MDM profile is getting updated but it takes long time to do it (multiple reboots)
search cancel

MDM profile is getting updated but it takes long time to do it (multiple reboots)

book

Article ID: 241801

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

The MDM (Modern Device Management) Profile is getting updated but it takes a long time to finish (multiple reboots on the Mac Device).
 
Repeating the same steps like resources membership and refresh policy in MDM server has not helped this finish quicker.
 
Is there a way to speed up the process to push the MDM profiles to the clients faster?

Environment

ITMS 8.6 RU2

Resolution

The MDM documentation can be found here:

About Modern Device Management

Setting up MDM for macOS

Usually running schedules for membership updates, policy updates, and then updating configuration on the MDM server should be enough to receive the profile policy and process it.
 
A few things to consider while troubleshooting this type of issue are as follows:
 
First, Is this problem is reproducible on all clients or on some single mac device? 
 

Suggestions for troubleshooting:

  1. Ensure that the policy with the MDM profile is received by the MDM agent and that policy contains UDID of targeted Mac clients. This policy is located under /opt/altiris/notification/nsagent/var/policies/ on MDM Server.
  2. You may need to find correct policy by searching policies' content by node MDMInstallProfilePolicy or by policy specific name. After policy is found you need to check content of <Endpoints> node - to ensure it contains UDID of affected Mac Device.(UDID of affected Mac devices can be seen on Mac device itself under About this > System Report.. > Hardware overview > UUID).

    This is how the policy should look:

    <Policy guid="{...}" name="Policytestetstest" version="...">
      <ClientPolicy agentClsid="Altiris.MDMAgent" enabled="True">
        <MDMInstallProfilePolicy>
          <Profiles>
            <Profile name="Profiletesttestest" uuid="...">...</Profile>
          </Profiles>
          <Applications/>
          <Endpoints>"4236433F-EBA9-958F-15D6-591563BAB4B8"</Endpoints>
        </MDMInstallProfilePolicy>
      </ClientPolicy>
     
    In case the policy is received by the MDM server and Mac Device UDID is listed under Endpoint node, the Mac device should process it.

  3. Run task "Enforce policies" to force policy processing on MDM server side. Tasks may be executed from MDM Workspaces > MDM Devices > Actions menu
  4. If it does not help, please collect and share with our Support team logs from MDM Server located under:
/opt/altiris/notification/mdmagent/services/micromdm/log/
and 
/opt/altiris/notification/mdmagent/services/mdm2nse/log/

NOTE: Make sure you are using the right Apple certificate as described under:

Obtain an Apple APNS Certificate

Powered by Wolken Software