Troubleshooting Guide v2.4.0

v2.4.0 Critical Issue Resolution

Issue 1: Extension Attribute Execution Failures (FIXED in v2.4.0)

Root Cause

macOS Extended Attributes (ACLs) prevent script execution after package installation.

Solution (Automatic in v2.4.0)

The v2.4.0 postinstall script automatically clears ACLs:

# Automatically applied during v2.4.0 installation:
xattr -c /usr/local/bin/jamf_connect_monitor.sh
xattr -c /usr/local/etc/jamf_ea_admin_violations.sh

Manual Fix (if needed)

# Clear ACLs manually if issues persist:
sudo xattr -c /usr/local/bin/jamf_connect_monitor.sh
sudo xattr -c /usr/local/etc/jamf_ea_admin_violations.sh

# Verify no ACLs remain:
ls -la@ /usr/local/bin/jamf_connect_monitor.sh
# Should show: -rwxr-xr-x (no @ symbol)

Issue 2: Configuration Profile Integration (ENHANCED in v2.4.0)

Symptom

Extension Attribute shows "Company: Your Company" instead of actual configured company name.

Root Cause

v2.4.0 had fallback issues when Configuration Profile wasn't fully processed.

Solution (Automatic in v2.4.0)

Enhanced parsing logic automatically detects and displays actual company names:

# Test Configuration Profile integration:
sudo jamf_connect_monitor.sh test-config

# Expected output shows actual configured values:
# Company Name: [Your Actual Company Name]
# Webhook: Configured
# Email: configured@yourcompany.com

Issue 3: Extension Attribute Version Detection (FIXED in v2.4.0)

Symptom

Extension Attribute shows "Version: Unknown" or empty version field.

Solution (Automatic in v2.4.0)

Auto-detection now works reliably:

# Test Extension Attribute manually:
sudo /usr/local/etc/jamf_ea_admin_violations.sh

# Expected output shows:
# Version: 2.4.0, Periodic: Running, Real-time: Not Running

Common Issues and Solutions

macOS System Settings UI Cache Issue

Symptoms: After auto-remediation, user still shows as admin in System Settings UI Root Cause: macOS UI cache not refreshing after directory service changes Impact: Cosmetic only - user has NO actual admin privileges

Verification:

# Authoritative check - if this says "not a member" then remediation worked
dsmemberutil checkmembership -U <username> -G admin

Solutions:

Force UI refresh:

sudo killall -9 "System Settings" 2>/dev/null || true
sudo killall -9 UserManagementAgent 2>/dev/null || true
sudo dscacheutil -flushcache
sudo killall -HUP opendirectoryd

Logout and login again
Reboot (always fixes it)

Note: This is a known macOS bug, not a security issue. The user cannot perform admin actions regardless of UI display.

Extension Attribute Not Populating

Symptoms: Empty or "Not configured" in Jamf Pro Solutions:

Check script permissions: ls -la /usr/local/etc/jamf_ea_admin_violations.sh
Test manually: sudo /usr/local/etc/jamf_ea_admin_violations.sh
Force inventory update: sudo jamf recon

Monitoring Not Running

Symptoms: No log entries, violations not detected Solutions:

Check daemon status: sudo launchctl list | grep jamfconnectmonitor
Load daemon: sudo launchctl load /Library/LaunchDaemons/com.macjediwizard.jamfconnectmonitor.plist
Check logs: tail -f /var/log/jamf_connect_monitor/monitor.log

False Violation Alerts

Symptoms: Approved admins being flagged Solutions:

Check approved list: cat /usr/local/etc/approved_admins.txt
Add user: sudo /usr/local/bin/jamf_connect_monitor.sh add-admin username
Verify admin group: dscl . -read /Groups/admin GroupMembership

Configuration Profile Not Applying

Symptoms: Settings not taking effect Solutions:

Force profile renewal: sudo profiles renew -type=config
Check profile status: sudo profiles list | grep jamfconnectmonitor
Validate JSON schema: python3 -m json.tool jamf_connect_monitor_schema.json

Smart Groups Not Populating

Symptoms: Empty Smart Groups despite installations Solutions:

