We have 100 MacBooks that we manage with On-Prem Jamf Pro. We have seven (7) different VPN servers that our users can choose from to connect to the company's network. Jamf is working normally on all machines EXCEPT for the MacBooks connected to our NY VPN server. For the 5 people on the NY VPN server, they all have Pending Management Commands stuck for weeks, maybe months. I clear them out, but they come back and go Pending indefinitely again. Even the built-in commands (like InstalledApplicationList, SecurityInfo, ContentCachingInformation, ContentCachingInformation, CertificateList) are stuck Pending as well. I cannot send any Configuration Profile to any of these machines on the NY VPN. But the same Config Profiles work everywhere else. I don't think that re-enrolling them in Jamf is an option since they are all working from home and also because the "Allow MDM Profile Removal" was not checked in the PreStage Enrollment.
I'm thinking maybe the NY VPN server is blocking some necessary port? Does anyone know how I can troubleshoot this? I not only need to fix the 5 MacBooks, but I really need to fix the cause of the problem so it doesn't happen to anyone else. Thanks in advance.
Solved! Go to Solution.
Jamf told us it is a bug. PI108400
We created an Extension Attribute and used it in a Smart Group to identify which computers are having the bug. We had 8 computers out of 100 with the issue.
result=$(log show --style compact --predicate '(process CONTAINS "mdmclient")' --last 1d | grep "Unable to create MDM identity")
if [[ $result == '' ]]
echo "<result>MDM is communicating</result>"
echo "<result>MDM is broken</result>"