Jamf Nation Community

stephanpeterson · ‎03-21-2017

I've noticed recently that a number of machines in our fleet don't have Login entries listed in Computer Usage History. They have Logout and Startup entries, but not Login. It's very curious. I suspected that maybe the users had somehow enabled Auto Login and that would explain what I'm seeing, but a quick test on a machine didn't provide results that would confirm this theory. I'm at a loss.

This is important in our environment because we have a policy that runs at Login to submit the username and do an AD lookup to populate the Full Name and Email Address fields in the User and Location section of the computer record. I looked in the log entries for the policy and don't see a recent execution of the policy on one of the machines in question.

TJ_Edgerly · ‎03-21-2017

I ran into this after a JSS upgrade several revisions back. Can you set up a test machine and use recon to re-enroll the computer (Either a remote or quick add PKG)? Since it was so long ago, i can't remember if I also tested the "jamf manage" command to reenforce the management framework.

Once i re-enrolled, my computers started logging again.

stephanpeterson · ‎03-21-2017

I'm going to try and work with some of the machines that are exhibiting this issue and see about running the manage command on them to see if that addresses the issue. Planning to report back when I have more info...

stephanpeterson · ‎03-21-2017

Error posting - ignore this entry. Couldn't find a way to delete the comment.

stephanpeterson · ‎03-21-2017

It appears that the loginhook is broken on these machines. At least, that's my theory. I was able to identify two machines and I ran

jamf manage

on both of them.

It fixed one of the machines and it is properly showing login entries in Computer Usage Logs now but the other machine still isn't. I'm not sure what the issue is and how to best fix it.

mpermann · ‎03-21-2017

@stephanpeterson you may need to re-enroll the computer. You can either run a QuickAdd package or do a sudo jamf enroll -prompt and enter in credentials to enroll the device. Keep in mind, this might cause some policies to re-run but it sounds like your management framework is broken.

stephanpeterson · ‎03-21-2017

@mpermann I don't have any firsthand experience with re-enrolling machines. Any other downside? What's curious is that the machine seems fine otherwise. It's just that the loginhook seems to be broken.

mpermann · ‎03-22-2017

@stephanpeterson you could always contact your Jamf buddy and have them weigh in on the issue. We for whatever reason have a small number of systems whose management framework gets messed up once in a while. I don't generally spend too long trying to figure out what went wrong. In instances where the standard fixes don't work I just move to the removing and reinstalling the framework.

Brad_G · ‎03-22-2017

Sounds similar to PI-002269 that I had last summer.

https://www.jamf.com/jamf-nation/discussions/18539/problem-with-login-policy

Jamf Nation Community

Computer History Usage Not Showing Logins, Only Logout and Startup