Help

Management Commands not working

Go to solution
Andixon
Contributor

Posted on ‎06-16-2024 11:41 PM

Hi,

for some time now the Management Commands on my Jamf Pro instance have not been working. They are staying on the "Pending" status. This also affects the installation of Mac Apps (the ones with the VPP licenses). As far as I can tell all of my devices are affected? Is there anything I can do about this?

Kind regards

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
Andixon
Contributor

Posted on ‎06-18-2024 10:15 PM

Thank you for your help everyone! I figured it out working with the Jamf support. The solution was that there were duplicate Configuration Profile Entries in the Database. Here is how to solve it:

Check if you have those duplicates with the following MySQL Command:

SELECT COUNT(uuid) AS 'dupes', uuid FROM complex_payload_sub_payloads GROUP BY uuid HAVING COUNT(uuid) > 1;

If you have them continue like this:

1. Create a database backup for security

2. Stop Tomcat

3. Remove duplicates with 

DELETE c1 FROM complex_payload_sub_payloads c1 INNER JOIN complex_payload_sub_payloads c2 WHERE c1.id > c2.id AND c1.uuid = c2.uuid;

4. Check if duplicates are gone:

SELECT COUNT(uuid) AS 'dupes', uuid FROM complex_payload_sub_payloads GROUP BY uuid HAVING COUNT(uuid) > 1;

5. Start Tomcat

View solution in original post

0 Kudos
Reply
11 REPLIES 11

Go to solution
Lasse
Contributor II

Posted on ‎06-17-2024 12:42 AM

Expired APNS certificate or APNS renewed with different Apple ID could lead to this.

0 Kudos
Reply

Go to solution
Andixon
Contributor
In response to Lasse

Posted on ‎06-17-2024 10:27 PM

Thank you for your reply. No, the APNS Cert was renewed in January and it worked fine until about two weeks ago when it suddenly stopped. So this should not be the issue.

0 Kudos
Reply

Go to solution
Tangentism
Contributor III

Posted on ‎06-17-2024 02:01 AM

As @Lasse says it could be down to an expired APNS cert but Ive seen the database get stacked with push commands and theres a couple of things you can try before renewing the cert:

If you have the 'Software Update' feature turned on, then turn it off and you will see a message about flushing x amount of commands. Confirm and click through then re-enable it. If you dont have it enabled then enable it, click through the confirmation then disable it and return to 'Mass Action' style commands.

If its a couple of devices that are not picking up commands then you can boot them into recovery mode, unlock with the recovery key then reboot them. I'm currently working on a migration project where we are remotely wiping the devices but that command can sit in the queue for ages so when we do this, it jolts it back to life!

If neither work then look at renewing the APNS certificate.

Reply

Go to solution
Andixon
Contributor
In response to Tangentism

Posted on ‎06-17-2024 10:38 PM

Thank you for your response. I do not have the Software Update feature enabled. 

As far as I can tell all Devices are affected, even if I install new ones they can not install Mac Apps (that is the main problem).

As I wrote in a different answer the APNS cert was renewed in january and the problems started about two weeks ago, so this should not be related. Or do you think renewing the APNS cert could fix things anyway? Can this connection break without any indication that it did?

0 Kudos
Reply

Go to solution
Lasse
Contributor II

‎06-17-2024 04:54 AM - edited ‎06-17-2024 05:35 AM

As @Tangentism mentions, updates might be the cause. If that is the case, consider setting up a Mac mini doing content caching for the most used physical locations, or each school. This would ease the load and make th updates faster, using local network traffic more, external less.

0 Kudos
Reply

Go to solution
Andixon
Contributor
In response to Lasse

Posted on ‎06-17-2024 11:26 PM

I will look into that, thanks. But can that really be the reason that the commands are now never working? regardless of location or time?

0 Kudos
Reply

Go to solution
Lasse
Contributor II
In response to Andixon

Posted on ‎06-18-2024 01:58 AM

If happening on all networks, it seems like @Tangentisms mention might be on point, try clearing all pending commands.

0 Kudos
Reply

Go to solution
AJPinto
Honored Contributor III

Posted on ‎06-17-2024 05:45 AM

If your APNS certificate is good (seriously, check that first), make sure all the required network traffic for Jamf and Managed Apple Devices is allowed and bypassed around any TLS filters.

0 Kudos
Reply

Go to solution
Andixon
Contributor
In response to AJPinto

‎06-17-2024 11:24 PM - edited ‎06-17-2024 11:29 PM

I will check that. Is there a list somewhere of everything that needs to be available? 

Also I checked the APNS cert and used the test button and that displays that the connection could be established.

0 Kudos
Reply

Go to solution
patrickj
New Contributor III
In response to Andixon

Posted on ‎06-18-2024 07:16 AM

This article from Apple will help you with determining what hosts and ports need to be accessible. 

https://support.apple.com/en-us/101555

0 Kudos
Reply

Go to solution
Andixon
Contributor

Posted on ‎06-18-2024 10:15 PM

Thank you for your help everyone! I figured it out working with the Jamf support. The solution was that there were duplicate Configuration Profile Entries in the Database. Here is how to solve it:

Check if you have those duplicates with the following MySQL Command:

SELECT COUNT(uuid) AS 'dupes', uuid FROM complex_payload_sub_payloads GROUP BY uuid HAVING COUNT(uuid) > 1;

If you have them continue like this:

1. Create a database backup for security

2. Stop Tomcat

3. Remove duplicates with 

DELETE c1 FROM complex_payload_sub_payloads c1 INNER JOIN complex_payload_sub_payloads c2 WHERE c1.id > c2.id AND c1.uuid = c2.uuid;

4. Check if duplicates are gone:

SELECT COUNT(uuid) AS 'dupes', uuid FROM complex_payload_sub_payloads GROUP BY uuid HAVING COUNT(uuid) > 1;

5. Start Tomcat

0 Kudos
Reply