After casper imaging i'm aware JAMF use their own enroll script / post install script which are triggered by launchdaemons. What I've seen sometimes happen randomly is machines will not enroll. Attempting to re-image results in the same problem. After trawling through the logs where the enroll script re-directs output and also the jamf.log the error message i'm almost always presented with is :
**
There was an error.
Device Signature Error - A valid device signature is required to perform the action.**
I have spoken to JAMF support countless times about this and also searched JAMFNation about this message and it seems as though this message relates to a problem with certificates. Deleting the computer record in the JSS always fixes the above issue; probably because it removes the related cert in the JSS.
Deleting the affected record is not really an acceptable solution for us, especially since we are looking to roll out encryption. (What concerns me here is you can delete a computer record with no warning that there is an associated FV2 key.)
Anyway, what i'm getting at is if the issue is the cert stored on the JSS and deletion of the record resolves this because it removes the cert why can't the enrolment:
1)check if there is an existing record for the machine that is attempting to enrol
2)check if the cert matches - if it doesn't remove the cert from the server and leave the record behind to allow the enrolment to go through.
Does anyone have a fix for this which doesn't involve deleting the record and can easily be added to our post imaging scripts?
