
Contributor III
Contributor III

Posted on ‎02-09-2015 07:13 AM

@davidacland yep, sudo jamf removeFramework. Nothing left in the System Keychain, it's really bizarre. I've spent more than enough time on it and will most likely re-image this week.

0 Kudos