Help

Policies at "Enrollment Complete" not deploying

corpffhelpdesk2
New Contributor II

Posted on ‎05-22-2019 05:18 AM

I have a Macbook that for some reasons, after enrolling and getting to the desktop screen, do not deploy any "Enrollment Complete" policy.

On Jamf Pro I can see that policies @enrollment complete are in "Pending" but none of them do anything at the end, while policies triggered by recurring check-in get deployed correctly on the device.

I want to know if there is a way to fix this (like an automated re-enrollment) and why this could happen.

I would not like to use custom policy triggers to call a list of Policies as by my experience the flow is not always so smooth...

Labels:
7 REPLIES 7

dan-snelson
Valued Contributor II

Posted on ‎05-22-2019 01:12 PM

@corpffhelpdesk2l You may be experiencing the following Product Issue:

PI-004775 Policies with an Enrollment Complete trigger do not run upon completion of enrollment under certain circumstances.

Have you tried disabling Settings > Computer Management > Check-In > Allow Network State Change Triggers ?

We have a Self Service policy scoped to TSRs which executes the following command:

/usr/local/bin/jamf policy -event enrollmentComplete -verbose

82166899c8834321ba8905b0d73f3f71

corpffhelpdesk2
New Contributor II

Posted on ‎05-22-2019 11:27 PM

@dan-snelson

Have you tried disabling Settings > Computer Management > Check-In > Allow Network State Change Triggers ?

Do you feel the network state change might be what interrupts the beginning of "Enrollment Complete" policies..?

/usr/local/bin/jamf policy -event enrollmentComplete -verbose

What does it do exactly? I guess it calls the policy @enrollmentComplete to start..but I may be wrong
And..does it start the @enrollmentComplete flow only if it was not flown, or also if the policy @enrollmentComplete were already deployed..?

Till now, thank you for your support in any case..!

Really appreciated

0 Kudos

isaacnelson
Contributor

Posted on ‎05-23-2019 11:38 AM

@dan-snelson That Self Service policy is a good idea. I'm gonna steal it ;)

@corpffhelpdesk2l The network state change trigger doesn't work reliably to begin with, and it has been known to cause problems with the Enrollment Complete trigger. Disabling it increased the success rate of my Enrollment Complete policies, but didn't completely resolve the issue.

The /usr/local/bin/jamf policy -event enrollmentComplete -verbose command will trigger the Enrollment Complete policies as if the enrollment did just complete, regardless of whether or not it has already flown. Of course, execution frequency still applies, so if you have an Enrollment Complete policy set to execute once per computer or anything other than ongoing, that policy will not run again if it has already run on that computer.

...Does that all make sense and answer your questions?

patgmac
Contributor III

Posted on ‎05-23-2019 03:33 PM

Jamf specifically added the ability to disable network state change because of what it does to EnrollmentComplete. Disabling that helped quite a bit for us.

csa
New Contributor III

Posted on ‎05-24-2020 02:18 PM

honestly that sucks and explains why trigger we had to ensure user signs into Enterprise Connect isnt working well. Is there a workaround you know of to still use network state change triggers?

0 Kudos

BCPeteo
Contributor II

Posted on ‎07-08-2021 01:47 PM

Does the Enrollment Complete trigger actually work? All I am getting on policies with them is Pending

0 Kudos

sdagley
Esteemed Contributor II

Posted on ‎07-08-2021 02:32 PM

Barring the problems described above with network state changes the Enrollment Complete trigger does work. Try describing your environment and how you're enrolling and it might provide a clue as to what's going wrong for you.

0 Kudos