Posted on 04-30-2019 03:58 AM
I have a (virtual) Mac for which Jamf (10.7.1) claims that the 'User Approved MDM' status is 'no', but macOS (profiles status -v -type enrollment) tells me
profiles: verbose mode ON
profiles: using user name = thisguy
Enrolled via DEP: No
MDM enrollment: Yes (User Approved)
Any idea why they differ?
This node also does not have the JSS CA cert anymore, but I am pretty sure it was there when I enrolled the Mac.
Posted on 04-30-2019 06:48 AM
I have seen this on a small handful of our machines.
Essentially the machines need re-enrolling to then report back the correct MDM status.
In our case as the MDM profile was non-removable I needed to remove the profiles database from recovery mode.
Posted on 04-30-2019 09:32 AM
Thanks for the info. I really hate this 'you will have to re-enroll', but at least I know that I don't need to wait for some magic command that could fix the Mac in question - and I am glad that I don't have to completely re-install the OS...
Posted on 04-30-2019 09:47 AM
We've seen a handful of these as well and removing MDM/re-adding it does the trick for us without a complete re-enrollment. Worth trying at least!
Steps:
Choose the MDM Profile in Sys Prefs > Profiles and delete it. (If you're DEP you won't be able to do this...)
Then open terminal and do: sudo jamf mdm
I believe you'll have to manually approve the profile this way - but once that's done should be back to normal.
Thanks!
Matt
Posted on 05-15-2019 10:12 AM
can that be scripted to remove and reinstall the MDM?
Posted on 09-10-2019 09:47 AM
We're hitting this exact same thing. There is nothing that seems to work. I deleted the profile and ran sudo jamf mdm which SEEMED to work, but now there's no Profiles in Sys Prefs > Profiles.