Help

Expired MDM Profile on iPhone

klaus
New Contributor

2 weeks ago

Hey everyone,

A device in our fleet recently stopped communicating. I checked and sure enough:

 
Last Enrollment: 21/03/2022 at 12:52 PM
MDM Profile Expiration Date: 21/03/2024 at 12:52 PM
 
We have the default renew 180 days before expiry so was a bit confused. Check logs and see Failed Command:
Command: Renew MDM Profile 
Error: The Device is locked
 
Any thought on why this may have happened? Guessing only solution is to wipe and re-enrol?
 
TIA.
0 Kudos
6 REPLIES 6

obi-k
Valued Contributor II

2 weeks ago - last edited 2 weeks ago

Happened to me suddenly for a chunk of iOS devices. Not sure why. I added a smart group to check MDM Profile Expiration in less than 30 days, and to send an email.


Yes, I had to wipe and re-enroll for Supervised devices.

Screenshot 2024-05-13 at 10.30.20 AM.png

0 Kudos

klaus
New Contributor
In response to obi-k

2 weeks ago

Good advice, glad it isn't just me! 

0 Kudos

Lasse
New Contributor III

2 weeks ago

Was the APNS certificate in Jamf Pro renewed with another Apple ID since enrollment of this device? Then you would have to restore to defaults and enroll at setup again.

0 Kudos

klaus
New Contributor

2 weeks ago

Good question. We did have an issue with the APNS lapsing, was only for a couple of days before I managed to resolve it. It is entirely possible this was one of a few devices that got enrolled under the wrong Apple ID. 

User is not going to be happy but wipe and re-enrol it is! 

0 Kudos

Lasse
New Contributor III

2 weeks ago

If it was a short time, then re-enrolling the affected devices(hopefully not that many) is easier than the other option, to start a case with Apple Support.  They can help migrate the APNS certificate to a new Apple ID, usually applicable to large number of devices and migration to new domain. This issue can take some time to resolve.

Advise the customer to store as much content to the cloud as possible, as restoring from backup might bring the same issue back.

Advise the customer to store as much content to the cloud, maybe they'll

0 Kudos

AJPinto
Honored Contributor II

2 weeks ago

Apple does not play with these certificates. If they expire, the device needs to be reenrolled or wiped if the MDM Profile is non-user removable (which should be most cases).

0 Kudos