Update Extension Attribute script in Jamf Pro (CRITICAL for v2.4.0)
Use flexible criteria: "Version: 2." instead of "Version: 2.0.0"
Force inventory updates: sudo jamf recon
Allow time for Smart Group processing

Production Verification

Comprehensive System Check

# 1. Verify installation
sudo jamf_connect_monitor.sh status

# 2. Test Configuration Profile
sudo jamf_connect_monitor.sh test-config

# 3. Check Extension Attribute
sudo /usr/local/etc/jamf_ea_admin_violations.sh

# 4. Verify file permissions (no ACL @ symbols)
ls -la@ /usr/local/bin/jamf_connect_monitor.sh
ls -la@ /usr/local/etc/jamf_ea_admin_violations.sh

# 5. Check daemon status
sudo launchctl list | grep jamfconnectmonitor

Expected v2.4.0 Output

# jamf_connect_monitor.sh status should show:
=== Jamf Connect Elevation Monitor Status (v2.4.0) ===
Configuration Profile: Active (or Not deployed)
Company: [Your Actual Company Name]
Monitoring Mode: periodic (or realtime/hybrid)

# Extension Attribute should show:
Version: 2.4.0, Periodic: Running, Real-time: Not Running
Configuration: Profile: Deployed, Webhook: Configured, Mode: periodic

Log Analysis

Key Log Locations

Installation: /var/log/jamf_connect_monitor_install.log
Activity: /var/log/jamf_connect_monitor/monitor.log
Violations: /var/log/jamf_connect_monitor/admin_violations.log
Daemon: /var/log/jamf_connect_monitor/daemon.log

Performance Tuning

Increase monitoring interval for large environments
Implement log rotation for disk space management
Consider network bandwidth for notifications

Enterprise Deployment Issues

Mass Deployment Troubleshooting

Staged Rollout: Deploy to pilot group first
Inventory Management: Force updates after deployment
Smart Group Validation: Use flexible version criteria
Performance Monitoring: Track resource usage

Configuration Profile Management

JSON Schema Validation: Test schema before deployment
Department-Specific Settings: Use multiple profiles if needed
Update Procedures: Configuration changes without script updates
Backup and Recovery: Document profile configurations

Created with ❤️ by MacJediWizard

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Troubleshooting Guide v2.4.0

v2.4.0 Critical Issue Resolution

Issue 1: Extension Attribute Execution Failures (FIXED in v2.4.0)

Root Cause

Solution (Automatic in v2.4.0)

Manual Fix (if needed)

Issue 2: Configuration Profile Integration (ENHANCED in v2.4.0)

Symptom

Root Cause

Solution (Automatic in v2.4.0)

Issue 3: Extension Attribute Version Detection (FIXED in v2.4.0)

Symptom

Solution (Automatic in v2.4.0)

Common Issues and Solutions

macOS System Settings UI Cache Issue

Extension Attribute Not Populating

Monitoring Not Running

False Violation Alerts

Configuration Profile Not Applying

Smart Groups Not Populating

Production Verification

Comprehensive System Check

Expected v2.4.0 Output

Log Analysis

Key Log Locations

Performance Tuning

Enterprise Deployment Issues

Mass Deployment Troubleshooting

Configuration Profile Management

FilesExpand file tree

troubleshooting.md

Latest commit

History

troubleshooting.md

File metadata and controls

Troubleshooting Guide v2.4.0

v2.4.0 Critical Issue Resolution

Issue 1: Extension Attribute Execution Failures (FIXED in v2.4.0)

Root Cause

Solution (Automatic in v2.4.0)

Manual Fix (if needed)

Issue 2: Configuration Profile Integration (ENHANCED in v2.4.0)

Symptom

Root Cause

Solution (Automatic in v2.4.0)

Issue 3: Extension Attribute Version Detection (FIXED in v2.4.0)

Symptom

Solution (Automatic in v2.4.0)

Common Issues and Solutions

macOS System Settings UI Cache Issue

Extension Attribute Not Populating

Monitoring Not Running

False Violation Alerts

Configuration Profile Not Applying

Smart Groups Not Populating

Production Verification

Comprehensive System Check

Expected v2.4.0 Output

Log Analysis

Key Log Locations

Performance Tuning

Enterprise Deployment Issues

Mass Deployment Troubleshooting

Configuration Profile Management