Help

Mac App Store apps and VPP is buggy

WhippsT
Contributor

Posted on ‎07-30-2018 09:11 AM

So here's the situation. We're attempting to deploy Mac App Store apps to our fleet of macs using VPP. The info is as follows:

  • All users are local users (not AD users) with admin access (Most are teachers/staff, student computers are logged in as an admin account for the initial configuration)
  • All of the MacBooks are on High Sierra 10.13.6.
  • We have enough VPP licenses for twice our current fleet.
  • Everything is configured as it should be to allow VPP licenses to work.
  • The apps are NOT set to install automatically as not all users need them.
  • We are on Jamf Pro 10.6.

The issue is that installing the apps is a 50/50 chance of success. Sometimes it will install without a hitch, sometimes it will error out immediately and send you to the app store page for the app. The only apps that we're really concerned about are the iWork apps. GarageBand, iMovie, Pages, Keynote, and Numbers.

Is there an alternate method that will get these apps on the device and allow updating using a VPP license?

Reply
4 REPLIES 4

timlarsen
Contributor

Posted on ‎07-30-2018 09:43 AM

@WhippsT are you doing everything with device-based assignment? It's an easy checkbox to miss (one I've missed many times) in the "VPP" tab when setting up a new Mac App Store app in Jamf. I've seen the redirect to the app store when I've forgot to check this box off, but have also seen a couple random bugs occur...but just wanted to cover this base for you in case that was your issue :-)

Reply

WhippsT
Contributor

Posted on ‎07-30-2018 09:49 AM

@timlarsen Yes, we're attempting to use a device-based deployment for our licenses. To which check box are you referring? I only see one in the VPP tab of the Mac App Store apps. All of our apps are setup this way.

5c591fa14f8b4ca9a472cce40abe367e

0 Kudos
Reply

jhalvorson
Valued Contributor

Posted on ‎07-30-2018 10:03 AM

What do you have the scope set to?
I've had better luck when the targets are set to smart groups and not to specific Computer names. For example, for Pages - I have it set to three different Smart Groups: macOS 10.11 El Capitan, macOS 10.12.x Sierra, macOS 10.13.x High Sierra. Target computer = Specific Computers. Target Users = Specific User

Also, you might watch the status of specific computer to better understand when VPP is likely to work.
Verify in Inventory tab > General that MDM Capable Users has valid entries.
Verify in Management tab > Managment that there isn't a bunch of lingering pending and failed commands.
Review History tab > Management History - it has been my observation that after the ProfileList, iTunes Account Info, and Itunes Account Status have completed at least once on a new device, then the chances of VPP device-based working is better.

If all of the items look good, then sometimes running a recon or Inventory Update increases the chances of VPP Device-based installs via Self Service work as expected.

Reply

WhippsT
Contributor

Posted on ‎07-30-2018 11:05 AM

@jhalvorson That's some really useful insight.

I'm noticing that after trying to install the first VPP app, the MDM Capable Users is auto-populated with our base "admin" user. This doesn't appear to be the issue. I think that the VPP apps just need to be run when everything else is finished and the computer is "at rest" with JSS commands and communication. It's really frustrating that we can't queue the installation of those apps like other policies.

Is it possible to install those apps through JAMF Remote? Like if I want to have a computer run a specific policy, it's "sudo jamf policy -id ##". Is there a version of this for Mac App Store apps?

0 Kudos
Reply