Clarify confusing "pending" behavior and fix broken link #37902
Conversation
- Profiles are stuck in "pending" when APNs expires:
noahtalerman
changed the title
Added note about pending MDM commands until APNs certificate renewal.
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
articles/apple-mdm-setup.md
Outdated
| > Apple requires that APNs certificates are renewed annually. | ||
| > - The recommended approach is to use a shared admin account to generate the CSR ensuring it can be renewed regardless of individual availability. | ||
| > - If your certificate expires, you will have to turn MDM off and back on for all macOS hosts. | ||
| > - Configuration profile enforcement/removal and all other MDM commands will be stuck in "pending" until you renew. |
There was a problem hiding this comment.
Basically all MDM commands will be very, very slow(could take days or longer to get executed) once the cert expires. This includes profile installation/removal, iOS/iPadOS refetch, lock, wipe, etc. Ultimately it won't be fixed by the cert renewal but by re-enrolling the affected hosts.
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
| > Apple requires that APNs certificates are renewed annually. | ||
| > - The recommended approach is to use a shared admin account to generate the CSR ensuring it can be renewed regardless of individual availability. | ||
| > - If your certificate expires, you will have to turn MDM off and back on for all macOS hosts. | ||
| > - If your certificate expires, you will have to turn MDM off and back on for all macOS hosts. Until you do, configuration profile enforcement/removal and all other MDM commands will be stuck in "pending". |
There was a problem hiding this comment.
@JordanMontgomery: Basically all MDM commands will be very, very slow(could take days or longer to get executed) once the cert expires. This includes profile installation/removal, iOS/iPadOS refetch, lock, wipe, etc. Ultimately it won't be fixed by the cert renewal but by re-enrolling the affected hosts.
@JordanMontgomery what do you think about my latest revision? I say "stuck" because they might as well be to the IT admin. Waiting for multiple days is close to as broken as them never getting applied.
Also, do commands really work after multiple days with an expired cert? You've seen that? That's weird...
noahtalerman
temporarily deployed
to
Docker Hub
GitHub Actions
Inactive
|
@noahtalerman, looks like there's an outstanding question that needs answering for review, but as for the text, I suggest shortending and making more direct:
|
Uh oh!
There was an error while loading. Please reload this page.