Skip to main content
  1. Addigy
  2. Advanced Topics
  3. Advanced Topics

MDM Client Is Unresponsive and Remediation - Addigy MDM Watchdog

Updated:
Apple has deprecated the launchctl kickstart command as of macOS 14.4. This renders the MDM Watchdog unable to perform several actions that were once able to help improve MDM Client communication. More information here: macOS 14.4 and the Addigy MDM Watchdog
Note: Devices below 14.4 should be unaffected by this change.

Impacted Machines

Potential Device Symptoms

  • Enrollment Profile showing expired notification, even though the Apple Push Notification (APNs) certificate is valid
  • MDM Commands, like Device Lock/Device Wipe commands, do not work.
  • System Updates via MDM do not kick off an update, even though one is available.
  • Configuration Profiles are not pushed

Problem Synopsis

Addigy Support, Product, and Engineering teams have observed a potential Apple bug where the mdmclient binary, used for communication between an MDM provider (Addigy) and the device becomes "stuck" or "hung" in it's processes. This prevents any new MDM commands from being processed on the device.

Current Workaround

Addigy has released a device fact (Is MDM Client Stuck) for Admins to report on devices that are in this stuck state. We have also shared two community scripts that can help solve the problem - Kickstart Software Updates, and Restart MDMClient Service. While we do not recommend this as a long term solution, this immediate workaround may be needed to successfully, and securely manage devices. Here is a suggested workflow for this alternate workaround:

  1. Add the Kickstart Software Updates and Restart MDMClient Service scripts to your environment from the Addigy Community.
  2. Using Addigy Devices page, Look for a device that has Is MDM Stuck = True.
  3. Run the Restart MDMClient Service script, from the devices page.
  4. (Optional) If System Updates via MDM is not working as well, please run the Kickstart Software Updates script.
  5. (Optional) Run any MDM command. For testing purposes, we recommend running a command that will not affect end user activities. For example, Go to the Updates tab in GoLive as this will kick off an MDM Command behind the scenes (AvailableOSUpdates MDM Command).
  6. Wait 5 minutes for the Is MDM Client Stuck fact to update itself. (Max 10 minutes just to be safe).
  7. Recheck the fact for the device.

Automatic Remediation

Addigy has made publicly available a utility called MDM Watchdog that can be run on any Mac. It monitors the is_mdm_client_stuck and is_mdm_softwareupdated_stuck device facts.

These remediation can also be run as a one off command on devices with the command /Library/Addigy/watchdog --mdm-auto-heal

The run events of this remediation will be recorded in /Library/Addigy/mdmclient-kickstart.txt and /Library/Addigy/softwareupdated-kickstart.txt.

If you are experiencing this behavior and need further assistance not mentioned in this article, please don't hesitate to reach out to our support team, support@addigy.com.

Was this article helpful?
3 out of 4 found this helpful
Return to top

Didn’t find what you’re looking for?

Contact our Support Team