Posted on 08-21-2024 11:56 AM
Hello party people.
So, we had a bit of a shakeup a few months ago, and people got let go. A couple of people took the chance to take their computers and "forget" to bring them back.
There's one machine, a M1 MBPro, running 13.2.0, that its owner seems to have absconded with. After verifying that they was no longer employed, I sent the Lock Computer command with the Remote Lock Passcode set and a friendly message suggesting they call us.
Thing is, it's still saying Pending and the machine has checked into Jamf twice a day since. I canceled the initial try and redid it this morning, and the Last Push coincides with the date this computer last checked in...
So, the machine is checking in, and I don't think that the Lock Device is firing. I've done some searching, and there was an issue with M1s and earlier OS versions, but that isn't it, I don't think. Any ideas?
Posted on 08-21-2024 12:04 PM
I would very strongly suggest being more on top of OS patching, there is no reason to have a device with 13.2.0 at this point in time. I could understand 13.9, but not 13.2.
Do you guys have any network security tools? There could be something filtering apple traffic but not Jamf traffic. That lock command comes through the MDM framework which would be from Apple.
Posted on 08-21-2024 12:06 PM
I can't help other than say we've strangely had this issue begin very recently with us on a few machines. In the past, any machine that had a pending lock would have it take effect immediately at check-in and lock the laptop, but now we've seen a few machines that have a pending lock but are still checking-in.
Posted on 08-21-2024 03:05 PM
Having the same problem today.
Posted on 08-22-2024 06:27 AM
Hi guys
Seems like the issue is related only to Jamf pro version 11.7.1.
A workaround for now until Jamf will fix it is:
For me the issue was solved.
Posted on 08-22-2024 07:45 AM
I always took care to put something in the Lock Message box, because we want the machine back. SOmeone else mentioned that, not to leave the Lock Message blank, but that seemed not to be it.
Posted on 08-23-2024 01:49 PM
There is an open PI for this: PI119853. Support says this will be fixed in 11.9
Posted on 08-22-2024 06:29 AM
I have seen situations like this where MDM commands are wedged but policies keep running. A reboot/OS update usually cleared it up. For what the OP is describing I would create a one-off policy for just that machine to reboot without warning. The MDM command should then kick in.
Double check the management certificate expiration date to confirm renewal hasn't failed.
Posted on 08-22-2024 07:47 AM
Hmmm. A forced reboot? I'll keep that in mind; maybe "turn it off and turn it back on" would fix future issues.
Posted on 08-22-2024 07:50 AM
Update:
This morning, the command went through, with no intervention on my part. From what I can tell, the user didn't reboot, but all of a sudden, the Lock Computer job applied. Don't know if this was a temp glitch, but thank you all for suggestions.