Help

Pending Configuration Profiles on live devices

SMR1
Contributor III

Posted on ‎08-26-2024 11:48 AM

We deployed the new cisco secure client last week along with the new configuration profile. The profile installed on 341 devices and is pending on 54 devices. I spot checked some of the devices and they're online and checking in correctly, but the profile isn't installing and causing issues when trying to use the VPN. Any ideas other then restarting. These Mac's are currently running Sonoma.

0 Kudos
Reply
9 REPLIES 9

sdagley
Esteemed Contributor II

Posted on ‎08-26-2024 12:26 PM

@SMR1 Are there any other Pending Commands showing for those Macs? Have they been restarted since the profile was enabled? And if the profile is targeted at User Level is a user logged in on those Macs?

0 Kudos
Reply

AJPinto
Honored Contributor III

Posted on ‎08-26-2024 01:07 PM

Just because a device is checking in does not mean there is not a communication issue. Get Jamf Environment Test or the Mac Evaluation Utility on one of those devices and run it, see if anything between Apple is being blocked that is related to device management or configuration profiles.

 

Jamf Environment Test | App Directory

Mac Evaluation Utility - can't link directly, but it's one of the Apple Seed for IT downloads.

 

 

 

0 Kudos
Reply

SMR1
Contributor III

Posted on ‎08-26-2024 01:19 PM

For these 2 devices, the VPN software updated this morning correctly, but didn't install the config profile. I did check the pending commands suggested by @sdagley and both have pending commands. We deployed another update last week on the 20th that has a config profile and it's still showing pending, but the update policy did work.

0 Kudos
Reply

AJPinto
Honored Contributor III
In response to SMR1

Posted on ‎08-26-2024 02:55 PM

Things like Policies use Jamf Framework, this uses different network hosts and ports than Apples MDM framework which MDM commands (like installing configuration profiles, or software updates) use. Since you are dealing with a VPN Client, and issues after installing it I am figuring something is being blocked of TLS redirection for Apples MDM framework hosts.

0 Kudos
Reply

SMR1
Contributor III

Posted on ‎08-26-2024 02:58 PM

@AJPinto I didn't know that about the policies and config profiles. I'm going to work with one of the users tomorrow.

0 Kudos
Reply

SMR1
Contributor III

Posted on ‎08-29-2024 02:19 PM

I had user run the environment test and they provided me the report. Is there a specific section I should be checking? I ran it my device and it's pretty much identical and I don't have any issues with getting config profiles.

0 Kudos
Reply

SMR1
Contributor III

Posted on ‎08-30-2024 10:35 AM

After digging around, I noticed that there MDM profile is showing expired. It matches the date of the last completed command.

0 Kudos
Reply

AlexChavdarov
New Contributor
In response to SMR1

Posted on ‎09-04-2024 02:33 AM

You'll need to re-enroll these devices. I have the same situatuon in our Company. I have 13 devices with expired MDM profile and coudn't find any other fix than manually remove the MDM profile and re-enroll it again.

0 Kudos
Reply

SMR1
Contributor III
In response to AlexChavdarov

Posted on ‎09-04-2024 06:13 AM

Does running this command not do anything?

sudo profiles renew -type enrollment'

0 Kudos
Reply