Declarative Management Stuck Pending Issue

ImAMicrosoftGuy
New Contributor III

Hello All,

I'm not entirely sure what it is used for, but the DeclarativeManagement command is stuck pending for a lot of our MacBooks.  I am seeing this issue during enrollment, and also in computers that have already been enrolled.  It looks like this is a new Jamf command?

During enrollment, the computers grab their profiles.  Sometimes (and I don't know why it's only sometimes) the DeclarativeManagement command will come up during the profile installation part of enrollment.  I noticed that when this happens, on the computer you see "Waiting for management server" and it will be stuck like this forever.  If you cancel the DeclarativeManagement, the enrollment immediately continues.  

For the computers that have already been enrolled, DelcarativeManagement is randomly appearing in the pending commands.  But since it gets stuck, it is also preventing other commands from completing.  I need to cancel the DeclarativeManagement command and then all other pending commands else move along.

 

Is anyone else seeing this in their environment?  When looking at the Jamf Pro server logs, I see this error:

2023-09-28 15:46:00,945 [ERROR] [na-exec-295] [MRequestSignatureVerifier] - Cert invalid for a request from a device of type 'COMPUTER' with UDID '151D93F4-9A3E-56F5-B2B3-BCA6F016A19B'2023-09-28 15:46:00,945 [ERROR] [na-exec-295] [MdmControllerUtil ] - Returning 500. com.jamfsoftware.jss.exceptions.mdm.InvalidMDMMessageException: Error processing request action:DeclarativeManagementRequest, CmdUUID:null, SigVerified: false. Returning 500.

 

Any help is greatly appreciated 😀

10 REPLIES 10

ImAMicrosoftGuy
New Contributor III

Oh, and I just noticed if you send a blank push to a computer, the command comes back

Werner_Venter
New Contributor

BUMP on this topic

djs9812
New Contributor III

We have been having this issue since the start of the school year.  The only solution I am being given is to wipe all the devices that stopped taking inventory and reformat them.  

 

2023-10-25 18:21:00,660 [ERROR] [na-exec-162] [MRequestSignatureVerifier] - Cert invalid for a request from a device of type 'IOS' with UDID '047aa3a0be2fc1faedd5fa6b813b5258518291c7'
2023-10-25 18:21:00,660 [ERROR] [na-exec-162] [MdmControllerUtil ] - Returning 500. com.jamfsoftware.jss.exceptions.mdm.InvalidMDMMessageException: Error processing request action:DeclarativeManagementRequest, CmdUUID:null, SigVerified: false. Returning 500.

It looks like this is only happening to computers that have previously been enrolled.  For example if I have a laptop, and I wipe it out, reinstall MacOS, and then re-enroll, this happens.  Does NOT seem to happen to brand new out of box devices...

alton-br
New Contributor

 

To fix this, you can / have the end user run sudo profiles renew -type enrollment in terminal, then press enter followed by your password, and press enter again to confirm. (you wont see any *** when typing your PW but you are typing)

Once run, the Mac will show a notification in the top right (or notification center.) Once that notification pops up, click on and approve the enrollment.

Note this can take up to 20 minutes to show up. 

you can’t push this via JAMF because the the Mac is already not communicating w/ jamf  hope this helps!

ETsavaris
New Contributor III

This has not been the case for us. furthermore, we're seeing that the device is reporting that DDM is Enabled but continues to get the pending command.

Hi Alton,

Yes, we do sometimes have to do that command once we log in to run policy, because it will say that the jamf command is not found.  We do a sudo profiles renew -type enrollment, and then we also sometimes need to hit it with a Jamf-management-framework API command, and restart the machine.  Then the jamf command is found and I can continue running policy and what not.

 

However, this does not solve the issue of this occurring during enrollment on the setup assistant screens.  We still seem to get the issue where during enrollment, the machine is grabbing its profiles, and then gets stuck on a "Device Configured" command or a "Declarative Management" command, or sometimes both.  When this happens, on the machine all you see is "waiting for management server"  and it endlessly waits unless you cancel the "Device configured" or "Declarative Management" command.  After cancelling one or both of those stuck commands, the enrollment continues

I will say this is only occurring to the machines that have been sitting idle in our JAMF server.  For example, a student graduates from our school, we collect their laptop and let it sit over the summer in case they realize they need some file off of it before college.  It sits offline during the summer, and we do not delete it from our JAMF server. Once we erase it the next school year and re-enroll it, the "Declarative Management" or "Device configured" commands get stuck. 

This issue does not occur to a device that has newly been enrolled into our JAMF server.

Dambriz
New Contributor

I'm experiencing this as well, however for iPads. I can't just simple go and wipe out every device though, as we have close to 5,000 devices in classrooms. Does anyone know of a fix when it comes to iPads?

wescosa
New Contributor

Bump. Having this exact same issue! The command is stuck Pending, but machines are communicating just fine. 

TexasITAdmin
New Contributor III

I am having the same issue but with Apple TV.  Apple TV stays at "Awaiting final configuration from "[My Org]" "
If i look the device up in inventory I see a pending command of "DeviceConfigured".  

If i hit "Send Blank Push".  The Apple TV completes enrollment.