Help

Is there a way to get a machine to "re-query" for missed profiles?

georgecm12
Contributor III

Posted on ‎09-16-2020 06:54 AM

I've seen multiple instances when either setting up a new machine, or a "refreshed" machine (wiped drive and re-loaded OS) where the machine "misses" a lot of my configuration profiles that are targeted at the machine. Looking at it in the JSS, there's nothing indicating that it didn't get them, but they're clearly not on the machine.

Case in point, a machine I setup yesterday has 40 profiles in scope. (Is that a lot? Would it help to be combining them?) Based on my last check, it has 9 profiles installed. This is an extreme case, but I've seen where machines will miss half the profiles that are scoped to a machine.

Is there any command, either from within JSS or from the machine, that will get it to go and ask for all the profiles to be re-pushed to it again?

The only thing I can think of is to go, profile by profile, and tweak something like the description in each one, triggering the prompt to re-push to all machines. This seems like a giant waste of time and effort.

Labels:
5 REPLIES 5

sdagley
Esteemed Contributor II

Posted on ‎09-16-2020 07:44 AM

@georgecm12 40 profiles isn't unusual. You should see any profiles that are pending or failed listed in the Management->Management Commands section of a Computer record in your JSS console (unless you've cleared them). Have you verified nothing is showing there for systems that don't ahve all of the expected profiles installed?

0 Kudos

georgecm12
Contributor III

Posted on ‎09-16-2020 07:51 AM

@sdagley Correct. Nothing pending or failed, but the profiles just aren't there at all on the target machine.

It's almost like a missed UDP packet, in that it gets sent from the server, but it doesn't really check to see if the client receives it or not... as long as it's sent, the JSS figures it's job is done, whatever the state of the client machine.

And, similar to UDP, it seems like it happens more when there's a lot of stuff happening on the network at the time.

0 Kudos

sdagley
Esteemed Contributor II

Posted on ‎09-16-2020 08:20 AM

@georgecm12 What I do to force a profile re-push is add the Mac(s) in question as an Exclusion to the Profile's Scope, use Apply to New when Saving the change, then deleting the Exclusion for the Mac(s), and again using Apply to New when saving.

The other question, is are these profiles scoped to Computer or User level? Computer level should install almost immediately. If User level they'll only install at a time when the user scope can be verified, and that's pretty much at user login or some random event triggered by a butterfly on the other side of the world flapping its wings. I've switched to deploying User Level via Self Service as that will trigger an almost immediate install.

0 Kudos

georgecm12
Contributor III

Posted on ‎09-16-2020 08:25 AM

@sdagley These are all scoped to computer. I actually don't use any user-level profiles.

And yes, de-scoping the machine then re-scoping would be an option as well, but when you have several machines missing several profiles each, that's a lot of manual intervention to try and get the profiles to re-push.

0 Kudos

sdagley
Esteemed Contributor II

Posted on ‎09-16-2020 08:59 AM

@georgecm12 I'm sure there have been multiple Feature Requests for failed Profiles, but for ones that are just MIA this one might be appropriate: Add the ability for an Admin to re-push a Profile or Policy for Troubleshooting