We deployed the new cisco secure client last week along with the new configuration profile. The profile installed on 341 devices and is pending on 54 devices. I spot checked some of the devices and they're online and checking in correctly, but the profile isn't installing and causing issues when trying to use the VPN. Any ideas other then restarting. These Mac's are currently running Sonoma.
Question
Pending Configuration Profiles on live devices
+13
+25@SMR1 Are there any other Pending Commands showing for those Macs? Have they been restarted since the profile was enabled? And if the profile is targeted at User Level is a user logged in on those Macs?
+26Just because a device is checking in does not mean there is not a communication issue. Get Jamf Environment Test or the Mac Evaluation Utility on one of those devices and run it, see if anything between Apple is being blocked that is related to device management or configuration profiles.
Jamf Environment Test | App Directory
Mac Evaluation Utility - can't link directly, but it's one of the Apple Seed for IT downloads.
+13For these 2 devices, the VPN software updated this morning correctly, but didn't install the config profile. I did check the pending commands suggested by @sdagley and both have pending commands. We deployed another update last week on the 20th that has a config profile and it's still showing pending, but the update policy did work.
+26For these 2 devices, the VPN software updated this morning correctly, but didn't install the config profile. I did check the pending commands suggested by @sdagley and both have pending commands. We deployed another update last week on the 20th that has a config profile and it's still showing pending, but the update policy did work.
Things like Policies use Jamf Framework, this uses different network hosts and ports than Apples MDM framework which MDM commands (like installing configuration profiles, or software updates) use. Since you are dealing with a VPN Client, and issues after installing it I am figuring something is being blocked of TLS redirection for Apples MDM framework hosts.
+13@AJPinto I didn't know that about the policies and config profiles. I'm going to work with one of the users tomorrow.
+13I had user run the environment test and they provided me the report. Is there a specific section I should be checking? I ran it my device and it's pretty much identical and I don't have any issues with getting config profiles.
+13After digging around, I noticed that there MDM profile is showing expired. It matches the date of the last completed command.
After digging around, I noticed that there MDM profile is showing expired. It matches the date of the last completed command.
You'll need to re-enroll these devices. I have the same situatuon in our Company. I have 13 devices with expired MDM profile and coudn't find any other fix than manually remove the MDM profile and re-enroll it again.
+13You'll need to re-enroll these devices. I have the same situatuon in our Company. I have 13 devices with expired MDM profile and coudn't find any other fix than manually remove the MDM profile and re-enroll it again.
Does running this command not do anything?
sudo profiles renew -type enrollment'
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.