+3I am having a handful of systems with Configuration Profiles stuck in pending state. Does anyone know of a fix for this?
These systems are all Automatic Device Enrolled, they are checking regularly to jamf. I have tried having them reboot, sending blank push from management commands.
These commands have been pending for months.
+9@dthompson1 you can troubleshoot MDM from client side with log command.
log stream --info --predicate 'processImagePath contains "mdmclient" OR processImagePath contains "storedownloadd"'
Immediately after clicking on "Send Blank Push" the client should return a log.
+3@dthompson1 you can troubleshoot MDM from client side with log command.
log stream --info --predicate 'processImagePath contains "mdmclient" OR processImagePath contains "storedownloadd"'
Immediately after clicking on "Send Blank Push" the client should return a log.
@spotmac thanks I will give that a go.
+6Did you find a solution for this? I am also running into the same issue with a few of my devices.
We are experiencing the same issue with around 20 laptops in our environment across 4 different profiles. Anyone found any workarounds?
+6We are experiencing the same issue with around 20 laptops in our environment across 4 different profiles. Anyone found any workarounds?
Is it pending only on some devices or all of your devices?
+3Is it pending only on some devices or all of your devices?
+6yeah, I had that issue too. its possible one of your other config profiles is causing the issue? In my case, removing all profiles and running the profiles renew command did the trick.
+3yeah, I had that issue too. its possible one of your other config profiles is causing the issue? In my case, removing all profiles and running the profiles renew command did the trick.
Is the profiles renew command sudo jamf policy?
+6Is the profiles renew command sudo jamf policy?
No. Once you remove all profiles, it will also remove the MDM profile. You will basically need to re-enroll the computer. This article goes into more details about it -- https://docs.jamf.com/jamf-now/documentation/Re-enrolling_a_Computer_Using_Automated_Device_Enrollment.html
Please make sure you read the requirements carefully before removing the profiles.
+3No. Once you remove all profiles, it will also remove the MDM profile. You will basically need to re-enroll the computer. This article goes into more details about it -- https://docs.jamf.com/jamf-now/documentation/Re-enrolling_a_Computer_Using_Automated_Device_Enrollment.html
Please make sure you read the requirements carefully before removing the profiles.
+3No. Once you remove all profiles, it will also remove the MDM profile. You will basically need to re-enroll the computer. This article goes into more details about it -- https://docs.jamf.com/jamf-now/documentation/Re-enrolling_a_Computer_Using_Automated_Device_Enrollment.html
Please make sure you read the requirements carefully before removing the profiles.
My problem ended up being with the keychain. I deleted too many keychains troubleshooting another issue. I did sudo jamf removeFramework command and reenrolled. My Profiles are coming down now. Not ADE on this test system.
+9I am having this problem too.
+6My problem ended up being with the keychain. I deleted too many keychains troubleshooting another issue. I did sudo jamf removeFramework command and reenrolled. My Profiles are coming down now. Not ADE on this test system.
I was able to resolve the issue on one of the effected computers by doing the sudo jamf removeFramework and then using a User-Initiated Enrollment to re-deploy the MDM framework. It is a less than Ideal solution for a larger group of users, but was helpful in getting the device in front of me resolution.
+11Having the same issue on about 40 systems. All are checking in fine and most have users logged in. I have tried Jamf recon, launchctl kickstart -k system/com.apple.softwareupdated, renew MDM profile. No of these worked. Rather not have to re-enroll these systems, also sudo profiles renew -type enrollment forces user interaction which is also not ideal. Anyone find why this happens? Seems to be ongoing and happening randomly.
+1Seeing the same thing here, over 75 devices. Checking in, user logged in, MDM Profile Healthy and approved. Varying OS's.
Seems to just be more recent profiles that are stuck in pending, but these same profiles have gone out to hundreds of other devices just fine.
Surely someone has a better solution than re-enroll?
+9Having the same issue on about 40 systems. All are checking in fine and most have users logged in. I have tried Jamf recon, launchctl kickstart -k system/com.apple.softwareupdated, renew MDM profile. No of these worked. Rather not have to re-enroll these systems, also sudo profiles renew -type enrollment forces user interaction which is also not ideal. Anyone find why this happens? Seems to be ongoing and happening randomly.
There is a different way to re-enroll using the API that requires 0 interaction.
https://www.modtitan.com/2022/02/jamf-binary-self-heal-with-jamf-api.html
I've used that to fix a few computers that were not checking-in. The only requirement is the devices still need to be capable of getting MDM commands, which do get send the same way config profiles do I believe, but still worth trying. Definitely fixed a few for me.
+11There is a different way to re-enroll using the API that requires 0 interaction.
https://www.modtitan.com/2022/02/jamf-binary-self-heal-with-jamf-api.html
I've used that to fix a few computers that were not checking-in. The only requirement is the devices still need to be capable of getting MDM commands, which do get send the same way config profiles do I believe, but still worth trying. Definitely fixed a few for me.
Thanks. Yeah the binary on these systems is fine, they are checking in and doing inventory updates. They are not getting MDM commands that is the issue.
+11Seeing the same thing here, over 75 devices. Checking in, user logged in, MDM Profile Healthy and approved. Varying OS's.
Seems to just be more recent profiles that are stuck in pending, but these same profiles have gone out to hundreds of other devices just fine.
Surely someone has a better solution than re-enroll?
I'm working with Jamf on this, will post if we find a solution
+3Seeing the same thing here, over 75 devices. Checking in, user logged in, MDM Profile Healthy and approved. Varying OS's.
Seems to just be more recent profiles that are stuck in pending, but these same profiles have gone out to hundreds of other devices just fine.
Surely someone has a better solution than re-enroll?
+1We have this issue with about 200\\1000 devices. Policy and checking are working but configuration profiles are showing as Pending.
+11In my case, the only thing that works is to restart the computer.
Restarting does not seem to work on a lot of these. Some of them we need re-enroll with the sudo profiles renew -type enrollment which is a pain as the user needs to click on the enrollment notification and approve
+3Restarting does not seem to work on a lot of these. Some of them we need re-enroll with the sudo profiles renew -type enrollment which is a pain as the user needs to click on the enrollment notification and approve
Any update on this issue? We're experiencing this exact same problem and I need to make sure if it's a problem with Jamf or if it could be an issue with ABM that we could fix ourselves.
We're seeing the same issue as well. We primary use UIE and see no issues with those computers. We're currently experiencing issues with our PreStage computers not receiving commands.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
