Help

MAcbook Pro checks in, but doesn't run policies, install profiles or App Store apps

Go to solution
cgeorge
New Contributor III

Posted on ‎07-13-2022 05:16 PM

We have a MBP M1 Max running Monterey 12.4 that checks in to our cloud fine, but it won't apply policies, profiles, or App Store apps. The profiles and policies are listed as pending in Management Commands, and the computer is checking in just fine (it checked in 6 minutes ago). 

I've tried "sudo jamf recon" and "sudo jamf policy" in the Terminal, but no joy. sudo jamf policy reports: "No policies were found for the "recurring check-in" trigger." even though the assigned policies are there, and they run without incident on other computers, so I know it's not a misconfiguration with the policy. Scoping has also been triple checked, and like I said everything is listed as pending.

My usual fix would be to remove the framework and reinstall via QuickAdd, but from what I've read that's no longer an option. 

I'm stumped as to how to get this laptop working again, other than a wipe and re-enrollment in the MDM.

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
_gsm
New Contributor III

Posted on ‎07-14-2022 06:26 AM

If you're running an ADE workflow then remove the framework and run :

sudo profiles renew -type enrollment
 
This should trigger a fresh enrollment. 

View solution in original post

5 REPLIES 5

Go to solution
_gsm
New Contributor III

Posted on ‎07-14-2022 06:26 AM

If you're running an ADE workflow then remove the framework and run :

sudo profiles renew -type enrollment
 
This should trigger a fresh enrollment. 

Go to solution
cgeorge
New Contributor III
In response to _gsm

Posted on ‎07-14-2022 09:00 AM

thanks, that did it!

0 Kudos

Go to solution
Tribruin
Valued Contributor II

‎07-14-2022 06:28 AM - edited ‎07-14-2022 06:29 AM

Does the computer still receive MDM commands? If so, check out the recently added API call "jamf-management-framework." It will re-push the management framework to the computer via the MDM protocol. Do be aware that this will "re-enroll" the computer in Jamf. Depending on your re-enrollment settings, your "Once Per Computer" policies will run again, along with any enrollment trigger policies.  Check out this blog post: Jamf binary self-heal with the Jamf API (modtitan.com)

If the computer is not receiving MDM commands, you will need to re-enroll the computer. If they are ADE enrolled, you can use the "sudo profiles renew -type=enrollment" command to re-start the ADE enrollment process. Again, depending on your re-enrollment settings, you will probably get policies running again. 

Go to solution
Tangentism
Contributor II

Posted on ‎07-14-2022 06:31 AM

Check on the Management page that the device is in scope for the expected policies and apps (the attached image below shows 24 policies and 50 config profiles).

Are any other devices not receiving MDM commands or is it only this one?

Is there a config profile that is pending because of an issue so is "pausing" the queue? I had one yesterday where the profile was pending because the app had no license so other CPs behind it were not being pushed out. Once it was cleared, the rest went through.

 

Screenshot 2022-07-14 at 14.25.29.png

0 Kudos

Go to solution
cgeorge
New Contributor III
In response to Tangentism

Posted on ‎07-14-2022 09:11 AM

scoping has been verified both at the policy page and the computer's Management page.
Other devices are receiving MDM commands without incident.

Profiles work fine on other machines, including ones added to our Jamf instance after this laptop. If there was a problem with a config profile, I would expect to see it pop up on other machines.

0 Kudos