Computers falling out of management

mconners
Valued Contributor

Hello Everyone,

I am pulling what little hair I have left, out.

Yesterday, we had maybe 2 Macs that weren't managed. No biggie as we haven't touched these two. This morning, I came in to find over 210 unmanaged Macs!! That's almost 20% of our Macs in the JSS. What the heck happened?

I have sent logs to JAMF for review and discovery of what might have happened.

Today I have been beating against a wall trying to re-enroll and manage these. After an afternoon of this, I managed to get 35 back to a managed state.

I am very alarmed by this as I have no idea what changed. Have any of you experienced this in the past and what have you done and possibly are doing to ensure this doesn't happen again?

Thank you for all of your feedback, it is greatly appreciated.

5 REPLIES 5

NickKoval
Contributor
Contributor

Is the jamf framework being removed from the computer or is the device listed by the JSS as "unmanaged" in the computer record?

Cornoir
Contributor II

Going forward until JAMF implements incorporating a self heal function I recommend using CasperCheck to help:

https://github.com/rtrouton/CasperCheck

mm2270
Legendary Contributor III

That must be unnerving, so I can understand your frustration.
Have you been able to pull a jamf log off one of the Macs affected by this to see what the log is showing? I'd be curious to see if an errant policy is being run as the last item before it became unmanaged. Is there perhaps a policy removing the management account from them, or changing the password on the management account?
I've never heard of that many devices going unmanaged in such a short time, so something must be causing it.

While things like CasperCheck are great and can help, they don't replace troubleshooting to find the root cause of what's causing this.

mconners
Valued Contributor

Hello All,

Thanks for replying @nkoval and @Cornoir. The binary is still present on the client Macs. In fact, I was able to go back to the client object in the JSS and "re-check" the box for allowing the JSS to manage the Mac. This resolved the management piece.

@mm2270 is right, troubleshooting is critical. I still don't have an answer why these Macs dropped their management component in the JSS. My next worry is, there are a large number of our Macs that are not updating their inventory in the JSS. They are all checking in still, but the updating of the inventory for each computer isn't working. I don't know why. I don't have a sense as to why either.

I have asked our JAMF support team to chime in based on the logs they sent me.

ashuttleworth
Release Candidate Programs Tester

If it helps, I was having the same issue with computers randomly becoming "unmanaged." Since I know our management account username/ password, I was able to create a script that finds all unmanaged computers that were formally managed and "re-manage" them. It can be set up as a cron job or run manually through Self Service (with some setup).

API_UnmanagedComputerFix.sh

I was able to find the issue as my bad implementation of @rtrouton CasperCheck that would cause all computers to reinstall a quick add package every startup irrespective of the checks in the script. I'm still in the process of fixing the issue. But I have a workaround to keep computers managed in the interim.