Update your Jamf AD CS Connector if you get "Unable to decrypt encrypted profile."

Jamf Pro 11.9.0 was released earlier this month, and with it came a lot of excited features related to macOS Sequoia.

However, one very important notice flew under the radar with all the announcements, and that is that the Jamf AD CS Connector needs to be updated from 1.0.0 to 1.1.0 in order to continue to issue certificates to computers.

Computers enrolled before this update shouldn't have any issues, but new enrollment may see errors when deploying certificates with the following error:

Unable to decrypt encrypted profile.

In order to fix this, you will need to update your Jamf AD CS Connector. Follow our guide below:

Check your AD CS Connector Version

First, lets check what version of the Jamf AD CS Connector you're running. The documentation from Jamf is a little strange, instead of checking for a version number, we're going to check a JSON file to see if it has a value for a specific key. On the server you have running the Jamf AD CS Connector, run the following PowerShell command:

Select-String -Path "C:\inetpub\wwwroot\adcsproxy\api-swagger.json" -Pattern "Revoke"

If it returns results related to "Revoke" then you're on 1.1.0 - and you're good to go!

If it doesn't return any values related to "Revoke" then you're on 1.0.0, and you need to update.

Update your .NET Framework

If you're running .NET Framework 4.7 or earlier, you'll need to update to .NET Framework 4.8 or later before you install the latest Jamf AD CS Connector.

On Windows Server, you can check this by through Control Panel > Programs > Programs and Features, or in Settings under Apps > Installed apps, depending on what version your running.

For more information on checking your .NET Framework version, visit https://learn.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed

Updating .NET Framework can typically be done through Windows updates, but if you need an offline installer, you can follow this article: https://support.microsoft.com/en-us/topic/microsoft-net-framework-4-8-offline-installer-for-windows-9d23f658-3b97-68ab-d013-aa3c3e7495e0

Update your Jamf AD CS Connector

Now you're ready to update your Jamf AD CS Connector. Follow this Jamf KB: https://learn.jamf.com/en-US/bundle/technical-paper-integrating-ad-cs-current/page/Upgrading_the_Jamf_AD_CS_Connector.html