We have been seeing the same thing for a while now and have found if you delete the profile before ensuring all clients have the profile removed correctly it will just continually fail. In general, we have been making sure the profile is not pending for any devices before deletion. I have resorted to doing a failed command flush on lab devices where we were using our 8021x profile in question through the API. see below, you will need to change the base64 encrypted string for your environment but I would suggest making sure you don't want to see the failed policies as it will clear them all. this is fine for us due to them just being labs. We run this on labs once per day. #!/bin/bash idtype=computers status=Failed jssurl=$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url) #get the serialnumber sn=$(system_profiler SPHardwareDataType | awk '/Serial Number/{print $4}') #get the jamf pro id based off serialnumber id=$(curl -ks --header 'authorization: Basic #################' -H "accept: text/xml" "$jssurl"JSSResource/computers/serialnumber/$sn | xmllint --xpath "computer/general/id/text()" -) # force individual computer by replacing ID here and uncomment # id=2641 #Delete pending & failed commands for the mac curl -ks --header 'authorization: Basic #########################' -H "content-type: text/xml" "$jssurl"JSSResource/commandflush/computers/id/$id/status/$status -X DELETE
Configuration profiles are XML files (.mobileconfig) that provide an easy way to define settings and restrictions for devices, computers, and users. You can use Jamf Pro to create a configuration profile or you can upload a configuration profile that was created using third-party software, for example, Apple's Profile Manager or Apple Configurator. Before creating a configuration profile, you should have basic knowledge of configuration profile payloads and settings. For more information, see the following Apple documentation:
Some configuration profile payloads and settings available in Jamf Pro may differ from their implementation in Apple’s tools. For more information on these settings, see the Configuration Profile Payload Settings Specific to Jamf Pro Knowledge Base article. When you create a computer configuration profile, you must specify the level at which to apply the profile—computer level or user level. Each level has a unique set of payloads and a few that are common to both. There are two different ways to distribute a configuration profile: install it automatically (requires no interaction from the user) or make it available in Self Service. You can also specify the computers and users to which the profile should be applied (called “scope”).
Note: Removing a computer from the scope of a computer-level profile prompts Jamf Pro to remove the settings applied by the profile the next time the computer checks in with Jamf Pro. Removing a computer from the scope of a user-level profile prompts Jamf Pro to remove the settings applied by the profile the next time the computer checks in with Jamf Pro while that user is logged in.
There are several payload variables that you can use to populate settings in a configuration profile with attribute values stored in Jamf Pro. This allows you to create payloads containing information about each mobile device, computer, and user to which you are distributing the profile. To use a payload variable, enter the variable into any text field when creating a configuration profile in Jamf Pro. When the profile is installed, the variable is replaced with the value of the corresponding attribute in Jamf Pro.
To install a configuration profile on a computer, you need:
You can create a configuration profile using Jamf Pro. Beginning with Jamf Pro 10.17.0, you can configure some payloads using a redesigned flow. Use switches to include the settings that will be sent to deployment targets. In the summary view, only the included or configured settings are displayed in the Jamf Pro interface. The operating system manages settings on the computer level. Some enforced settings that do not change default values will not be visible on the computer. For more information on the default settings, see this documentation from the Apple Developer website.
Note: When upgrading to Jamf Pro 10.17.0 or later, any previously configured payloads that have been redesigned are automatically migrated. Review the settings in the Jamf Pro user interface. The migrated payloads are not redeployed to deployment targets.
Page 2 |