Error Enrolling Mac into Casper v9

j99mac
Contributor

I have upgraded my Casper v8 in a test version to v9. After I tried to Enroll a test Mac in the Casper v9 and got a Error and the Mac did not be come enrolled.

This is what I did

1.  Delete the computer record out of the JSS
2.  Went to the Web URL for enrolling and downloaded a new QuickAdd.pkg
3.  Ran QuickAdd, got error
4.  In Terminal ran sudo jamf manage

How and what can I try next to be able to get my Test Mac Enrolled in to my Test v9.

8 REPLIES 8

dwandro92
Contributor III

Sometimes the JSS 9 QuickAdd.pkg reports a failure, even though the computer enrolled successfully. As long as the JSS show's the proper "Last Enrollment" and "jamf binary Version" values, the computer is enrolled.

j99mac
Contributor

When I run the jamf mange command on the Mac I get an error that indicates that it did not download the Cert. Also, I never get the system preference pane Profiles

j99mac
Contributor

When I run the jamf mange command on the Mac I get an error that indicates that it did not download the Cert. Also, I never get the system preference pane Profiles

dwandro92
Contributor III

Make sure your SSL cert is setup in "Apache Tomcat Settings" and that the server has been rebooted since the cert was created. As a workaround, as long as your JAMF binary has been updated to the current version, you can try enrolling from the terminal using "sudo jamf enroll -prompt". The device certificates error is happening for us too, but only when a computer is bound to the JSS during imaging. So far I haven't seen it occur on machines who've downloaded and installed the QuickAdd package. Also, just out of curiosity, which revision of JSS 9.x are you using? 9.21?

Rosko
Contributor II
Contributor II

If you do a "sudo jamf recon" do you get something like this?

There was an error.

     Device Signature Error - A valid device signature is required to perform the action.

If so, you are in the same boat I am right now, working with support on.

You can do a sudo jamf removeFramework, reboot and install the quick add package, but not really a fix if its affecting a bunch of users.

justinrummel
Contributor III

Whenever I try to re-enroll a device to the JSS, I use these steps:

[code]### Remove a Computer from Management
1. On Local Machine: `sudo jamf -removeFramework`
2. On Local Machine: `dscl /Local/Default -delete /Users/manageaccount`
3. On Local Machine: `dscl /Local/Default -delete /Groups/admin GroupMembership manageaccount`
4. On JSS: Delete computer from the JSS
[/code]
Have you tried creating the QuickAdd package from Recon? Is the issue that the pkg from the JSS doesn't have the correct info?

j99mac
Contributor

Thanks everyone for the help. I got everything to work not sure what it was.
I am thinking it had to do with replacing both the SSL Cert and the MDM Cert.

Any tip on how best to enroll computers the are already in the JSS after I upgrade to v9? Or do rare coming is all I have todo.

dwandro92
Contributor III

JAMF recommends having a DNS alias setup for the existing JSS, which your clients should already be pointing to. If you have the DNS alias setup, it's as simple as having the IP mapping changed to point to the new one. However, if you didn't do this (like we did), you can create a QuickAdd package for JSS 9 enrollment and setup an "every15" policy on your old JSS to deploy the package and enroll the clients. However, it is important to realize that your old JSS will not receive any logs after the policy is executed, so the best thing to do is setup a smart group on your new server with the following criteria:

(jamf binary Version [is] 9.xx
And last enrollment date [after (yyyy-mm-dd)] 2013-<MM>-<DD>)

You will most likely still have to perform some cleanup on top of the QuickAdd deployment policy (e.g. having users whose machines aren't checking in with the JSS enroll via the web interface, creating tickets for tier 1/tier 2 support to contact the remaining unenrolled users and get them enrolled, etc.), but eventually you will get there.