Troubleshooting the JAMF Client - INTERNAL
***INTERNAL DOCUMENTATION***
In certain situations, the JAMF client on a computer may not be functioning properly. You may notice this a few different ways:
Self Service does not connect:
The client is no longer in the JAMF inventory:
How to verify this?
Login to jamf at https://casper.georgetown.edu:8443
Click on computers → search inventory and search for the device name or serial number (typically the serial number is most reliable)
If no results are found then the client is no longer enrolled.
-
The MDM profile is expired:
This could be due to a few of reasons:
The signing certificate of for JAMF has expired:
How to verify?
Go to System Preferences → Profiles → MDM Profile, and check the date of install and status
Something like this would indicate an expired certificate:
This likely happens when a machine is stored for long periods of time and doesnt check in with JAMF
The client is no longer in the JAMF inventory:
How to verify this?
Login to jamf at https://casper.georgetown.edu:8443
Click on computers → search inventory and search for the device name or serial number (typically the serial number is most reliable)
If no results are found then the client is no longer enrolled.
It would then be good to verify if this machine was purchased on behalf of GU.
-
How to verify?
Login to jamf at https://casper.georgetown.edu:8443
Click on computers → PreStage Enrollments → GU Standard Image Enrollments → Scope
Search for device serial number. If the device appears on this list, it was purchased on behalf of GU and qualifies for the automated imaging option
Example:
If possible, it would be easiest to wipe the machine and install the latest version of macos. After this the automated imaging process would kick off. See article: DEP New Computer Imaging Process
If erasing the device is not possible follow the steps below to manually enroll the devie
If the computer does not appear on the list, the device would need to be manually enrolled via the enrollment portal at https://casper.georgetown.edu:8443/enroll
Follow the steps below to re-enroll the device
To resolve issues with JAMF enrollment:
First check the status of the JAMF binary on the device, you can do this through terminal while signed in with the tssstaff account:
Open Terminal and type su tssstaff, then enter the tssstaff password
-
The command to check the status is “sudo jamf recon” - this will attempt a check in
This error indicates a networking issue, perform network troubleshooting and try again:
This error indicates the enrollment of the device has expired:
If you receive this error, uninstall the jamf client by performing the following command, “sudo jamf removeFramework”
Now Re-Enroll the Device:
First confirm the computer is running macOS 10.14 or higher. If not this device will need to be manually erased and reinstalled, via CMD+OPTION+R
Navigate to the following page on the trouble computer: https://casper.georgetown.edu:8443/enroll
-
Login with netID and password (this can be done with end user netID if supporting remotely)
-
Install CA certificate by clicking continue
A certificate will be downloaded to the computer, open this file to install to system preferences:
If system preferences doesn’t open automatically, you may have to navigate there to open it.
After installing the CA certificate, install the MDM certificate:
If system preferences doesn’t open automatically, you may have to navigate there to open it.
After a few minutes the JAMF binary and self service client will be installed
Login to JAMF: casper.georgetown.edu:8443 and verify computer appears when searching by name or serial number.