Posted on 03-21-2017 08:27 AM
I've noticed recently that a number of machines in our fleet don't have Login entries listed in Computer Usage History. They have Logout and Startup entries, but not Login. It's very curious. I suspected that maybe the users had somehow enabled Auto Login and that would explain what I'm seeing, but a quick test on a machine didn't provide results that would confirm this theory. I'm at a loss.
This is important in our environment because we have a policy that runs at Login to submit the username and do an AD lookup to populate the Full Name and Email Address fields in the User and Location section of the computer record. I looked in the log entries for the policy and don't see a recent execution of the policy on one of the machines in question.
Posted on 03-21-2017 09:27 AM
I ran into this after a JSS upgrade several revisions back. Can you set up a test machine and use recon to re-enroll the computer (Either a remote or quick add PKG)? Since it was so long ago, i can't remember if I also tested the "jamf manage" command to reenforce the management framework.
Once i re-enrolled, my computers started logging again.
Posted on 03-21-2017 10:52 AM
I'm going to try and work with some of the machines that are exhibiting this issue and see about running the manage command on them to see if that addresses the issue. Planning to report back when I have more info...
Posted on 03-21-2017 10:53 AM
Error posting - ignore this entry. Couldn't find a way to delete the comment.
Posted on 03-21-2017 01:58 PM
It appears that the loginhook is broken on these machines. At least, that's my theory. I was able to identify two machines and I ran
jamf manage
on both of them.
It fixed one of the machines and it is properly showing login entries in Computer Usage Logs now but the other machine still isn't. I'm not sure what the issue is and how to best fix it.
Posted on 03-21-2017 03:45 PM
@stephanpeterson you may need to re-enroll the computer. You can either run a QuickAdd package or do a sudo jamf enroll -prompt
and enter in credentials to enroll the device. Keep in mind, this might cause some policies to re-run but it sounds like your management framework is broken.
Posted on 03-21-2017 05:19 PM
@mpermann I don't have any firsthand experience with re-enrolling machines. Any other downside? What's curious is that the machine seems fine otherwise. It's just that the loginhook seems to be broken.
Posted on 03-22-2017 06:53 AM
@stephanpeterson you could always contact your Jamf buddy and have them weigh in on the issue. We for whatever reason have a small number of systems whose management framework gets messed up once in a while. I don't generally spend too long trying to figure out what went wrong. In instances where the standard fixes don't work I just move to the removing and reinstalling the framework.
Posted on 03-22-2017 09:42 AM
Sounds similar to PI-002269 that I had last summer.
https://www.jamf.com/jamf-nation/discussions/18539/problem-with-login-policy