I have a situation that I haven't run into before. A few weeks ago I started noticing that recon was not running on a portion of my devices. They were still checking in, but they weren't running most policies. Further investigation showed that only policies called via a custom trigger were executing; any that were called on a frequency basis were not. Recon is a frequency based policy, so this makes sense.
I got hold of a couple of the devices and it appears that a .pkg install hung on these devices partially through the installation process. The installer is hanging out in the background, happily working on what appears to be an infinitely long install. The jamf logs on these devices show ongoing messages (roughly paraphrased here) that "The management framework will be applied after all policies have completed installing"
If the user attempts to reboot, the GUI for the installer pops up and shoots a message that the computer cannot be restarted while the installer is running. If I run a ps -acx terminal command the installer does not show up as a running process.
I can remediate this issue by forcing a shutdown on the device. Once the installer has been interrupted policies continue as they should.
I am trying to figure a way to remedy this without locating all of these devices and manually rebooting them. I could probably kill most of them using ARD, but I would prefer to kill the installer rather than the device.
I saw this on one computer. Forced a reboot and that resolved the issue. And I was dealing with JAMF Support on another issue and mentioned it to the support staff. I'll link him to this thread. And I would encourage you to get in touch with your JAMF Buddy because that's quite a serious problem to be effecting that many computers.