Unable to find a JAMF Device Identity in the JAMF keychain

bentoms
Release Candidate Programs Tester

I'm getting the following error on some computers:

Error signing communication - Unable to find a JAMF Device Identity in the JAMF Keychain.

SSL is enabled & root cert is trusted on client, client is on 10.7..

any ideas?

17 REPLIES 17

Matt
Valued Contributor

I am getting the same error all of the sudden on 10.7.3.

justinrummel
Contributor III

Any updates on this? I'm getting these errors too while forcing a recon.

bentoms
Release Candidate Programs Tester

I ran a mass:

sudo jamf enroll

Through ARD, & seems ok for now.

Do you use a cert on the jss that's internally signed?

ernstcs
Contributor III

Let me dust this one off. I'm now seeing this in my test environment, and I'm thinking it was after I installed our own certificates to the JSS. Doing the sudo jamf enroll certainly worked, but what's going on? Was hoping since this was back in February more information might be known.

10.8 Client
Windows 2008 R2 JSS version 8.6

lisacherie
Contributor II

Also seeing certificate issues in testing though still with Lion clients and 8.6 JSS. Have a ticket open with support.

Image computer ok
After the confirmation profiles are applied to add certificates the computer can no longer mount the distribution point - but can connect to JSS.
sudo jamf enroll after the certificates are installed and the client is ok once again.

Will update as I figure out more.

ernstcs
Contributor III

Must be a certificates issue. I reverted back to the server.xml that installed with the JSS (not enforcing valid certs, just the JSS's) and I don't have the issues talking to the JSS after imaging anymore. Now whether the issue is how I implemented my certificates is the issue or the JSS is an issue might be waiting until Monday.

jdziat
Contributor

I was running into a similar issue with Casper Suite 8.52 where even after re-imaging it would not accept the JAMF.keychain. What I did to resolve the issue was actually replacing the corrupt or incorrect keychain with a known good keychain. This makes me want to believe that it is a server side issue. Possibly to do with the way it distributes the JAMF.keychain file?

ernstcs
Contributor III

This one is turning out to be sporadic...hooray! Imaging doesn't create the JAMF.keychain every now and then. I'm going to burn out a hard drive testing this week.

frozenarse
Contributor II

Where should the JAMF.keychain be located?

ernstcs
Contributor III

/Library/Application Support/JAMF/

ToriAnneke
Contributor II

Hi all,

This is the first time I've seen this pop up in my Terminal.

So I trashed the file from /Library/Application Support/JAMF/JAMF.keychain

Rebooted, ran Recon (now, without the need to sudo) from the Terminal and no more error "Unable to find a JAMF Device Identity in the JAMF keychain"

What are the implications without having this file?

Thanks in advance!!

Paolo
New Contributor

Check if the time and other connectivity settings are correct as well.
I was getting this error because the time was wrong.

luispalumbo
Contributor

Thanks, Paolo.

After spending a bit of time on the computer and searching on the Internet and trying all the posts above, your post was the last on this forum and was the only one that worked for me.

acdesigntech
Contributor II

*bump*

I'm seeing this sporadically as well. 10.8.2 images, JSS 8.62. Computers seem to image fine, then the first job sent with Casper remote turns up successful. Subsequent jobs fail with the above error.

Is there any other information available on this? I'll be opening a ticket with Jamf unless it's a simple fix. We are using the self-signed JSS-created cert for the server.

JPDyson
Valued Contributor

Check the time. Seriously. It's almost always that for me.

acdesigntech
Contributor II

Not the system time this time, or any time this has happened for that matter. Seems to be related to a trusted certificate from the JSS being not trusted.

issuing a jamf enroll recreates the trusted cert, and does some sort of edit to the jamf.keychain file.

Any ideas on what that might be, or be caused by?

WacoKUNDA
New Contributor II

6 Years later and I got this error as well. Here follows my 2cents on it :)

I Checked the network settings. I received the error because I had my proxy set to Auto Discover on the device(which was how we needed it for the some of our Uni URLs to work.

For the enrollment to complete without the above error I had to set the proxy servers. for Http and HTTPS. I have a policy that sets the proxy settings back to Auto Discover after enrollment