Skip to main content
  1. Addigy
  2. Advanced Topics
  3. Advanced Topics

Troubleshooting MDM Connectivity for macOS

Updated:

Establishing MDM Connectivity on macOS

MDM on Macs relies heavily on the 'mdmclient' binary, a native client on the macOS system which communicates with the Apple MDM Service that sends Apple Push Notifications to enrolled devices. It is responsible for receiving these notifications and processing the expected commands sent from the MDM Server itself.

Unresponsive mdmclient

Sometimes, the mdmclient becomes unresponsive or is unable to perform certain operations. We have seen this behavior occur for various reasons, but it is typically caused by a bug within the client/its associated processes or could indicate an issue with the affected device itself. 

The most common causes we currently see are the following: 

  • Keychain is not found: Typically caused by a previous migration, using Migration Assistant or similar. 
  • OSUpdateStatus command hanging the mdmclient: This command runs regularly for Software Updates on a device, and can cause devices to hang in certain conditions. 

Note that when the mdmclient is unresponsive on a device, the Addigy Agent will still be responsive and fully functional. 

How can we determine devices in this state?

The default Device Fact 'Is MDM Client Stuck' can be referenced to determine if a device's mdmclient is unresponsive.

If this fact is returning true for a device, use the following steps to determine how to remediate: 

  1. Start a LiveTerminal session on the device and run the following command:  
    sudo log stream | grep mdmclient
  2. Run any MDM command on the device (for example, perform a device Audit by using the GoLive > 'Refresh Data' button). This should trigger the device to return one of the following errors in the logstream: 

Keychain Error:

  0x100f93 Error 0x0 10724 0 mdmclient: [com.apple.ManagedClient:MDMDaemon]
  [ERROR] MDM_Connect: Unable to create MDM identity from persistent
  reference: -25304 (The specified item is no longer valid. It may
  have been deleted from the keychain.) for profile

OSUpdateStatus Error:



  2023-02-01 09:54:00.211085-0600 0x1b1b7b Error 0x0 47673 0 mdmclient:
  [com.apple.ManagedClient:MDMDaemon] [ERROR] [0:MDMDaemon:<0x1b1b7b>]
  [CE] Sending 'Acknowledged(OSUpdateStatus)

After confirming the error type, use the corresponding command below to remediate. 

Remediate Keychain Error:

Devices enrolled via Automated Device Enrollment (ADE):

To fix the keychain error for a device enrolled via ADE, you'll need to run the command shown below as an Admin user (via Terminal). After doing so, you will be prompted to enter credentials and update MDM enrollment.

sudo profiles renew -type enrollment

More info about using the renew command

Manually enrolled devices:

If the mdmclient is stuck on a manually enrolled device, you will need to manually reinstall MDM on the device. 

Remediate OSUpdateStatus Error / Unresponsive MDM (not keychain error):

Note: This command is no longer reliable on devices running macOS 14.4 or higher.

sudo launchctl kickstart -k system/com.apple.mdmclient.daemon
Was this article helpful?
1 out of 4 found this helpful
Return to top

Didn’t find what you’re looking for?

Contact our Support Team