Management Commands not working

Andixon
Contributor

Hi,

for some time now the Management Commands on my Jamf Pro instance have not been working. They are staying on the "Pending" status. This also affects the installation of Mac Apps (the ones with the VPP licenses). As far as I can tell all of my devices are affected? Is there anything I can do about this?

Kind regards

1 ACCEPTED SOLUTION

Andixon
Contributor

Thank you for your help everyone! I figured it out working with the Jamf support. The solution was that there were duplicate Configuration Profile Entries in the Database. Here is how to solve it:

Check if you have those duplicates with the following MySQL Command:

SELECT COUNT(uuid) AS 'dupes', uuid FROM complex_payload_sub_payloads GROUP BY uuid HAVING COUNT(uuid) > 1;

If you have them continue like this:

1. Create a database backup for security

2. Stop Tomcat

3. Remove duplicates with 

DELETE c1 FROM complex_payload_sub_payloads c1 INNER JOIN complex_payload_sub_payloads c2 WHERE c1.id > c2.id AND c1.uuid = c2.uuid;

4. Check if duplicates are gone:

SELECT COUNT(uuid) AS 'dupes', uuid FROM complex_payload_sub_payloads GROUP BY uuid HAVING COUNT(uuid) > 1;

5. Start Tomcat

View solution in original post

11 REPLIES 11

Lasse
Contributor

Expired APNS certificate or APNS renewed with different Apple ID could lead to this.

Thank you for your reply. No, the APNS Cert was renewed in January and it worked fine until about two weeks ago when it suddenly stopped. So this should not be the issue.

Tangentism
Contributor III

As @Lasse says it could be down to an expired APNS cert but Ive seen the database get stacked with push commands and theres a couple of things you can try before renewing the cert:

If you have the 'Software Update' feature turned on, then turn it off and you will see a message about flushing x amount of commands. Confirm and click through then re-enable it. If you dont have it enabled then enable it, click through the confirmation then disable it and return to 'Mass Action' style commands.

If its a couple of devices that are not picking up commands then you can boot them into recovery mode, unlock with the recovery key then reboot them. I'm currently working on a migration project where we are remotely wiping the devices but that command can sit in the queue for ages so when we do this, it jolts it back to life!

If neither work then look at renewing the APNS certificate.

Thank you for your response. I do not have the Software Update feature enabled. 

As far as I can tell all Devices are affected, even if I install new ones they can not install Mac Apps (that is the main problem).

As I wrote in a different answer the APNS cert was renewed in january and the problems started about two weeks ago, so this should not be related. Or do you think renewing the APNS cert could fix things anyway? Can this connection break without any indication that it did?

Lasse
Contributor

As @Tangentism mentions, updates might be the cause. If that is the case, consider setting up a Mac mini doing content caching for the most used physical locations, or each school. This would ease the load and make th updates faster, using local network traffic more, external less.

I will look into that, thanks. But can that really be the reason that the commands are now never working? regardless of location or time?

If happening on all networks, it seems like @Tangentisms mention might be on point, try clearing all pending commands.

AJPinto
Honored Contributor III

If your APNS certificate is good (seriously, check that first), make sure all the required network traffic for Jamf and Managed Apple Devices is allowed and bypassed around any TLS filters.

I will check that. Is there a list somewhere of everything that needs to be available? 

Also I checked the APNS cert and used the test button and that displays that the connection could be established.

patrickj
New Contributor III

This article from Apple will help you with determining what hosts and ports need to be accessible. 

https://support.apple.com/en-us/101555

Andixon
Contributor

Thank you for your help everyone! I figured it out working with the Jamf support. The solution was that there were duplicate Configuration Profile Entries in the Database. Here is how to solve it:

Check if you have those duplicates with the following MySQL Command:

SELECT COUNT(uuid) AS 'dupes', uuid FROM complex_payload_sub_payloads GROUP BY uuid HAVING COUNT(uuid) > 1;

If you have them continue like this:

1. Create a database backup for security

2. Stop Tomcat

3. Remove duplicates with 

DELETE c1 FROM complex_payload_sub_payloads c1 INNER JOIN complex_payload_sub_payloads c2 WHERE c1.id > c2.id AND c1.uuid = c2.uuid;

4. Check if duplicates are gone:

SELECT COUNT(uuid) AS 'dupes', uuid FROM complex_payload_sub_payloads GROUP BY uuid HAVING COUNT(uuid) > 1;

5. Start Tomcat