Skip to main content
  1. Addigy
  2. Advanced Topics
  3. Advanced Topics

Troubleshooting MDM Connectivity for macOS

Updated:

How connectivity is established on macOS

MDM on macOS Devices relies heavily on the `mdmclient` binary on the device. This is a native client on the macOS System and talks to the Apple MDM Service that sends Apple Push Notifications to the device. It is responsible for receiving these notifications and processing the expected commands sent from the MDM Server itself.

How `mdmclient` can become unresponsive on macOS

Sometimes, this client becomes unresponsive or unable to perform certain operations. We have seen this behavior for a few reasons, but it usually results in either a bug within the `mdmclient` or associated processes its executing, or an issue with the specific device itself.

Are there specific reasons why this can happen that we have seen?

Usually, the most common two things, at the current time:

  • Keychain is not found
    • This can be due to a previous migration, using Migration Assistant or similar. Usually renewing the profile with the renew flag, will fix this issue. 
  • `OSUpdateStatus` Command hanging the `mdmclient`
    • This is a normal command for Software Updates on a device, and can cause the device to hang in certain conditions. Restarting the MDM Client would resolve this.

How can we determine devices in this state?

Using Addigy, in this state the Addigy Agent will still be responsive and fully functional. Allowing you to monitor and auto-remediate devices in this state. You will be able to create a fact to monitor any unique condition, however, we have a published Community Fact that will allow you to monitor for unique scenarios.

You could also use the below command using Addigy LiveTerminal or Addigy Scripts:

`sudo log stream | grep mdmclient`

This should return an error, once you run an MDM Command, like an Audit in GoLive > Refresh Data:

Keychain Error:

0x100f93 Error 0x0 10724 0 mdmclient: [com.apple.ManagedClient:MDMDaemon] [ERROR] MDM_Connect: Unable to create MDM identity from persistent reference: -25304 (The specified item is no longer valid. It may have been deleted from the keychain.) for profile

OSUpdateStatus Error:

l:<0x1b1b7b>] <<<<< Received HTTP response (400) [Acknowledged(OSUpdateStatus):audit-command-os-update-status-3134d98f-05ed-4601-b22e-b2d16e1a7376] <<<<<
2023-02-01 09:54:00.211085-0600 0x1b1b7b Error 0x0 47673 0 mdmclient: [com.apple.ManagedClient:MDMDaemon] [ERROR] [0:MDMDaemon:<0x1b1b7b>] [CE] Sending 'Acknowledged(OSUpdateStatus)

 

Is there an easy way to remediate these?

Generally speaking, we have commands to resolve both of these Scenarios.

 

Remediate Keychain Error:

To fix the keychain error, you need to run the below command as an Administrator interactively, as it will prompt you with a notification to update the MDM Enrollment:

sudo profiles renew -type enrollment

 

Remediate OSUpdateStatus Error:

This script you can copy from the Community.

sudo launchctl kickstart -k system/com.apple.mdmclient.daemon

 

 

 

 

Was this article helpful?
0 out of 1 found this helpful
Return to top

Didn’t find what you’re looking for?

Contact our Support Team