Management Commands Pending but only for computers on a particular VPN

HeyWhosTheMacGu
New Contributor II

We have 100 MacBooks that we manage with On-Prem Jamf Pro.   We have seven (7) different VPN servers that our users can choose from to connect to the company's network.  Jamf is working normally on all machines EXCEPT for the MacBooks connected to our NY VPN server.  For the 5 people on the NY VPN server, they all have Pending Management Commands stuck for weeks, maybe months.  I clear them out, but they come back and go Pending indefinitely again.  Even the built-in commands (like InstalledApplicationList, SecurityInfo, ContentCachingInformation, ContentCachingInformation, CertificateList) are stuck Pending as well.  I cannot send any Configuration Profile to any of these machines on the NY VPN.  But the same Config Profiles work everywhere else.  I don't think that re-enrolling them in Jamf is an option since they are all working from home and also because the "Allow MDM Profile Removal" was not checked in the PreStage Enrollment. 

I'm thinking maybe the NY VPN server is blocking some necessary port?  Does anyone know how I can troubleshoot this?  I not only need to fix the 5 MacBooks, but I really need to fix the cause of the problem so it doesn't happen to anyone else.  Thanks in advance. 

1 ACCEPTED SOLUTION

iGuessRo
New Contributor II

Give this a try on the VPN network youre troubleshooting.

https://twocanoes.com/products/mac/push-diagnostics/

 

View solution in original post

5 REPLIES 5

iGuessRo
New Contributor II

Give this a try on the VPN network youre troubleshooting.

https://twocanoes.com/products/mac/push-diagnostics/

 

Thanks! This revealed the issue!!! Thank you very much!

bkuhl
New Contributor II

What turned out to be the issue? I'm looking at a similar problem.

HeyWhosTheMacGu
New Contributor II

Jamf told us it is a bug.  PI108400
We created an Extension Attribute and used it in a Smart Group to identify which computers are having the bug.   We had 8 computers out of 100 with the issue.  

Extension Attribute:

#!/bin/bash

result=$(log show --style compact --predicate '(process CONTAINS "mdmclient")' --last 1d | grep "Unable to create MDM identity")

if [[ $result == '' ]]

then

echo "<result>MDM is communicating</result>"

else

echo "<result>MDM is broken</result>"

fi

We are running into this issue now.  Thanks for the EA.  What exactly are yall doing to resolve the issue?  Can anything be done to prevent it?