Not sure if this is your issue, but I am working with Jamf on an issue that would not allow User-Level Configuration Profiles from working. Luckily, we don't really use alot of them, but it all started with a bunch of errors I noticed in the JamfSoftwareServer.log similar to this:

2017-12-07 12:44:41,116 [WARN ] [duledPool-5] [pleMDMCheckInNotification] - Unable to create push notification for device: UserPushToken [ID=2444, Name=<username>]. A required field (UDID, APN Token, Push Magic) was empty.

After digging into the database, we discovered we had hundreds of records where the the "user_short_name", "push_magic" or "apn_token" fields were blank. According to Jamf Support, all three of these fields need information populated for User-Level MDM communication to work.

Something to check out I guess. Again, not sure if this is the same issue we are seeing.

@benducklow

I have a ticket open for this as well, have you made any progress in fixing this?

https://www.jamf.com/jamf-nation/discussions/26740/macos-device-based-vpp-app-installations-failing-and-opening-app-page-on-appstore
I ran that command and it returned 531 records

I am running JP 10.1.1.x
and my offending clients are mostly 10.11.6

No fix yet. Still working on this with support. We're not taking the approach to delete and re-enroll, like that link you referenced.

I went backward through my JamfSoftwareServer.logs to see when this started. Not conclusive but it seems like it started showing up after I upgraded to JP10.0 on 11/22

Very similar issue here in regard to the whole "user level config profile not applying" problem. We are running JAMF Pro 9.101.0, and our clients are mostly macOS 10.12.6. My tech exchanged several emails with support over a few weeks. Result was basically inconclusive. Here is their last response, "As of right now that's the only valid work around we have until QA is able to identify the issue and implement a fix in an upcoming release. There is no ETA on that fix, but I did tie this case to that Product Issue so any updates will be sent."

The workaround they were referring to is to either,

1. run "jamf mdm -userLevelMdm" to force the user level config profile(s) from running again while the user is logged in, or
2. run "jamf removeMdmProfile; jamf manage; jamf mdm -userLevelProfile" to re-enroll and re-apply user level config

This issue happens on random clients with random users. We can't seem to pin point a pattern on why it's happening...

On a side note, @cbednarz, we apply our user level config profiles to all clients that might need it and scope it out by using the "Limitations" tab and select the LDAP user and/or group.

After trying every command and not getting consistent results
I have given up on User Level MDM for OS for now and am installing my user level config profiles using a policy with Package and script
Package drops the profile into the tmp folder, and I use the variable $4 for the name of the profile
Policy runs once, but the OS applies the profile to every user

script:

!/bin/sh

postinstall

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3
/usr/bin/profiles -I -F /private/tmp/$4
/bin/rm /private/tmp/$4

exit 0 ## Success
exit 1 ## Failure

Are any of your clients losing apps as a result of this? We upgraded to 10.2.2 from 9.10 over spring break and are noticing the same "[AppleMDMCheckInNotification] - Unable to create push notification for device: UserPushToken type" errors in our logs.

Then when our clients returned to school many are finding their iPads with the default apps and no 3rd party apps. All of our scopes are good and apps appear installed from the JSS.

If we do a reset the 3rd party apps will reappear.

Thanks,
Chuck