Macs stop reporting back to JAMF

danielgrm
New Contributor III

I have an odd issue. Lots of our macs here have stopped reporting back to JAMF. I know they are still reachable though. For example i took some mac and placed a firmware lock on them and it went through. The macs had not reported back in over 3 months so i thought they were gone.

Has anyone run into this before. I talked with someone from JAMF and they had me take a re-enrollment package, create a Daemon to install on the machine and run that way. So it would check to see if Jamf was running and reinstall it. It seemed to make the issue worse. Anyone have any thoughts, other than manually re-enrolling? Any good way of checking with machines might still be active?

6 REPLIES 6

larry_barrett
Valued Contributor

We run a daily policy to update inventory. Are you doing anything like this? (see images)

2b013a3e1f11484e9857b2e3d4b5d2fe
27980544d5a242ff917768f71fed83e0

danielgrm
New Contributor III

OK when i worked with the Jamf resource they told me that didn't help. They just say havn't reported back in X number of days. I will try that now and see how it works.

jared_f
Valued Contributor

To identify what computers aren't responding, I would use either a smart or advanced computer search using the operators "Last Inventory Update" and/or "Last Check-in".

Sometimes devices with lots of failed and/or pending commands will stop updating inventory. I would do a mass action on that smart group of devices clearing those and then another sending the update inventory command.

af2143bccf8c473283632c9f82bc208f

danielgrm
New Contributor III

@jared_f Thank you!! I never knew that.

tlarkin
Honored Contributor

macOS devices will use the jamf binary to check in and submit inventory (see jamf help and jamf recon) which is "split brained," from the MDM management piece. So, you might be able to send remote commands via MDM, but the client agent/binary is not checking in.

There are a few reasons this can happen (in my experience)
1 - The jamf agent/binary and/or macOS is in a weird state and a reboot sometimes fixes it
2 - The certificate the jamf uses to securely authenticate to the application is no longer valid for some reason and you need to re-enroll the device

To test problem 2 you can run sudo jamf policy in terminal and if you see a Device Signature Error then you must re-enroll because your client cert is bad, corrupted or missing.

mgrier885
New Contributor

Has your APN expired?