Cannot discover devices.

[platinumlynx]

Hello, i got a problem when i'm trying to discover my company's devices that have a self-hosted jamf pro server.

We have installed the glpi instance under Wampserver 3.2.0.

We're trying to use the 2.1.3 Release version of the plugin. We have followed the steps on the wiki and configured the plugin with a jss account that has all privilege.

We also cannot see the JSS Account Link under an user in GLPI, it leaves an empty select field.

Specifications: GLPI 9.5.3 PHP 7.4.0 Jamf Pro 10.26

I've checked the sql logs and the recurring error message is as follows:

[2021-01-14 16:17:56] glpisqllog.ERROR: DBmysql::query() in C:\wamp64\www\inc\dbmysql.class.php line 306 MySQL query error: SQL: SELECT itemtype, items_id FROM glpi_plugin_jamf_computers WHERE sync_date < NOW() - INTERVAL 15 MINUTE Error: Champ 'itemtype' inconnu dans field list Backtrace : inc\dbmysqliterator.class.php:95
inc\dbmysql.class.php:858 DBmysqlIterator->execute() plugins\jamf\inc\devicesync.class.php:185 DBmysql->request() plugins\jamf\inc\cron.class.php:42 PluginJamfDeviceSync::syncAll() inc\crontask.class.php:848 PluginJamfCron::cronSyncJamf() front\cron.php:83 CronTask::launch() {"user":"@user","mem_usage":"0.128\", 18.69Mio)"} [2021-01-14 16:22:57] glpisqllog.ERROR: DBmysql::query() in C:\wamp64\www\inc\dbmysql.class.php line 306 MySQL query error: SQL: SELECT itemtype, items_id FROM glpi_plugin_jamf_mobiledevices WHERE sync_date < NOW() - INTERVAL 15 MINUTE Error: Champ 'itemtype' inconnu dans field list Backtrace : inc\dbmysqliterator.class.php:95
inc\dbmysql.class.php:858 DBmysqlIterator->execute() plugins\jamf\inc\devicesync.class.php:185 DBmysql->request() plugins\jamf\inc\cron.class.php:42 PluginJamfDeviceSync::syncAll() inc\crontask.class.php:848 PluginJamfCron::cronSyncJamf() front\cron.php:83 CronTask::launch() {"user":"@user"} [2021-01-14 16:22:57] glpisqllog.ERROR: DBmysql::query() in C:\wamp64\www\inc\dbmysql.class.php line 306 *** MySQL query error: SQL: SELECT itemtype, items_id FROM glpi_plugin_jamf_computers WHERE sync_date < NOW() - INTERVAL 15 MINUTE Error: Champ 'itemtype' inconnu dans field list Backtrace : inc\dbmysqliterator.class.php:95
inc\dbmysql.class.php:858 DBmysqlIterator->execute() plugins\jamf\inc\devicesync.class.php:185 DBmysql->request() plugins\jamf\inc\cron.class.php:42 PluginJamfDeviceSync::syncAll() inc\crontask.class.php:848 PluginJamfCron::cronSyncJamf() front\cron.php:83 CronTask::launch() {"user":"@user","mem_usage":"0.143\", 17.06Mio)"}

[cconard96]

Can you share the contents of the function syncAll in the plugin file inc/devicesync.class.php (Around line 172). This is the second report of this issue yet this was already supposed to be fixed for version 2.1.3 and the table names should be different than what it shows in the errors here.

[platinumlynx]

Sure. Here's the function from inc/devicesync.class.php.

public static function syncAll(): int
   {
      global $DB;

      $volume = 0;

      $config = PluginJamfConfig::getConfig();

      static::syncExtensionAttributeDefinitions();
      $iterator = $DB->request([
         'SELECT' => ['itemtype', 'items_id'],
         'FROM' => 'glpi_plugin_jamf_devices',
         'WHERE' => [
            new QueryExpression("sync_date < NOW() - INTERVAL {$config['sync_interval']} MINUTE")
         ]
      ]);
      if (!$iterator->count()) {
         return -1;
      }
      while ($data = $iterator->next()) {
         try {
            $result = self::sync($data['itemtype'], $data['items_id']);
            if ($result) {
               $volume++;
            }
         } catch (Exception $e2) {
            // Some other error
         }
      }
      return $volume;
   }

[cconard96]

Please try making the changes from PR #69. This can be done manually or using git apply using the following or whatever the equivalent would be with Windows.

curl https://patch-diff.githubusercontent.com/raw/cconard96/jamf/pull/69.patch | git apply

[platinumlynx]

I changed the four files from the PR. I no longer have any SQL Errors, but i still cannot discover devices. I found some PHP errors when trying to link a JSS Account to a GLPI user. I pasted them in case it could be of any help.

