Jamf Nation Community

 re-enrolling a machine isn't an ideal solution. Nuke the entire enrollement I don't know why is step 1.   

@Mcleveland @cbrewer I'm seeing this on random machines as well.  So far on an M1 Macbook Air and a new MacBook Pro Max.  They also had the renew MDM command queued up, which I didn't push.  Im going to start looking at some various machines in the fleet to double check.  I was also seeing recon timing out during the updating hardware information stage as well, which caused me to review all my extension attributes.  I only noticed that though by running the command locally on the device and then noticed after 30 min that it never completed the recon.  Not sure if the two issues are related though.  After rebooting the device the inventory went through, but management commands still are pending.

Hello, we are having this too. sudo jamf enroll -promt fix the issue, but it is hard to fix 10 or more machines like that. it would be usefull find out roots of it. anyone tried create smart group to get number of affected machines?

That's worked too. thank you. Do you have any idea how to check, how many machines we have in this state?

Have this issue too. Two machines upgraded to monterey and lost the ability to receive commands. Tried sudo jamf prompt and profile renew and neither worked. 

Hi All.

I just discovered 3 devices which this issue has occurring.  What triggered the investigation was users not being able to connect to VPN but could authenticate. Upon my initial troubleshooting with the VPN team, the Jamf record looks great.  Device is checking in, Inventory is updating but when we looked at the users Keychain on the device there were missing Certs and no profiles.
In the Pending Profiles list was a Renew MDM Cert. I did not push the Command to have MDM renew.  What I figured it was the 2year MDM renewal and something borked preventing it from renewing

I excluded the Mac from our DEP notify enrollment  workflowand asked the user to click on a Policy in Jamf  which ran the 'profiles renew -type enrollment' command.  This put everything back to normal.  I also submitted a ticket to Jamf asking why this occurs.

Would like to know HOW to prevent this.

:-)

If you are missing the MDM profile run the profiles command, when it works, it works great.  What about running commands from terminal on the Mac - jamf manage as example or check to see if the device is communicating to Jamf Pro.
Of the 3 machines I mentioned, two would not response to the:

sudo profiles renew -type enrollment

We had to enroll two of the three using User Initiated Enrollment which means the device loses some Management commands.  Jamf Support are still investigating as to why this happened.  Terminal would accept the command but nothing happened. 

I re-enrolled using that command. Re-enrollment went through fine. Still not accepting remote commands.

Sometimes a corrupt profile can cause a back log. Can you remove one profile at a time and see what happens?  

Throwing out ideas right now:

Jamf Binary look at: 

flushCaches Flush cache files for the system and/or users

manage Enforces the entire management framework from the JSS

renewDeviceCert Renews the existing management framework device certificate

At this point what do you have to loose. 

  In the end we re enrolled via the URL. It worked and we can move on. Jamf Support can tell me why we lost MDM Profiles on our devices.