Jamf Nation Community

The usual culprits are:

• Expired push cert
• Expired or problematic tomcat cert
• Blocked ports from the server to Apple, or the client devices to Apple
• Issue with one of the MySQL tables (only had this once)
• Something else

I haven't personally seen this caused from a client but there's always a first time.

I'm seeing the same thing and so are others. If you go to your database and do the following,

use jamfsoftware;
select computer_name, computer_id, apn_token from computers;

You should see something like this

|computername        |         105 |                                                                         
|computername        |         106 |

It doesn't look like the JSS is receiving the apn token from the MacBook affected. Also if you run https://itunes.apple.com/us/app/push-diagnostics/id689859502?mt=12 on that machine it should fail. I haven't found a workaround yet, but there are issues with DEP today so I'm wondering if this is related.

Allen

We're currently experiencing this same issue with newly enrolled devices. We've done multiple re-enrollements and the typical troubleshooting. Reaching out to our TAM to see if it is an issue with Apple.

ah, so this is a global issue rather than just us?

This looks like an Apple issue, but the status pages has not been updated to reflect an issue. http://www.apple.com/support/systemstatus/
https://developer.apple.com/system-status/

At the risk of being a "me too" guy, I'm seeing this as well. I'm somewhat glad that it's just just our network, though; I was about to yell at someone for messing with firewall rules without talking to me first. :)

Just talked to JAMF support. They've been seeing it all day and are working with Apple to get things restored. No ETR yet, but they believe it's an infrastructure issue.

I'm having the same issue.
Thanks @bvrooman for your feedback.

Same issue here. New imaged via casper imaging and URL enrollment on a brand new machine did not work. Both laptops are not MDM capable. I called JAMF support, they have not yet gotten back to me. Just noticed this today. The mdm profile shows up in profile but doesnt do anything. Our configuration profiles dont work now.

We started seeing this issue as well this afternoon. Thought it was our SSL cert. Glad it's not! We haven't touched anything on our JSS for months!

Count me in. One of my techs noticed this same behavior today as well. Thought my network admin changed something in the firewall because he just started blocking IOS updates to 9.3.

Same issue here. I am not able to push any configuration profiles.

When I run the push diagnostics tool above - I get a cryptic error saying "The push network. Run tests to see more information." I re-run the tests, but I only get that same error message. Attaching screenshot:

I hope they fix this asap. i need to encrypt some machines, now it does not give me the option to store the key in JSS.

Working here in SoCal...

Maybe Apple fixed it. I'll check in the morning.

@ryanstayloradobe so far it still seems broken as recently imaged machines are not getting a APNS token.

Still not working for me. I noticed it about 6 hours ago.

Expired certs breaking Mac App Store apps, a security update that blacklisted Apple's own ethernet drivers, and now this.

Just sayin'.

Anybody UK side tested this yet??

Not working here in UK.

Getting the same error in Push Diagnostics as @tim.c.arnold

Logged ticket with Apple and referenced this thread

I've just tested and still down.

What does this mean? I have 5 machines to enrol that I can't enrol as the machines won't go out with the correct security settings etc.

Does anybody have a link I can use to also raise a case with apple?

@billystanton

I was able to enroll via URL. Then download the config profiles from the JSS, then copy them to the Mac for manual installation.

Seeing same issue here. New enrolled systems, MDM Capability No and can not get out using "Push Diagnostics". I can get out using "Push Diagnostics" on systems that were enrolled before yesterday

@gskibum Apologies, How do you do that manually?

Cheers

Bill

raises hand, not working here (located in the Netherlands)

Not working for me either..
I am in London, JSS is in Boston.

opened a ticket yesterday with Jamf about this. They said they had received multiple reports.

So "me too!" Just been confirmed by JAMF that multiple people are reporting this issue. Although no sign of Apple updating their system status.

I've now opened a ticket with Apple enterprise support, and referenced this tread.

Still not working in NYC. I'm assuming once its resolved, we won't need to reimage the machines, and the config profiles will come down automatically?

I am seeing this on a few machines here in Boston (and around the globe in our other offices), but some of the machines imaged in the last day or so do have MDM compatibility set to "Yes" (wish we could report on that!!) and have their config profiles.

As @gskibum mentioned above, I have been imaging and enrolling, then logging into the JSS on the users's laptop using my JSS account and then manually downloading config profiles and installing.

I would assume that MDM will switch to yes automatically, and if not, it would be a case of un-enrolling and then re-enrolling to get it all syncing again.

@billystanton , How do you manually install config profiles? I'm drawing a blank.

Thanks

Mark

@billystanton , Never mind. I just saw the download button on the profiles.

@msnowdon I went onto the users machine that is freshly enrolled and then went to "jss.url" logged into my normal JSS account

• Config profiles
• Go into a Profile you wish to download
• Download button at the bottom of the page

This downloads the .config file to the users machine, and can then be installed manually using admin credentials

This is how I am doing it so I can give machines out to new users with security settings applied, I will then re - enrol once these issues are resolved.

@billystanton and @msnowdon I would not recommend manually installing Config Profiles for your production computers. If it isn't installed by the MDM, then the MDM cannot manage it ( E.g. not removed, updated, or deleted).

@jhbush1973 wrote:

@ryanstayloradobe so far it still seems broken as recently imaged machines are not getting a APNS token.

My apologies, when I responded last night I meant the tool was reporting the issue was not effecting us.

I got an early call that this is indeed effecting our ability to enroll Macs.

Opening a ticket with Apple to get their acknowledgement and ETA for resolution.

Don