MDM Capability No

billystanton
New Contributor II

Hi Guys,

We have noticed an issue this PM which shows our MDM Capability as "No" after imaging or enrolling via the URL.

Does anybody know what I can check to see what might be causing this?

2 Machines have the same problem now.

Thanks!

EDIT 23/03/16 14:00PM GMT - It seems from comments below that this is an Apple issue, multiple users have reported this to Apple. JAMF have also had multiple reports.

EDIT 24/03/16 11:30AM GMT - Fixed.

1 ACCEPTED SOLUTION

CypherCookie
Contributor

Just check this morning and APN is back up and new Mac's are getting the config profile!

View solution in original post

110 REPLIES 110

bwiessner
Contributor II

Same issue here - no matter what I do

As of yesterday computer I imaged with PreStage imaging it worked - -today all computers (3) I have imaged have come back as MDM Capability:NO
removedFrameWork and re-enrolled with quick add- removed MDM and re-pushed mdm - nothing works

Talked to support and they have others with the same issue - and are working will Apple to resolve.

davidacland
Honored Contributor II
Honored Contributor II

The usual culprits are:

  • Expired push cert
  • Expired or problematic tomcat cert
  • Blocked ports from the server to Apple, or the client devices to Apple
  • Issue with one of the MySQL tables (only had this once)
  • Something else

I haven't personally seen this caused from a client but there's always a first time.

golbiga
Contributor III
Contributor III

I'm seeing the same thing and so are others. If you go to your database and do the following,

use jamfsoftware;
select computer_name, computer_id, apn_token from computers;

You should see something like this

|computername        |         105 |                                                                         
|computername        |         106 |

It doesn't look like the JSS is receiving the apn token from the MacBook affected. Also if you run https://itunes.apple.com/us/app/push-diagnostics/id689859502?mt=12 on that machine it should fail. I haven't found a workaround yet, but there are issues with DEP today so I'm wondering if this is related.

Allen

crichards
New Contributor

We're currently experiencing this same issue with newly enrolled devices. We've done multiple re-enrollements and the typical troubleshooting. Reaching out to our TAM to see if it is an issue with Apple.

billystanton
New Contributor II

ah, so this is a global issue rather than just us?

millersc
Valued Contributor

This looks like an Apple issue, but the status pages has not been updated to reflect an issue. http://www.apple.com/support/systemstatus/
https://developer.apple.com/system-status/

bvrooman
Valued Contributor

At the risk of being a "me too" guy, I'm seeing this as well. I'm somewhat glad that it's just just our network, though; I was about to yell at someone for messing with firewall rules without talking to me first. :)

bvrooman
Valued Contributor

Just talked to JAMF support. They've been seeing it all day and are working with Apple to get things restored. No ETR yet, but they believe it's an infrastructure issue.

jacopo_pulici
Contributor

I'm having the same issue.
Thanks @bvrooman for your feedback.

ant89
Contributor

Same issue here. New imaged via casper imaging and URL enrollment on a brand new machine did not work. Both laptops are not MDM capable. I called JAMF support, they have not yet gotten back to me. Just noticed this today. The mdm profile shows up in profile but doesnt do anything. Our configuration profiles dont work now.

ryanstayloradob
Contributor

We started seeing this issue as well this afternoon. Thought it was our SSL cert. Glad it's not! We haven't touched anything on our JSS for months!

msnowdon
Contributor

Count me in. One of my techs noticed this same behavior today as well. Thought my network admin changed something in the firewall because he just started blocking IOS updates to 9.3.

tim_c_arnold
New Contributor

Same issue here. I am not able to push any configuration profiles.

