What causes "Removing unsupported user-only MDM profile"

Question

Created Mar ’21

Replies 4

Boosts 0

Views 1.7k

Participants 2

I've got a Mac enrolled in an MDM (Mosyle). Occasionally when I update a profile on the MDM, the mac looses all configuration profiles installed by the MDM apart from the MDM profile itself.

I've checked the logs for anything relevant, and it all seems to start with mdmclient logging:

Code Block Removing unsupported user-only MDM profile: Mosyle Corporation MDM (com.mosyle.mdm...
Removing unsupported user-only MDM profile failed: Error Domain=CPFAccess Code=101 "Profile is not removable."...

It then goes ahead and logs this for all other profiles installed by the MDM:

Code Block Removing obsolete profile installed by MDM: (PROFILE NAME)

Obviously I'd prefer if all my profiles weren't removed. What could cause this to happen? Is there anything I can do to debug further?

Thanks!

Boost

Answer 1

Device Management Engineer OP

Apple

Apr ’21

It's difficult to determine the cause of the failure from the information you've provided. Please install the Managed Client logging profile, reproduce the issue, and take a sysdiagnose following the instructions at https://download.developer.apple.com/OS_X/OS_X_Logs/Managed_Client_Logging_Instructions.pdf. Then file feedback at https://feedbackassistant.apple.com/ and attach the sysdiagnose.

0

Answer 2

NoggyT OP

Apr ’21

I submitted feedback as: FB9075867 but haven't had a response yet. The issue is extremely urgent and preventing us rolling out student MacBooks. It would be extremely helpful if someone is able to look at it.

Thanks!

0

Answer 3

NoggyT OP

Apr ’21

I've decompiled Catalina's version of mdmclient and wasn't able to find the part responsible for removing profiles. I've tested with Catalina for several hours and wasn't able to duplicate the issue. This indicates the issue is likely specific to Big Sur.

I really need this to be looked into urgently. We have students who aren't able to use devices due to this.

Thanks!

0

Answer 4

NoggyT OP

Apr ’21

I've confirmed with both Mosyle and Jamf that this is unexpected behaviour with Big Sur. Neither MDM is sending commands to remove the configuration profiles. I've still been unable to replicate the issue with Catalina.

I'm having to manually downgrade all new devices to Catalina, which is extremely time consuming and not officially supported. It would be great if someone could look into this and find if there's a better workaround.

Thanks!

0