Troubleshooting a Failed Security and Privacy Payload Migration Verification

Updated: 20 August 2021
Product: Jamf Pro

Symptoms

After upgrading to Jamf Pro 10.29.x, a message in Jamf Pro Notifications displays due to a failed verification process for computer Security and Privacy payload migration in an upcoming release. The incorrect settings must be fixed to ensure the migration process succeeds. Download files for Jamf Pro logs and the configuration profile that contains corrupted data and send them to Jamf Support. The files will be analyzed to determine further actions.

Explanation

When upgrading to Jamf Pro 10.29.x, an automatic verification process is triggered to check for potential issues that may cause migration to the redesigned structure to fail in Jamf Pro 10.30.0 or later. Signed profiles uploaded in Jamf Pro are not subject to verification.

Resolution

Requirements

Jamf Pro account with Administrator privileges

  1. In Jamf Pro, navigate to Settings > Jamf Pro Information > Jamf Pro Server Logs.
  2. Click Download and save the log file to a preferred location on the computer.
  3. Do the following:
    1. In a preferred editor, open the log file and search for the following string: "Error while migrating config profile:". Ensure the issue is connected with the Security and Privacy payload. Note the profile identifier ID (e.g., 10).
      Note:

      • The verification error may be caused by settings not specific to a profile. If no potentially corrupted profiles are found, proceed to step 4 of this procedure.

      • There may be more than one profile found that includes corrupted data identified. Note all identifiers.

    2. In the same browser you have the Jamf Pro web app session open, navigate to the following URL, where ID is the identifier of the configuration profile from step a:

      • https://jamf.instancename.com/OSXConfigurationProfiles.html?id=ID&o=r if your environment is hosted in Jamf Cloud

      • https://jamf.instancename.com:8443/OSXConfigurationProfiles.html?id=ID&o=r if your environment is hosted in on-premise

    3. Click Download and save the mobileconfig file in a preferred location.

    To ensure all potentially corrupted configuration profiles are verified, repeat steps b-c to download all identified mobileconfig files.

  4. Check your logs for other error types.
    Important:

    Some errors do not require contacting Jamf Support. For example, the incorrect JSON mapping error description that contains the "is not a payload type" string and is combined with the following order of database actions will not cause the migration process to fail in an upcoming release:

    1. com.jamfsoftware.jss.database.schema.changeactions._10_29.SecurityPrivacyMigrationVerification
    2. com.jamfsoftware.jss.database.schema.changeactions._10_29.RefactoredPayloadsMigration
  5. Open a support case or email Jamf Support and attach the mobileconfig files and the log file.