Jamf Nation Community

klaus · a week ago

Howdy,

I have a laptop that failed to update the MDM Profile, it's expiring soon. Normally I'd just wipe and re-enrol but this happens to be a Developer's laptop and they can't really afford the downtime.

I checked the logs and I see "Update to MDM profile contains different push topic". All other 200 or so devices in the fleet renewed fine, just not this one.

Is there anyway to resolve this without wiping the device?

TIA.

jamf-42 · a week ago

not sure the issue, but from terminal:

profiles renew -type enrolment

will re-enroll without a wipe

note, this will run any polices that run on enrolment.

A_Collins · a week ago

Different push topic happens when you renew the MDM push certificate with different apple ID.

Best option is to contact Apple, they can change the new certificate's topic with the old one.

Otherwise you need to re-enroll all devices again. Unfortunately you can not renew enrollment. So only way to enroll devices is to remove the MDM (which you probably have to manual with disabling system integrity protection and removing /var/db/ConfigurationProfiles) and enroll.

AJPinto · Tuesday

Honestly, reinstalling macOS is the best and fastest option. However, I would make sure that you have verified all the correct hosts and ports are opened for Jamf and Apple management to the device, most issues like this are network related.

Every user says they can't afford downtime. However, device management is a compliance and security issue, the user does not really have any say so. If we had a user refusing to troubleshoot an issue like this, developer or not, I would have security isolate and lock down the device.

Jamf Nation Community

Renew MDM Profile