Updated iOS stuck on Declarative Management - Pending

mnelson360
New Contributor

I've got a device that shows not having checked in since 8/21 but the end user has been using it daily. She went to use her phone this morning and it said iPhone Unavailable, check back in 15 minutes. No love after 15. Remote commands are not getting to the device and she cannot use her pin to unlock it bc of said message. Hard shutdown and restart did not help.

 

Any thoughts?

DeclarativeManagementPending
2 ACCEPTED SOLUTIONS

foobarfoo
Contributor

The root cause is probably entirely different. The device isn't online, because it was restarted and thus doesn't process MDM commands. She tried to unlock it using the wrong PIN code, hence the message. You are now in a deadlock situation, where you as a JAMF admin can't send the Clear Passcode command.

The way to resolve this, given that you have a policy scoped in advance, that restricts/disables USB restricted mode, is to plug in a USB ethernet adapter and get the device online using that method. If that's not enabled in advance, I know of no other solution than to wipe the device using DFU or similar method, and re-enroll.

And yes, USB restricted mode disabled does lower device security a bit, but for us it's worth it to avoid scenarios like these.

View solution in original post

mnelson360
New Contributor

We do have USB disabled. I have moved forward with having her go to our HelpDesk and factory reset / re-enroll. Thanks for the information. It's kind of what I suspected. In limbo without being able to check in and receive commands.

View solution in original post

2 REPLIES 2

foobarfoo
Contributor

The root cause is probably entirely different. The device isn't online, because it was restarted and thus doesn't process MDM commands. She tried to unlock it using the wrong PIN code, hence the message. You are now in a deadlock situation, where you as a JAMF admin can't send the Clear Passcode command.

The way to resolve this, given that you have a policy scoped in advance, that restricts/disables USB restricted mode, is to plug in a USB ethernet adapter and get the device online using that method. If that's not enabled in advance, I know of no other solution than to wipe the device using DFU or similar method, and re-enroll.

And yes, USB restricted mode disabled does lower device security a bit, but for us it's worth it to avoid scenarios like these.

mnelson360
New Contributor

We do have USB disabled. I have moved forward with having her go to our HelpDesk and factory reset / re-enroll. Thanks for the information. It's kind of what I suspected. In limbo without being able to check in and receive commands.