Recon stuck at gatekeeper status

jhart_hv
New Contributor II

Hi all,

 

I have a Mac that hasn't been checking in for a month or so and I've tracked it down to recon getting stuck at "Gatekeeper status".  Beyond unenrolling and re-enrolling (DEP mac), is there anything I should try?  Attached is the verbose output of the recon command.Screen Shot 2021-08-25 at 2.16.38 PM.png

12 REPLIES 12

ljcacioppo
Contributor III

I've often seen this when a process is trying to run software update in the background as well. Typically a reboot has resolved the issue for me

stevewood
Honored Contributor II
Honored Contributor II

This may be hanging up on an Extension Attribute. Just because Gatekeeper is the last item in that list does not necessarily mean that is what is causing recon to hang.

Do you have any Extension Attributes that are running scripts?

jhart_hv
New Contributor II

I have one EA running a script to check the installed version of Firefox.

stevewood
Honored Contributor II
Honored Contributor II

And I'm guessing the machine has been restarted recently and it has all Software Updates applied? If the answer is yes, then I'd say try:

sudo jamf manage

 And if that doesn't work, remove Jamf and re-enroll:

sudo jamf removeFramework
sudo profiles renew -type enrollment

Might take it a step further and delete from Jamf Pro server before re-enrolling.

JKingsnorth
Contributor

Did you ever find a good solution for this? We are running into the same issue and cannot pinpoint a cause. 

Seeing the same here, Monterey 12.0.1

octavianjurja
New Contributor

I am getting the same thing with my fleet.

jonlju
Contributor

We are also experiencing this issue on some Macs. 11.6.0.

Edit: A reboot actually solved the issue with the Macs we had. I also cleaned up some extension attributes we had that were no longer in use but I believe the reboot was the important bit. Now we can also help upgrade those Macs to 11.6.1 or Monterey.

ben_hertenstein
Release Candidate Programs Tester

The reboot did part of the trick for our macs. Then adding the jamf manage and sometimes a killall jamf for those stubborn machines as well.

Hayden_Webb
New Contributor III

I removed a few EAs and was able to complete an inventory update on all machines that were having this issue.

Thanks for the help!

pganesh
New Contributor

For us, the issue is related to inventory data collection for available software updates. Disabling "Collect available software updates" from Inventory Collections Settings in Computer Management fixed it.

Also below command can be run on impacted Macs.

sudo launchctl kickstart -k system/com.apple.softwareupdated

Cheers !!

zubair_kasim
New Contributor II

This worked for me too. Thanks @pganesh