Jamf Nation Community

michael_schwarz · ‎10-11-2023

Hello all,
I noticed today that I can no longer send MDM commands to a specific device. These commands are always only on the status "Pending". When I took a closer look, I found out that the MDM profile has already expired a few weeks ago. How can something like this happen? These actually renew themselves 180 days before expiration. Am I wrong? I built a search query for it and saw that this happened to a total of 10 devices. Do any of you have a tip on how I can recapture these devices? I tried a "sudo profiles renew -type enrollment" but this had no success unfortunately. An error 500 came back.

jtrant · ‎10-11-2023

A few things to check:

Have you renewed the Jamf Pro built-in CA: https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/PKI_Certificates.html
If so, is MDM renewal enabled for computers/mobile devices under Settings > Global > MDM Profile Settings?
Is the renewal MDM command actually reaching the device and being processed? If not, what is the error?

michael_schwarz · ‎10-11-2023

I have not touched the CA.
MDM Renewal is activated and works without problems on the 250 other computers.
I cannot send the MDM command, it remains permanently in the "Pending" status and does not reach the device.

jtrant · ‎10-11-2023

When is the CA set to expire? If it's happening soon, it will need to be renewed before you can renew the MDM profile on devices.

Suggest you contact Jamf Support at this point.

alpaul · Thursday

This is a known Jamf Platform limitation - while iOS/iPadOS devices renew MDM profiles automatically, macOS devices often require manual intervention.

To resolve:

Immediate Fix:
- For affected Macs: Run sudo profiles renew -type enrollment remotely via Jamf (or ask users to execute).
- If that fails, re-enroll with:
```
sudo jamf removeMDMProfile && sudo jamf enroll
```
Prevention:
- Create a Smart Group for "MDM Profile Expiring in <60 Days" (Jamf Pro > Computers > Smart Groups)
- Send MDM renewal remote commands to this group.

Jamf Nation Community

Multiple MDM Profiles Expired"