Help

Anyone Switch the domain name of their JSS server?

GabeShack
Valued Contributor III

Posted on ‎11-07-2017 10:15 AM

I was just wondering how many others had done this and what process they had to go through to redo their iPad management. I really want to change this but have been avoiding it for years due to the work involved of re enrolling all the iPads. Is anyone using any DNS magic that makes this work without breaking mobile mdm?

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools
Labels:
0 Kudos
6 REPLIES 6

cbrewer
Valued Contributor II

Posted on ‎11-07-2017 10:25 AM

I'd like to see Jamf put out an article on a process for this. I would think many organizations are going to be looking to move from casper.domain.com to jamf or jamfpro.domain.com. My guess is that the easiest thing to do is to make changes that impact newly enrolled devices, but also keep your existing DNS entry in place so that your previous name continues to function.

bvrooman
Valued Contributor

Posted on ‎11-07-2017 10:29 AM

Be sure to get an SSL certificate with both the old and new DNS names as SANs. That way clients can still validate the cert regardless of which URL they're using.

0 Kudos

cbrewer
Valued Contributor II

Posted on ‎11-07-2017 10:38 AM

A wildcard cert will come in handy here.

0 Kudos

jkuo
Contributor

Posted on ‎11-07-2017 10:51 AM

We did this on Jamf Cloud a couple years back, and at that time there was a redirect they put in place that pointed old JSS --> new JSS, but that was only a temporary solution while we re-enrolled each device.

0 Kudos

GabeShack
Valued Contributor III

Posted on ‎11-07-2017 11:21 AM

@cbrewer I thought they were deprecating wildcard certs sometime soon...or something like that, but maybe I'm thinking of the .local certs.

No matter what it would be great if somehow Apple would allow a command that could confirm a change of MDM (maybe on the school.apple.com site with 2 factor authentication) to modify the cert without having to reenroll.

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools
0 Kudos

rderewianko
Valued Contributor II

Posted on ‎11-07-2017 11:30 AM

When I did this internally, we were told the best way was to re-enroll devices.. Mobile, not so easy. Computers, we created a quickadd from recon attached to the new jss uploaded it to the old jss and had it run on any checkin for every machine.

0 Kudos