Help

User-level configuration profile not applying

cbednarz
New Contributor

Posted on ‎01-19-2018 06:10 AM

Hello all.
We currently have JAMF Pro 9.101.0 installed.
Our clients run (mostly) with macOS 10.12.5/10.12.6. We have a few with prior versions as BYOD, but to rule that out as a cause of failure, I excluded them.
I try to apply certain settings via a configuration-profile on user level.
We created an LDAP User "exam" and migrated it to JAMF. That part worked well.
When I built up the configuration profile (defining something obvious like dock location set to left), set it to "user-level" and scope it to specific computers (without specifying) and specific user (specifying the given LDAP user "exam"), these configurations are obviously not applied to the user "exam" on our computers. I would have assumed that this configuration is applied immediately, as it is pushed out, but it does not work.
Also running 'sudo jamf recon' or rebooting does not do the trick.
Do you have any idea what is missing?
Thank you and best regards,
Chrisd8e327d1d44d4ee1be29d477c43fa4be
e2cc4e2462b540f29cc548b061028efd

Labels:
0 Kudos
8 REPLIES 8

benducklow
Contributor III

Posted on ‎01-19-2018 07:55 AM

Not sure if this is your issue, but I am working with Jamf on an issue that would not allow User-Level Configuration Profiles from working. Luckily, we don't really use alot of them, but it all started with a bunch of errors I noticed in the JamfSoftwareServer.log similar to this:

2017-12-07 12:44:41,116 [WARN ] [duledPool-5] [pleMDMCheckInNotification] - Unable to create push notification for device: UserPushToken [ID=2444, Name=<username>]. A required field (UDID, APN Token, Push Magic) was empty.

After digging into the database, we discovered we had hundreds of records where the the "user_short_name", "push_magic" or "apn_token" fields were blank. According to Jamf Support, all three of these fields need information populated for User-Level MDM communication to work.

Something to check out I guess. Again, not sure if this is the same issue we are seeing.

0 Kudos

Sandy
Valued Contributor II

Posted on ‎01-19-2018 12:02 PM

@benducklow

I have a ticket open for this as well, have you made any progress in fixing this?

0 Kudos

Sandy
Valued Contributor II

Posted on ‎01-19-2018 12:05 PM

https://www.jamf.com/jamf-nation/discussions/26740/macos-device-based-vpp-app-installations-failing-and-opening-app-page-on-appstore
I ran that command and it returned 531 records

I am running JP 10.1.1.x
and my offending clients are mostly 10.11.6

0 Kudos

benducklow
Contributor III

Posted on ‎01-19-2018 12:17 PM

No fix yet. Still working on this with support. We're not taking the approach to delete and re-enroll, like that link you referenced.

0 Kudos

Sandy
Valued Contributor II

Posted on ‎01-19-2018 01:01 PM

I went backward through my JamfSoftwareServer.logs to see when this started. Not conclusive but it seems like it started showing up after I upgraded to JP10.0 on 11/22

0 Kudos

wenwei_hsu
New Contributor II

Posted on ‎03-21-2018 12:20 PM

Very similar issue here in regard to the whole "user level config profile not applying" problem. We are running JAMF Pro 9.101.0, and our clients are mostly macOS 10.12.6. My tech exchanged several emails with support over a few weeks. Result was basically inconclusive. Here is their last response, "As of right now that's the only valid work around we have until QA is able to identify the issue and implement a fix in an upcoming release. There is no ETA on that fix, but I did tie this case to that Product Issue so any updates will be sent."

The workaround they were referring to is to either,

  1. run "jamf mdm -userLevelMdm" to force the user level config profile(s) from running again while the user is logged in, or
  2. run "jamf removeMdmProfile; jamf manage; jamf mdm -userLevelProfile" to re-enroll and re-apply user level config

This issue happens on random clients with random users. We can't seem to pin point a pattern on why it's happening...

On a side note, @cbednarz, we apply our user level config profiles to all clients that might need it and scope it out by using the "Limitations" tab and select the LDAP user and/or group.

0 Kudos

Sandy
Valued Contributor II

Posted on ‎03-21-2018 01:52 PM

After trying every command and not getting consistent results
I have given up on User Level MDM for OS for now and am installing my user level config profiles using a policy with Package and script
Package drops the profile into the tmp folder, and I use the variable $4 for the name of the profile
Policy runs once, but the OS applies the profile to every user

script:

!/bin/sh

postinstall

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3
/usr/bin/profiles -I -F /private/tmp/$4
/bin/rm /private/tmp/$4

exit 0 ## Success
exit 1 ## Failure

0 Kudos

FastGM3
Contributor

Posted on ‎04-02-2018 01:11 PM

Are any of your clients losing apps as a result of this? We upgraded to 10.2.2 from 9.10 over spring break and are noticing the same "[AppleMDMCheckInNotification] - Unable to create push notification for device: UserPushToken type" errors in our logs.

Then when our clients returned to school many are finding their iPads with the default apps and no 3rd party apps. All of our scopes are good and apps appear installed from the JSS.

If we do a reset the 3rd party apps will reappear.

Thanks,
Chuck

0 Kudos