[2021-01-18 13:47:57] glpiphplog.ERROR: GLPINetwork::getOffers() in C:\wamp64\www\inc\glpinetwork.class.php line 312 Unable to fetch offers informations. Échec de connexion. Si vous utilisez un proxy, merci de le configurer. (SSL certificate problem: unable to get local issuer certificate) {"user":"32@CLONE-GLPI","mem_usage":"0.001\", 3.64Mio)"} [2021-01-18 13:48:13] glpiphplog.WARNING: *** PHP Warning (2): Invalid argument supplied for foreach() in C:\wamp64\www\plugins\jamf\inc\user_jssaccount.class.php at line 202 Backtrace : plugins\jamf\inc\user_jssaccount.class.php:62 PluginJamfUser_JSSAccount::showForUser() inc\commonglpi.class.php:637 PluginJamfUser_JSSAccount::displayTabContentForItem() ajax\common.tabs.php:92 CommonGLPI::displayStandardTab()

[2021-01-18 13:48:29] glpiphplog.CRITICAL: Uncaught Exception RuntimeException: Required argument missing! in C:\wamp64\www\plugins\jamf\ajax\merge.php at line 123
[2021-01-18 13:50:31] glpiphplog.WARNING: PHP Warning (2): Invalid argument supplied for foreach() in C:\wamp64\www\plugins\jamf\inc\user_jssaccount.class.php at line 202 Backtrace : plugins\jamf\inc\user_jssaccount.class.php:62 PluginJamfUser_JSSAccount::showForUser() inc\commonglpi.class.php:637 PluginJamfUser_JSSAccount::displayTabContentForItem() ajax\common.tabs.php:92 CommonGLPI::displayStandardTab()

[cconard96]

For the first issue, does it go away if you set the plugin option Ignore JSS Certificate to Yes? If so, there is something with the GLPI server that needs changed to properly validate your Jamf server certificate.

For the second, I'll look into it later this afternoon and get back to you.

[platinumlynx]

Hello. I had the ignore JSS Certificate set to Yes when i sent you my logs. I tried with the parameter set to No and it still doesn't give me any SQL errors. I still get the same message in the JSS account link section in the PHP logs.

Thanks for the help.

[2021-01-18 15:36:28] glpiphplog.WARNING: *** PHP Warning (2): Invalid argument supplied for foreach() in C:\wamp64\www\plugins\jamf\inc\user_jssaccount.class.php at line 202 Backtrace : plugins\jamf\inc\user_jssaccount.class.php:62 PluginJamfUser_JSSAccount::showForUser() inc\commonglpi.class.php:637 PluginJamfUser_JSSAccount::displayTabContentForItem() ajax\common.tabs.php:92 CommonGLPI::displayStandardTab()

[cconard96]

The PHP warning for JSS Account Link is related to the SSL issue I think because the warning indicates there are no users retrieved from the Jamf API. The ignore certificate option should bypass that issue though and I know it works on my end because I have similar issues in my development environment and I haven't been able to get the Jamf Cloud certificate working with Curl yet.

[platinumlynx]

I put the ignore JSS Certificate to Yes and it still doesn't work, but could it be because our glpi test environment doesn't have an SSL certificate ?

[cconard96]

It shouldn't matter about the GLPI server. Does your Jamf instance have a certificate though? I don't think there is anything set to try and force a SSL connection...

[platinumlynx]

My self-hosted jamf instance has an SSL certificate. Other than that, I don't know what could be the problem.

[cconard96]

Since you have a test GLPI instance, can you try connecting it with the Jamf API test server? https://tryitout.jamfcloud.com Leave the option to ignore the certificate on and see if you can discover devices without those SSL errors.

I suggest not doing anything more than the initial discovery with the tryitout server though since it really isn't meant for this and it is pretty heavily rate limited.

The username and password for it are blank

[platinumlynx]

Alright, i tried it with the api test server and it works. What could be the issue then with our instance ?

[cconard96]

That is odd... I'm not sure. Even if you had a certificate error and it showed an error when you open the web interface, the plugin should be ignoring the certificate completely. Is the Jamf certificate self signed, locally signed through an on-site CA or a public CA? I'm not that great with certificates but I can try to recreate the situation on my end.

[cconard96]

The proper SSL fix (without having to ignore the certificate) should be the approved answer here: https://stackoverflow.com/questions/28858351/php-ssl-certificate-error-unable-to-get-local-issuer-certificate

[platinumlynx]

Our SSL is signed by GlobalSign so I believe it's a public CA. Also, is it possible to clear the list of discovered devices from the api test server ?

I will try the proposed fix in the meantime and tell you if it works.

[cconard96]

Not in the UI yet. You can truncate the glpi_plugin_jamf_imports table with any DB management tool or just uninstall/reinstall the plugin.

On Tue, Jan 19, 2021, 11:19 AM platinumlynx notifications@github.com wrote:

Our SSL is signed by GlobalSign so I believe it's a public CA. Also, is it possible to clear the list of discovered devices from the api test server ?

I will try the proposed fix in the meantime and tell you if it works.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cconard96/jamf/issues/68#issuecomment-762952522, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEG4CLN7O33FVO2HQNIS4MDS2WWJHANCNFSM4WCW734A .

[platinumlynx]

Hi, for now it's working with the two fixes you proposed. The 69th PR and the SSL fix did it. Thank you.

We will confirm tomorrow if it works properly with auto-import and then i'll close the issue.

[cconard96]

You can leave the issue open and just add a comment confirming it works. When I merge the PR it will close automatically since it is linked. This way, others know the fix isn't added to the code yet.

On Tue, Jan 19, 2021, 3:48 PM platinumlynx notifications@github.com wrote:

Hi, for now it's working with the two fixes you proposed. The 69th PR and the SSL fix did it. Thank you.

We will confirm tomorrow if it works properly with auto-import and then i'll close the issue.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cconard96/jamf/issues/68#issuecomment-763130386, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEG4CLMQXPLWBT2M2XTXFALS2XV3FANCNFSM4WCW734A .

[platinumlynx]

Thanks a lot for your help. It works as intended.