"Lock computer" is Pending.

TallMaroonGuy
New Contributor

Hello party people.

So, we had a bit of a shakeup a few months ago, and people got let go. A couple of people took the chance to take their computers and "forget" to bring them back.

There's one machine, a M1 MBPro, running 13.2.0, that its owner seems to have absconded with. After verifying that they was no longer employed, I sent the Lock Computer command with the Remote Lock Passcode set and a friendly message suggesting they call us. 

Thing is, it's still saying Pending and the machine has checked into Jamf twice a day since. I canceled the initial try and redid it this morning, and the Last Push coincides with the date this computer last checked in...

Screen Shot 2024-08-21 at 1.51.57 PM.png

 

 

So, the machine is checking in, and I don't think that the Lock Device is firing. I've done some searching, and there was an issue with M1s and earlier OS versions, but that isn't it, I don't think. Any ideas?

9 REPLIES 9

AJPinto
Honored Contributor III

I would very strongly suggest being more on top of OS patching, there is no reason to have a device with 13.2.0 at this point in time. I could understand 13.9, but not 13.2. 

 

Do you guys have any network security tools? There could be something filtering apple traffic but not Jamf traffic. That lock command comes through the MDM framework which would be from Apple.

Nate1
New Contributor III

I can't help other than say we've strangely had this issue begin very recently with us on a few machines. In the past, any machine that had a pending lock would have it take effect immediately at check-in and lock the laptop, but now we've seen a few machines that have a pending lock but are still checking-in.

rskinner
New Contributor

Having the same problem today.

guy_ey
New Contributor

Hi guys

Seems like the issue is related only to Jamf pro version 11.7.1.

A workaround for now until Jamf will fix it is:

  1. Cancel lock device command that stuck on pending.
  2. Fill Lock Message and don't leave it blank.
  3. Lock device.

For me the issue was solved.

I always took care to put something in the Lock Message box, because we want the machine back. SOmeone else mentioned that, not to leave the Lock Message blank, but that seemed not to be it.

rrh
New Contributor

There is an open PI for this: PI119853. Support says this will be fixed in 11.9

joshuasee
Contributor III

I have seen situations like this where MDM commands are wedged but policies keep running. A reboot/OS update usually cleared it up. For what the OP is describing I would create a one-off policy for just that machine to reboot without warning. The MDM command should then kick in. 

Double check the management certificate expiration date to confirm renewal hasn't failed.

Hmmm. A forced reboot? I'll keep that in mind; maybe "turn it off and turn it back on" would fix future issues.

TallMaroonGuy
New Contributor

Update:

This morning, the command went through, with no intervention on my part. From what I can tell, the user didn't reboot, but all of a sudden, the Lock Computer job applied. Don't know if this was a temp glitch, but thank you all for suggestions. 

Screen Shot 2024-08-22 at 9.49.00 AM.png