ProfileList CertificateList stuck in Pending status

Question

We ran into an issue recently where weren't able to completely enroll machines. Through the enrollment process we would see the machines receive MDM profile.(they would join to our domain, receive filevault configs, applications etc) In the JSS the machines would have an MDM Capability of "NO" . In the management history (screenshot below) we also saw the ProfileList and CertificateList stuck in Pending status.

We went back and forth with support for a while, unenrolling/reenrolling machines. Checking proxy/firewall settings from the server/clients. Recreated our push certificate. All to no avail.

When we looked at the database, we saw a result like the one below, in which the machines did not have an APN token. Image below (taken from this website https://www.justinrummel.com/debug-apns-issues-for-jamf-softwares-casper-suite/ )

Solution: Our problem was caused by our Linux JSS having lost network time. We corrected network time, and all machines enrolled successfully.

Maineboy22 · Answer

I have a similar problem on our Windows JSS but it is sporadic. I have seen the following all pending on some machines but not others... We have had some network time issues however.
iTunes Account Status - Pending
iTunes Account Info - Pending
ProfileList - Pending

I believe I have seen the CertificateList - Pending also but like I said only on a couple of machines out of a group. The group of machines were all enrolled using the same PreStage Enrollment and are the same model, OS (10.11.6) same everything. I will see it when I'm trying to run a policy. I will just hit cancel on them, then a new policy will run, right now it's a software install, then after the policy runs they are back. As I said I have seen the CertificateList - Pending but it's usually the other three that are listed above.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded