Hi there,
I've got a number of devices that are showing pending profiles that have been pending for several days now, with no sign of deploying or failing, just stuck in limbo. I've read a few discussions about this and several people have suggested clearing the pending profiles from within JSS and then running the "sudo jamf removeMdmProfile" and "sudo jamf mdm" commands on the affected machines, and I've had some success with this. However, as a workaround to the pending issue we've deployed a number of our profiles as packages via policies in the interim period, as these aren't installed by MDM then running "removeMdmProfile" doesn't remove these. The only way I've found to remove these is by running "sudo profiles -Df". I've built the below script to try automate this.
#!/bin/bash
#Removes Jamf MDM Profile and waits 20 secs
sudo jamf removeMdmProfile -verbose
sleep 20
#Removes any other profiles and waits 20 secs
sudo profiles -Df
sleep 20
#Re-enrol in MDM, waits 20 secs and updates inventory
sudo jamf mdm -verbose
sleep 20
sudo jamf recon
However, when looking at the deployment logs for the test machines I've deployed the script policy out to, I see "profiles: There are profiles installed that marked non-removable" in the log. When I run this command myself within the terminal, I'm prompted to confirm I want to remove all profiles, I was hoping adding the -f options to the Profiles command would overwrite this but it seems to fail.
Is this something anyone else here has had to do and had success with it? Right now the manually installed profiles can't be over-written by config profiles and it's causing us some issues with compliance.
Thanks
Gary
