Assessing & Resolving Notification in Jamf Pro for "Push Proxy Server Token Has Expired"

benjamin_michae
New Contributor III
New Contributor III

A recent update to the Jamf Authorization Server (JAS) caused an issue that prevents proxy server tokens from being created or renewed in environments that are hosted on-premise with a range of legacy Java versions installed. The impacted functionality in Jamf Pro is the ability to send Notification Center notifications to devices with Self Service installed. This issue will cause a notification in Jamf Pro stating that the Push Proxy server token has expired. This issue is resolved by upgrading to Java 1.8.0_141 or later.

Alternatively, environments may wait to upgrade Java until Jamf Pro 10.14 is released as this version will require an upgrade to Java 11. Note that Jamf Pro 10.13 and earlier cannot run on Java 11. Please wait to upgrade to Java 11 until you’re prepared and able to upgrade to Jamf Pro 10.14. For more information, see the following Knowledge Base article: https://www.jamf.com/jamf-nation/articles/666/migrating-to-java-11

4 REPLIES 4

CorkCityShuffle
New Contributor III

This issue happens even with u202 and latest openjdk8 version under Windows and Linux installed. Under Windows there is only the latest version installed, which does not match with your observation of having multiple older versions on the System.

We will upgrade our environment over the weekend to 10.14 and Java 11, afterwards I'll check if this occurs again, for now I've deleted the cert from the server.

Cheers,
Mike

PhilS
New Contributor III

I've recently updated to JSS 10.18, Push Proxy Certificate still fails to renew. Deleted it, got a new one, still has same expiration date (tomorrow), but the time of day updated to 24 hours out. So this is NOT fixed.

drea
New Contributor

I am running 10.15 and am running into the same issue as PhilS. Cert expires tomorrow, but when I click renew, the page refreshes but there is no change to the expiration date, other than changing it to the time of day that matches when I pressed renew. It seems like this may need to be escalated to support. I don't want to delete and attempt a readd if it is going to throw the same error others have experience when trying to add a fresh new cert.

grahamrpugh
Release Candidate Programs Tester

@drea Push Proxy certs are always valid for only 24 hours. That's intended. They get renewed daily.