Magic happens / Mac enrolled, but no profiles installed

Captainamerica
Contributor II

First I had one mac with the issue - now few days later see a new mac with issue

The mac overall works fine, I can run all jamf commands, self service etc - I can see in the backend everything is fine, and machine is checking in, inventory - all fine

But when I go to system preferences, I have no "profiles" - I can open profiles through search, but it is just empty, no profiles AT ALL - and yes- jamf is still working ?!

I tried an sudo profiles renew -type enrollment - nothing happens, no error no info - nothing

Has anyone seen something similiar ? - Is is 12.5.1 monterey devices btw

9 REPLIES 9

SCCM
Contributor III

Not seen this on our envionment with 12.5.1. Whats jamf showing in management > management commands and management >configuration profiles ?

Does it think its installed the profiles, or are they in a pending / failed state?

Captainamerica
Contributor II

When I do a check on profiles through terminal command on the computer it rapports nothing is installed - just as profiles GUI shows. And yes - it shows all profiles in the backend, just as other computers have assigned. And even there was no profiles in scope, how can the MDM profile not exist, but mac is still acting as enrolled ?!

  

SCCM
Contributor III

in your jamf instance if you go to computers > configuration profiles and search one of the profiles which should be applied and check the logs can you find your machine in thee and check the status? also what are you soping them profiles too? "all computers" , "enrollment complete" or some other group? and is the machine appearing in that? try sending a blank push to the machine as well

 

Also confirm your push cert hasnt expired settings > global management > Push Certificates

jwojda
Valued Contributor II

I've been seeing similar issues, profiles are on the machine, the setup wizard shows the DEP enrollment and the local management accounts are created, but self service is missing.  If I open terminal and type sudo jamf recon and I get a device signature error.  

Only way I've found around it is to issue the remove MDM command from JamfPro, wait till the profiles are off the device (usually just a minute or two) and then manually re-enroll it.  

I've seen this on net new out of the box machines and re-imaged machines with no real rhyme or reason.

 

echave
New Contributor III

I can confirm seeing similar behavior as OP and @jwojda. I just onboarded 220 new M1 Airs and about 40 recovered/erased/installed M1s from previous students. FWIW, It only happened once this year and once last year, again with similar numbers. It's so anomalous and infrequent that it's kinda jarring when you spot it.

Captainamerica
Contributor II

This mac has been running since february this year - so it is not a new install.
I can do out blank push and push certificate is first expiring in 1 year. 

As workarround I had to re-enroll the machine, so it works again - but think I soon will see a new mac with this behavior 

SCCM
Contributor III

Do policies work on these machines? Try creating a policy that runs "sudo jamf manage".  As far as i know config profiles are installed via mdm, were as software installs like self service are done by the jamf binary. OP didnt say the binary was missing on the machines just config profiles not installing. I ve seen machines take a while to install the binary. You can normally force it by putting the device in airplane mode, and back out again (if you have vpp setup, and selfservice set to install automatically).

coreyammons
New Contributor II

I have seen this on M1 macs if you did not first install rosetta

sudo softwareupdate --install-rosetta

batterprizeye
New Contributor

The only workaround I've found is to manually re-enroll the device after issuing the uninstall MDM command from JamfPro, waiting until the profiles are removed (typically only a minute or two), and then doing so.