Force Update Mac Apps VPP

BOBW
Contributor II

Just wondering if anyone is having issues pushing out apps using VPP at the moment or if anyone has seen the issues I am having:

Currently using VPP to push out apps, scoped to a static group of lab machines
Distribution method set to Install automatically/prompt users to install

this will not install the app until I edit the app and press FORCE UPDATE

once I click on the then the app will install in the next few minutes, although sometimes it will sit there at the app download file extension in the applications folder.

I have checked access to APNS on port 2195 and it is fine on both client and server.

We are running a caching server but this should not impact the push of apps (I think)

attached screenshot of App

30256d88a00f4a26b5638da848bac815

6 REPLIES 6

malroy
New Contributor II

@BOBW

i recently went through this exercise and what we have found.

VPP application will not deploy if there is no one is logged in , you will need a network user who is logged in . local user are not working for us.

we also noticed that, VPP does take its times to come down as well , even we manually force update.

It is not a ideal deployment method . i haven't found any script to systemically deploy VPP successfully every single time.

BOBW
Contributor II

@malroy I did hear that this unload and load of LaunchDaemon might help but so far it hasn't.

#!/bin/sh
launchctl unload /System/Library/LaunchDaemons/com.apple.mdmclient.daemon.plist
sleep 20
killall jamf
launchctl load /System/Library/LaunchDaemons/com.apple.mdmclient.daemon.plist

seabash
Contributor

@malroy I'm seeing exactly the behavior you describe: the VPP app in question (Server.app) only installed after logging in w/ a network-based account. I had tried w/ 2 local account, attempting to sudo jamf mdm -userLevelMdm to no avail. I'll try to review Apple's spec, but do we think this is a Jamf defect?

Also, I'm using DEP on the Macs in question, which I've learned that we need to not check "Make MDM Profile Mandatory" (in PreStage). This aligns with what @kevinwilemon posted in 20830.
I also enabled "Allow MDM Profile Removal" for good measure, though not sure that was needed. Prior to that, I saw nearly verbatim errors as Kevin.

This seems unlikely to be an Apple VPP limitation—esp since they tout Enterprise Connect as removing the need to bind your Mac to AD. It would make little sense if they then limited VPP to only network accounts?

yennik
New Contributor II

@seabash

I'm seeing the same as @BOBW. I have to log in as a network user (not a local user) and then Force Update the App in the JSS and then it downloads on the client.

I've tried removing the profiles and adding them but I get an error message.

I'm running v9.96 JSS. Hopefully updating soon and will report back.

EDIT: It appears that the JSS says the Management Commands failed, but the Apps have installed.

seanhansell
Contributor

Does this work if a user already has the software and I want to force it to link to our VPP managed deployment?

- Sean

amendoza
New Contributor

@seanhansell From my limited experience with JAMF, I've had to delete the MAS downloaded app like Keynote/Pages/Numbers/GarageBand etc. Then run

sudo jamf recon

This downloads a temporary file(s) (like Pages.appdownload) and will be listed in Applications.
Rerun

sudo jamf recon

To trigger the download..

Hopefully in just a couple minutes it starts to download the whole app, and it's now tied to your VPP account and will adhere to the settings you've defined.

I've done this through a terminal session with no locally logged on user, and even with a logged on user.