Policy doesn't run

dalyj
New Contributor II

Greetings,
I looked through the discussions, but can't find anything quite like this. If it's been answered before, I apologize. Please point me in the right direction.
I have a Casper 9.24 server and a policy set to run at startup, login, or logout.
When I go to the logs, every scoped system shows as "pending."
When I go to any of the systems and do "jamf checkJSSConnection" it shows connection is good.
When I try and run jamf policy -event startup it will run policies, but not that one. When I re-run it, it says there are no policies found for the startup trigger, even though the log still shows that machine as pending.
I've checked for clock skew, made sure the policy is enabled, all the usual things that I can think of.
I'm at a loss.
any ideas?
Thank you,
John

6 REPLIES 6

mm2270
Legendary Contributor III

I'm not sure if this is the issue, but I'm just noting that you don't mention the execution frequency for the policy. You mentioned what the triggers are, but not the execution frequency, so what is that set to?

dalyj
New Contributor II

Thank you for your response.
The policy is set to once per computer.

damienbarrett
Valued Contributor

I know it sounds obvious, but....is the "Enabled" checkbox for the policy checked?

mm2270
Legendary Contributor III

You mentioned it was enabled, so it likely is if its showing up as enabled, but there are other factors that could affect this. For example, do you have any client side time restrictions on when the policy should run? I also assume it has NOT run on these Macs a least once, or you would;t be asking why it isn't running.

Also, have you actually tried doing a logout, login or reboot on one of the Macs in scope? I'm not certain if there's an issue with simulating these events with the jamf binary as opposed to actually doing the event(s) in question.
Last thing, can you create a new policy with the same settings that maybe just does a recon (inventory collection) but has all the same settings and set to the same scoped groups and see what happens with that policy?

dalyj
New Contributor II

Ok, so this gets stranger.
there are 26 computers in scope. Because this is a production environment and all computers are actually in use (and spread out across 20 square miles), I can't easily just take them over and reboot them, except when people aren't here. I have an energy saver setting that will boot up the macs on Wednesday night if they're shut down because I have a startup policy that does apple software update. Anyway, last night, some of the computers were off and turned themselves on. of the 26 computers in scope, 4 of them ran this policy.
I took over one of the computers that didn't run the policy, since it's before that user would arrive at work, and rebooted it manually. It ran the software update policy. It did not run this policy.
jamf policy -event startup tells me:
Checking for policies triggered by "startup"...
No policies were found for the "startup" trigger.

yet the web page shows that it's still pending for that computer.

I will set up a new policy with the same settings next.

Thank you again,
John

dalyj
New Contributor II

never mind.. the problem is that I'm an idiot.

You nailed it mm2270: because it updates Office and most of my people use Office, it's set not to run between 6AM and 6PM.
I do wish there was a way to say that it can't run between 6AM and 6PM on Mon, Tue, Thurs, and Fri.
chances are that since my ARD wasn't running last night, only those 4 computers booted.

I'll revisit this if it turns out to be another issue.
Thank you for your help.