Fixing Jamf device signature error


Even though this Jamf Nation thread is five years old, as of this writing, it’s still got the solution to the Device Signature Error - A valid device signature is required to perform the action error message.

In my experience, the actual working solution is to run sudo jamf enroll -prompt and then enter credentials when prompted. Repeatedly running sudo jamf recon (even after a reboot) or sudo jamf policy doesn’t fix the issue, nor does verifying that the system clock time is correct.

Now why this comes up in the first place on a freshly factory-reset computer that DEP-enrolled in Jamf—who knows but Jamf?


6 responses to “Fixing Jamf device signature error”

  1. THANK YOU for the referehser. I’m so glad you closed with “who knows but Jamf?” – thought I was insane that my factory reset dep enrolled 10.15.6 machine was throwing this error. Did wonder if it was a 10.15.7 software update issue but even if it was … it seems like a long-lived issue. Saved my bacon though being on a tight timeline and having not used the enroll -prompt to refresh the cert (that looks, otherwise, to be valid…) … in a number of years when I was hitting this problem frequently due to problems, or so it seemed, between JAMF/MacOS 10.13.x and the T2 machines the special 10.13 build ran on. I frankly forgot all about it (PTS I’m sure).

  2. It’s back in Monterey.

    This doesn’t work since by it is no longer Pre-Stage enrolled so isn’t supervised, misses its ‘Enrolment Complete’ trigger and does not fall into any groups based on the Prestige group.

  3. It is happening on Monterey 12.3 and above. Machine assigned in pre-stage and ADE finish but machine went to shutdown. Since we created JMA account during pre-stage that actually help me to get on the machine and then run sudo profiles renew -type enrollement fix the enrollment issue. I have a service ticket open with Jamf support on this issue but still they are looking this issue.

Leave a Reply

Your email address will not be published.