Posted on 11-18-2024 04:32 AM
Hi Jamf Community,
I’m working on setting up an Extension Attribute (EA) to automatically detect devices with stuck MDM commands (e.g., commands that are pending or failed for an extended period). The goal is to use this EA as a trigger for a self-healing policy that runs once daily for affected devices.
Here’s what I’ve considered so far:
1. API Approach:
• I explored the Jamf API but haven’t found an endpoint that provides detailed or reliable information about stuck commands.
• If there’s a way to identify such commands via the API, I’d love some pointers or examples!
2. Local Machine Logs Approach:
• This seems like the most promising path. My idea is to check logs on the local machine for the last executed MDM command and flag devices where no command has been executed in the past 24 hours (or based on statuses).
• Are there specific logs or methods Can I extract this information programmatically?
If anyone has experience implementing a similar solution or insights into logs, commands, or API usage for this purpose, I’d greatly appreciate your help.
Thanks in advance for sharing your expertise!
Posted on 11-18-2024 08:23 AM
I don't believe we have the option to create an EA to find devices with pending or failed MDM commands. Instead, you can issue remote commands to cancel all pending and failed MDM commands. To do this,
Posted on 11-18-2024 01:50 PM
The command you are looking is
curl -X 'GET' \
'$yourjssurl/JSSResource/computerhistory/id/cmpJSS_ID(you can get ths with another query)/subset/Commands' \
-H 'accept: application/xml' \
-H 'Authorization: Bearer $yourtoken'
This will give you all commands history computer has, completed, failed and pending. Then you can filter pending and failed ones using jq or grep/sed
4 weeks ago
Hey @falc0n,
i've looked for a similar solution and build this here:
Clear_failed_MDM_Commands
Maybe this one helps you?