Endpoints losing all Profiles and MDM enrollment status

bravestface
New Contributor

Good morning,

At the end of the week we received some reports that several of our endpoints had missing profiles. This was caught because of one configuration profile that is used on a small number of machines is to set a custom background. That background was reverting back to the default Monterey one and forced an admin to check and see that all of the profiles we employ for that set of machines was missing. The MDM status was also reported back in the console as 'No'. On a couple of these, it seems like re-enrollment resolved the issue but we are still wondering what could have triggered this. Some of these machines were recently upgraded to Monterey over the past few weeks. Has anyone been seeing behavior like this? Anyone have any ideas on what could have caused it?

 

Thank you!

 

5 REPLIES 5

shaquir
Contributor III

Notice any similarities about the machines with the missing MDM profiles (i.e. enrollment date)?  Also do you see any pending Management Commands on these machines?

piotrr
Contributor III

Did you have any pending Jamf updates simultaneous with the system upgrade? Was it perhaps over the 10.41 update? 

That is something I can check on. Looks like the last upgrade was 9/10/22. I can check with the user that was performing the upgrades. Do you know this to be an issue? We are currently running 10.41.0-t1661887915

Thanks
Derek

It's hard to say, and I want to apologize that I'm asking questions that probably relate more to our problems than to yours - but perhaps we have something in common. 

Somewhere around the time of the Jamf 10.41 upgrade and the Mac OS 12.5.1 upgrade, two of our devices "lost" their Filevault encryption keys and users had to reset their keychains using an admin account. It's been no fun at all, but it's also been hard to tell if the problem had anything to do with our configuration profiles. Our devices were both User-initiated enrollment, not ADE. What about yours? 

I think we are talking about different issues then. There were a classroom machines we discovered that lost all of their configuration profiles and registration with MDM. They had to re-enrolled quickly to meet a deadline for the start of term. Several of them had just been upgraded to Monterey. 

We are unsure how long they had been in this state.