Jamf Nation Community

ckirschner · ‎12-23-2012

Not sure if this has been discussed already, but I am just getting around to implementing Mountain Lion so it's new to me. My JSS is hosted in the cloud as it needs to be accessible to several different LANs, so all the Macs show the external IP of each specific LAN (basically every Mac on a network shows the same IP address). But I noticed when I go to scope a configuration profile it shows no computers available, which I'm assuming has something to do with all the IPs being the same. Is there a simple workaround to get this to work or did I just miss something because I've never set up a config profile before?

Thanks

mscottblake · ‎12-23-2012

My initial guess would be that Certificate Based Communication is not enabled.

ckirschner · ‎12-24-2012

Nope I'm pretty sure I have that set up correctly and the Push Notification cert is there also.

kitzy · ‎12-24-2012

We've got our JSS in the cloud as well, and I'm able to scope configuration profiles just fine. I suspect your issue lies somewhere else.

This is probably a stupid question, but you do have machines running 10.7 and 10.8, right?

ckirschner · ‎12-24-2012

Haha, there are no stupid questions, but yeah the machines I'm trying to manage are 10.8.2....possibly a certificate issue?

ckirschner · ‎12-25-2012

Might have found an explanation on this thread: https://jamfnation.jamfsoftware.com/discussion.html?id=59 but am still somewhat confused by the certificates at work in the system...

Part of the enrollment process creates a certificate for the device that: 1) gets assigned to the computer inventory record in the database; and 2) gets added to the following file on the client: /Library/Application Support/JAMF/JAMF.keychain Managed 10.7 clients should also receive an 'MDM Enrollment' profile in System Preferences > Profiles (this tab will not exist until the client receives a profile). Computers should start showing up in the scope of a computer configuration profile once they have been enrolled by applying the management framework and have received a device certificate in the database.

The JAMF.keychain on my machines is empty and there is no profiles tab in System Preferences even though they have been enrolled, does anyone know what causes that?

bentoms · ‎12-26-2012

Sounds like a firewall issue.

Can you double check you have the right rules in place as per : https://jamfnation.jamfsoftware.com/article.html?id=34

Especially 2195, 2196 & 5223.

It sounds like the mac clients are not gullying enrolling into the JSS.

ckirschner · ‎12-26-2012

Double checked all my firewall settings for the LAN where the clients are connected and the JSS and everything looks good there, but still no luck scoping the config profiles.

I did do a ```
sudo jamf enroll
``` on one of the machines just to try it and these three things showed up in the JAMF.keychain: external image link
but if I reboot the machine everything in the keychain disappears. Would it have something to do with using the internal CA for the JSS certificate?

Jamf Nation Community

Using Configuration Profiles when JSS is outside the local network?