User Approved MDM Status Wrong?

mschroder
Valued Contributor

I have a (virtual) Mac for which Jamf (10.7.1) claims that the 'User Approved MDM' status is 'no', but macOS (profiles status -v -type enrollment) tells me

profiles: verbose mode ON
profiles: using user name = thisguy
Enrolled via DEP: No
MDM enrollment: Yes (User Approved)

Any idea why they differ?

This node also does not have the JSS CA cert anymore, but I am pretty sure it was there when I enrolled the Mac.

5 REPLIES 5

isThisThing0n
Contributor

I have seen this on a small handful of our machines.

Essentially the machines need re-enrolling to then report back the correct MDM status.

In our case as the MDM profile was non-removable I needed to remove the profiles database from recovery mode.

mschroder
Valued Contributor

Thanks for the info. I really hate this 'you will have to re-enroll', but at least I know that I don't need to wait for some magic command that could fix the Mac in question - and I am glad that I don't have to completely re-install the OS...

mbezzo
Contributor III

We've seen a handful of these as well and removing MDM/re-adding it does the trick for us without a complete re-enrollment. Worth trying at least!

Steps:
Choose the MDM Profile in Sys Prefs > Profiles and delete it. (If you're DEP you won't be able to do this...)
Then open terminal and do: sudo jamf mdm
I believe you'll have to manually approve the profile this way - but once that's done should be back to normal.

Thanks!
Matt

swapple
Contributor III

can that be scripted to remove and reinstall the MDM?

mike_hinge
New Contributor

We're hitting this exact same thing. There is nothing that seems to work. I deleted the profile and ran sudo jamf mdm which SEEMED to work, but now there's no Profiles in Sys Prefs > Profiles.