Help

Jamf Configuration Profiles Stuck Pending

dthompson1
New Contributor II

Posted on ‎11-11-2021 09:18 AM

I am having a handful of systems with Configuration Profiles stuck in pending state. Does anyone know of a fix for this?

 

These systems are all Automatic Device Enrolled, they are checking regularly to jamf. I have tried having them reboot, sending blank push from management commands. 

 

These commands have been pending for months.

dthompson1_0-1636651073828.png

 

23 REPLIES 23

spotmac
New Contributor III

Posted on ‎11-12-2021 02:31 AM

@dthompson1  you can troubleshoot MDM from client side with log command. 

log stream --info --predicate 'processImagePath contains "mdmclient" OR processImagePath contains "storedownloadd"'

 

Screenshot 2021-11-12 at 11.28.17.png

Immediately after clicking on "Send Blank Push" the client should return a log.

dthompson1
New Contributor II
In response to spotmac

Posted on ‎11-12-2021 05:10 AM

@spotmac thanks I will give that a go.

 

0 Kudos

anuj530
New Contributor III

Posted on ‎01-14-2022 09:55 AM

Did you find a solution for this? I am also running into the same issue with a few of my devices. 

0 Kudos

user-bzSTfhwTIy
New Contributor

Posted on ‎02-03-2022 02:36 PM

We are experiencing the same issue with around 20 laptops in our environment across 4 different profiles. Anyone found any workarounds? 

0 Kudos

anuj530
New Contributor III
In response to user-bzSTfhwTIy

Posted on ‎02-03-2022 06:11 PM

Is it pending only on some devices or all of your devices? 

0 Kudos

dthompson1
New Contributor II
In response to anuj530

Posted on ‎02-04-2022 05:16 AM

For mine it is only some. About 8 out of 175 systems. All are checking into jamf with no issues. Just config profiles are stuck in pending.

They are all Automatic Device Enrollment but not all ADE systems are having the issue.
0 Kudos

anuj530
New Contributor III
In response to dthompson1

Posted on ‎02-04-2022 08:53 AM

yeah, I had that issue too. its possible one of your other config profiles is causing the issue? In my case, removing all profiles and running the profiles renew command did the trick. 

0 Kudos

wlevan
New Contributor III
In response to anuj530

Posted on ‎02-04-2022 08:56 AM

Is the profiles renew command sudo jamf policy?

0 Kudos

anuj530
New Contributor III
In response to wlevan

Posted on ‎02-04-2022 09:17 AM

No. Once you remove all profiles, it will also remove the MDM profile. You will basically need to re-enroll the computer. This article goes into more details about it -- https://docs.jamf.com/jamf-now/documentation/Re-enrolling_a_Computer_Using_Automated_Device_Enrollme... 
Please make sure you read the requirements carefully before removing the profiles. 

dthompson1
New Contributor II
In response to anuj530

Posted on ‎02-04-2022 09:32 AM

I think I asked jamf about this before and they said only way to re-enroll a device that was joined with Automatic Device Enrollment was to wipe the system and setup again.
0 Kudos

wlevan
New Contributor III
In response to anuj530

Posted on ‎02-04-2022 10:37 AM

My problem ended up being with the keychain.  I deleted too many keychains troubleshooting another issue.  I did sudo jamf removeFramework command and reenrolled.  My Profiles are coming down now. Not ADE on this test system.

RyanMilliron
New Contributor II
In response to wlevan

Posted on ‎08-11-2022 11:46 AM

I was able to resolve the issue on one of the effected computers by doing the sudo jamf removeFramework and then using a User-Initiated Enrollment to re-deploy the MDM framework.  It is a less than Ideal solution for a larger group of users, but was helpful in getting the device in front of me resolution.

0 Kudos

wlevan
New Contributor III

Posted on ‎02-04-2022 08:41 AM

I am having this problem too.

0 Kudos

whiteb
Contributor
In response to wlevan

Posted on ‎07-26-2022 02:44 PM

This might sound dumb, but I had the same issue and what it ended up being with me was that even though the computers that had Config Profiles stuck on 'Pending' were online and actively checking-in, they didn't have people logging into them (I work in K-12 so we have the majority of staff gone for the summer). Every computer that showed 'Pending' that I remoted into, then logged into, the commands all installed. My thinking was that it shows it checked-in recently, it should get the config profiles... nope. A user has to be logged into the computer to get them.
 
On your computers that have stuck pending profiles, look up one (or a couple) and go to History > Application Usage Logs. Is there anything there? If not, no one is using the computer, so that's actually expected behavior.
 
If Application Usage Logs are populated after the config profile tried to get pushed and it's still pending... that does sound like an issue.
0 Kudos

BCPeteo
Contributor II

Posted on ‎11-03-2022 12:43 PM

Having the same issue on about 40 systems. All are checking in fine and most have users logged in. I have tried Jamf recon, launchctl kickstart -k system/com.apple.softwareupdated, renew MDM profile. No of these worked. Rather not have to re-enroll these systems, also sudo profiles renew -type enrollment forces user interaction which is also not ideal. Anyone find why this happens? Seems to be ongoing and happening randomly.

0 Kudos

whiteb
Contributor
In response to BCPeteo

Posted on ‎11-14-2022 11:27 AM

There is a different way to re-enroll using the API that requires 0 interaction.

https://www.modtitan.com/2022/02/jamf-binary-self-heal-with-jamf-api.html

I've used that to fix a few computers that were not checking-in. The only requirement is the devices still need to be capable of getting MDM commands, which do get send the same way config profiles do I believe, but still worth trying. Definitely fixed a few for me. 

0 Kudos

BCPeteo
Contributor II
In response to whiteb

Posted on ‎11-14-2022 11:40 AM

Thanks. Yeah the binary on these systems is fine, they are checking in and doing inventory updates. They are not getting MDM commands that is the issue.

krbbass
New Contributor

Posted on ‎11-11-2022 02:41 PM

Seeing the same thing here, over 75 devices.  Checking in, user logged in, MDM Profile Healthy and approved.  Varying OS's. 

Seems to just be more recent profiles that are stuck in pending, but these same profiles have gone out to hundreds of other devices just fine.

Surely someone has a better solution than re-enroll?

0 Kudos

BCPeteo
Contributor II
In response to krbbass

Posted on ‎11-16-2022 06:50 AM

I'm working with Jamf on this, will post if we find a solution 

0 Kudos

dthompson1
New Contributor II
In response to krbbass

Posted on ‎11-16-2022 07:10 AM

The only resolution we found was wiping the system(s) and setting it backup. Even trying to re-enroll the system in jamf did not work.

I also worked with Jamf on our issues.

Dan Thompson
Systems Engineer
HealthStream, Inc.
500 11th Ave. North - Suite 1000
Nashville, TN 37203
Daniel.Thompson@healthstream.com
0 Kudos

anzicsrecko
New Contributor

Posted on ‎02-21-2023 08:38 AM

We have this issue with about 200\1000 devices. Policy and checking are working but configuration profiles are showing as Pending.

0 Kudos

user-DjYuMaLfIG
New Contributor

Posted on ‎04-25-2023 10:06 PM

In my case, the only thing that works is to restart the computer.

0 Kudos

BCPeteo
Contributor II
In response to user-DjYuMaLfIG

‎04-26-2023 06:47 AM - edited ‎04-26-2023 06:48 AM

Restarting does not seem to work on a lot of these. Some of them we need re-enroll with the sudo profiles renew -type enrollment which is a pain as the user needs to click on the enrollment notification and approve  

0 Kudos