OS X management profiles randomly removed

MumenRider
Here to help

OS X management profiles randomly removed

I've had a ticket w/ Meraki on this for over a month and I'm getting nowhere, so I figured I'd see if anyone else out there was experiencing the same.

 

I'm in the midst of rolling out a large number of OS X (Mojave) devices, but what I'm finding is that days, sometimes weeks after the initial enrollment the management profiles are disappearing.  I'll notice in the Dashboard that a station goes dark, and upon investigation (via TeamViewer) see that while my other management profiles (JumpCloud, specifically) are still there, Meraki is gone.

 

So I re-enroll the device BUT I can't Approve the profile remotely so I have to call the site and have someone local click the button for me.  Really efficient. 

 

This has popped up at multiple sites, and with a seemingly-random subset of my OS X stations.  I have other devices at the same sites (Windows, iOS and OS X) that haven't experienced this issue.  

 

Anybody else seeing this?

2 Replies 2
sshort
Building a reputation

I've definitely experienced that in the past, spanning 10.10 -- 10.13.6, so I don't think it's a Mojave thing. Sometimes the enrollment profile goes away, sometimes it's other profiles that should be in scope based on tags remove themselves.

 

I never found the root cause, but I got the problem to not reappear:

 

1- uninstall the Meraki agent

launchctl unload /Library/LaunchDaemons/com.meraki.agentd.plist
rm -f /usr/local/sbin/m_agent /usr/local/sbin/m_agent_upgrade
rm -rf '/Library/Application Support/Meraki/'
rm -f /Library/LaunchDaemons/com.meraki.agentd.plist

2- (requires physical access to the Mac) boot into the Recovery partition and disable SIP. After the Mac reboots back into the Recovery OS, remove the configuration profile database. Then re-enable SIP.

 

csrutil disable
-rf /var/db/ConfigurationProfiles/Store/
csrutil enable

 

3- Then re-install the Meraki agent/re-enroll as needed

MumenRider
Here to help

Hey thanks for that info! 

 

I'm going to try this with an impacted station to see if it prevents a recurrence, but I'm hoping to find a preventative measure, since I'm seeing this on freshly-installed Mojave instances which (presumably) have a fresh & clean configuration profile database.

 

Unfortunately this is one of those issues that falls in the crevasse between Apple and Meraki.  Meraki support is blaming OS X, and Apple wants nothing to do with this issue and advises me to "work with the software vendor."

 

Maybe the next time the jamf rep calls I'll pick up the phone... 🙂

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels