Help

Enrollment policy without logs?

Go to solution
ganidran
New Contributor III

Posted on ‎03-30-2023 09:50 AM

Is it normal for a policy that only has a script as the payload to never get logs? I have our "master enrollment" script that calls on other policies after enrollment and it shows "pending" on end for any computer. What's strange is that the policies that it calls within the script work/are triggered.

Trigger: Enrollment Complete

Frequency: Once per computer

Scope: All computers - Specific Users

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
talkingmoose
Moderator
Moderator

Posted on ‎03-30-2023 12:14 PM

Policies themselves have no idea what’s running in the scripts attached to them. The best they can report is “Successful” or “Failed”.

If you want detail from the script, add echo statements that report the status of the lines doing something. Echo statements will be fed back into the policy’s log.

I talked about this briefly during my JNUC 2022 Presentation. Here’s the relevant part:

https://youtu.be/kRW4CtlCyWw?t=1404

But lik @Stev and @TrentO, it really does sound like one of your policies getting called by the main policy is rebooting the computer and preventing it from reporting a success or failure. I think you may be able to add something like this to spin off the reboot process and allow the policy to quit. (Untested.)

/sbin/shutdown -r +1 & # restart in 1 minute

View solution in original post

Reply
5 REPLIES 5

Go to solution
stevewood
Honored Contributor II
Honored Contributor II

Posted on ‎03-30-2023 10:08 AM

If you are rebooting the device from the script, then the script never completes and never signals to Jamf Pro that it is complete. So it would remain in a Pending state with no logs.

If you want to reboot the device, I would suggest using the restart functionality in the Policy.

Reply

Go to solution
TrentO
Contributor II
In response to stevewood

Posted on ‎03-30-2023 10:42 AM

I agree with @stevewood. This is most likely the case, or at least something causing the script to not return. If you are rebooting, make sure you use the Policy payload for that rather than calling it in the script. 

0 Kudos
Reply

Go to solution
talkingmoose
Moderator
Moderator

Posted on ‎03-30-2023 12:14 PM

Policies themselves have no idea what’s running in the scripts attached to them. The best they can report is “Successful” or “Failed”.

If you want detail from the script, add echo statements that report the status of the lines doing something. Echo statements will be fed back into the policy’s log.

I talked about this briefly during my JNUC 2022 Presentation. Here’s the relevant part:

https://youtu.be/kRW4CtlCyWw?t=1404

But lik @Stev and @TrentO, it really does sound like one of your policies getting called by the main policy is rebooting the computer and preventing it from reporting a success or failure. I think you may be able to add something like this to spin off the reboot process and allow the policy to quit. (Untested.)

/sbin/shutdown -r +1 & # restart in 1 minute

Reply

Go to solution
ganidran
New Contributor III

‎03-30-2023 12:48 PM - edited ‎03-31-2023 12:44 PM

@stevewood 
Really good feedback - I appreciate it! We do have echo statements as it goes line by line - It's definitely the fact that we reboot prior to the script ending because we give the user the choice to reboot or not (so as to kick in the prompt to turn on filevault upon reboot).

I'll try out the 'shutdown' command with a '&' and see what happens @talkingmoose 

0 Kudos
Reply

Go to solution
ganidran
New Contributor III

Posted on ‎04-06-2023 11:32 AM

Confirmed adding an "&" helps the policy continue to exit while a reboot is timed! Thanks moose! :D

0 Kudos
Reply