mirror of
https://github.com/fleetdm/fleet
synced 2026-05-22 08:28:52 +00:00
890042d27a
For #27854 I was able to reproduce the issue by simply unassigning device from an MDM server, and then assigning back. Once assigned back, Fleet did not resend the profile to ABM, and device was not able to enroll into MDM. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
1.1 KiB
1.1 KiB
Troubleshooting
Enable MDM debug logging on the device
- Install the
./tools/mdm/apple/turn_on_debug_mdm_logging.mobileconfigprofile on the device manually (by double-clicking such file) or using Fleet MDM via:
fleetctl apple-mdm enqueue-command InstallProfile --device-ids=<TARGET_DEVICE_ID> --mobileconfig ./tools/mdm/apple/turn_on_debug_mdm_logging.mobileconfig
-
Check the profile was successfully installed in "System Preferences" -> "Profiles".
-
Then on the device run the following command:
log stream --info --debug --predicate 'processImagePath contains "mdmclient"' | tee mdm_logs.txt
Checking and redelivering MDM enrollment profile
To check if a host has the correct MDM enrollment profile installed, run the following command on the host:
sudo profiles show -type configuration
To trigger a redelivery of enrollment profile, run the following command on the host:
sudo profiles renew -type enrollment
If the host does not have the right enrollment profile, try transferring the host to another team, wait for 10 minutes, then transfer it back and wait another 10 minutes.