Posted on 07-01-2024 08:48 AM
Howdy,
I have a laptop that failed to update the MDM Profile, it's expiring soon. Normally I'd just wipe and re-enrol but this happens to be a Developer's laptop and they can't really afford the downtime.
I checked the logs and I see "Update to MDM profile contains different push topic". All other 200 or so devices in the fleet renewed fine, just not this one.
Is there anyway to resolve this without wiping the device?
TIA.
07-01-2024 09:51 AM - edited 07-01-2024 09:51 AM
not sure the issue, but from terminal:
profiles renew -type enrolment
will re-enroll without a wipe
note, this will run any polices that run on enrolment.
Posted on 07-01-2024 03:54 PM
Different push topic happens when you renew the MDM push certificate with different apple ID.
Best option is to contact Apple, they can change the new certificate's topic with the old one.
Otherwise you need to re-enroll all devices again. Unfortunately you can not renew enrollment. So only way to enroll devices is to remove the MDM (which you probably have to manual with disabling system integrity protection and removing /var/db/ConfigurationProfiles) and enroll.
Posted on 07-02-2024 06:14 AM
Honestly, reinstalling macOS is the best and fastest option. However, I would make sure that you have verified all the correct hosts and ports are opened for Jamf and Apple management to the device, most issues like this are network related.
Every user says they can't afford downtime. However, device management is a compliance and security issue, the user does not really have any say so. If we had a user refusing to troubleshoot an issue like this, developer or not, I would have security isolate and lock down the device.