When I run the push diagnostics tool above - I get a cryptic error saying "The push network. Run tests to see more information." I re-run the tests, but I only get that same error message. Attaching screenshot:c260b8c384fe4480862988551637b4eb

ant89
Contributor

I hope they fix this asap. i need to encrypt some machines, now it does not give me the option to store the key in JSS.

donmontalvo
Esteemed Contributor III

Working here in SoCal...

afbe08bdb91c45269e26fd84cca37b13

--
https://donmontalvo.com

ryanstayloradob
Contributor

Maybe Apple fixed it. I'll check in the morning.

jhbush
Valued Contributor II

@ryanstayloradobe so far it still seems broken as recently imaged machines are not getting a APNS token.

gskibum
Contributor III

Still not working for me. I noticed it about 6 hours ago.

gskibum
Contributor III

Expired certs breaking Mac App Store apps, a security update that blacklisted Apple's own ethernet drivers, and now this.

Just sayin'.

billystanton
New Contributor II

Anybody UK side tested this yet??

andysemak
Contributor

Not working here in UK.

Getting the same error in Push Diagnostics as @tim.c.arnold

andysemak
Contributor

Logged ticket with Apple and referenced this thread

billystanton
New Contributor II

I've just tested and still down.

What does this mean? I have 5 machines to enrol that I can't enrol as the machines won't go out with the correct security settings etc.

Does anybody have a link I can use to also raise a case with apple?

gskibum
Contributor III

@billystanton

I was able to enroll via URL. Then download the config profiles from the JSS, then copy them to the Mac for manual installation.

kcgarner
New Contributor II

Seeing same issue here. New enrolled systems, MDM Capability No and can not get out using "Push Diagnostics". I can get out using "Push Diagnostics" on systems that were enrolled before yesterday

billystanton
New Contributor II

@gskibum Apologies, How do you do that manually?

Cheers

Bill

skeb1ns
Contributor

raises hand, not working here (located in the Netherlands)

alexm
New Contributor

Not working for me either..
I am in London, JSS is in Boston.

ooshnoo
Valued Contributor

opened a ticket yesterday with Jamf about this. They said they had received multiple reports.

CypherCookie
Contributor

So "me too!" Just been confirmed by JAMF that multiple people are reporting this issue. Although no sign of Apple updating their system status.

ooshnoo
Valued Contributor

I've now opened a ticket with Apple enterprise support, and referenced this tread.

TBathe
New Contributor II

Still not working in NYC. I'm assuming once its resolved, we won't need to reimage the machines, and the config profiles will come down automatically?

dgreening
Valued Contributor II

I am seeing this on a few machines here in Boston (and around the globe in our other offices), but some of the machines imaged in the last day or so do have MDM compatibility set to "Yes" (wish we could report on that!!) and have their config profiles.

billystanton
New Contributor II

As @gskibum mentioned above, I have been imaging and enrolling, then logging into the JSS on the users's laptop using my JSS account and then manually downloading config profiles and installing.

I would assume that MDM will switch to yes automatically, and if not, it would be a case of un-enrolling and then re-enrolling to get it all syncing again.

msnowdon
Contributor

@billystanton , How do you manually install config profiles? I'm drawing a blank.

Thanks

Mark

msnowdon
Contributor

@billystanton , Never mind. I just saw the download button on the profiles.

billystanton
New Contributor II

@msnowdon I went onto the users machine that is freshly enrolled and then went to "jss.url" logged into my normal JSS account

  • Config profiles
  • Go into a Profile you wish to download
  • Download button at the bottom of the page

This downloads the .config file to the users machine, and can then be installed manually using admin credentials

This is how I am doing it so I can give machines out to new users with security settings applied, I will then re - enrol once these issues are resolved.

tim_c_arnold
New Contributor

@billystanton and @msnowdon I would not recommend manually installing Config Profiles for your production computers. If it isn't installed by the MDM, then the MDM cannot manage it ( E.g. not removed, updated, or deleted).

donmontalvo
Esteemed Contributor III

@jhbush1973 wrote:

@ryanstayloradobe so far it still seems broken as recently imaged machines are not getting a APNS token.

My apologies, when I responded last night I meant the tool was reporting the issue was not effecting us.

I got an early call that this is indeed effecting our ability to enroll Macs.

Opening a ticket with Apple to get their acknowledgement and ETA for resolution.

Don

--
https://donmontalvo.com