Device Group Profile not showing up in My Devices.

iToaster wrote:

If your profile is set to push, you won't see it in /mydevices

It will be sent out to all the devices in the group without user interaction

As far as I'm aware your users should be network not local

Restarting profile manager does not stop running "tasks"

You have to cancel them within profile manager

If your profiles never finish sending check and see if the device is on the network

And turned on. If the device is outside your network pushed profiles won't complete until the device returns to your network. or you make the nessesary changes to allow profile manager to work outside your network

If your'e inside your LAN you should not need to connect remotely to manage PM

In PM do you see the device along with the user name you enrolled it with

Hi, thanks for your response.

The Profile Distribution Type for the Test Device Group is set to Manual Download and not Automatic Push.

The network users are now called "Local Network Users" in ML Server. The "test user" is a Local Network User and not a Local account.

The test device I am using is sitting next to me at my desk and it is 100% turned on and connected to the network. 😉

I see the test user in the "Users" section of Profile Manager. I do see the test device in the "Devices" section and in the "Members" section of the "Test Device Group" that's in the "Device Group" section.

Hope this helps. Any new ideas?

Thanks.

iToaster wrote:

can you push any profiles to the device

if you cancel running tasks can you update info on the device

in PM devices click on the device on the right handside the cog at the bottom

select update info

then look at about, details last checking time should change to the time and date you updated the info

Do you have any ACL restictions on PM

I cannot push any profiles to the device. Instead of attempting to download the profile for the Test Device Group, I created a profile for the computer itself (in Devices), logged back into myserver.com/mydevices as the Test user, clicked on profiles and the exact same thing is happening. I only see "Settings for Everyone".

After clicking on Update Profile nothing happened. It just says "Sending" in the Activity section for the device.

The last checkin time was 9:27am, it's now 9:44am and nothing new.

I'm able to download the Remote management profile settings when I first log into myserver.com/mydevices but then none of the profiles get pushed, or show up in Profiles.

I don't believe I have any ACLs on the PM. I'm not sure how to check. Can you explain how?

Another odd behavior I'm noticing is that all the tasks I've cancelled (6 of them) are still sitting in Active Tasks section and all of them say "Cancelled" whereas before when I've cancelled a task it got moved to Completed Tasks.

This is my first experience using and testing Profile Manager. I'm so used to the old way of management with MCXs so I am not familiar with the way this is supposed to work but clearly it's not working for me. lol! 😁

Ok I figured out how to check the SACLs for Profile Manager.

The test user account has access to Profile Manager service. The test user is a member of Workgroup. Workgroup also has access to Profile Manager but it's still not working. Initially, when I checked Workgroup, it did not have access to PM but then I enabled it, and started over again only to get the same result. 😢

Ok, I am almost at my wits end. I cannot figure this out. Profile Manager is not working for me the way it's supposed to.

The only way I got this to work is to log into myserver.com/profilemanager as an admin on the test device itself, click on Test Device Group, click on Profile, and then click the Download button. No other way works and this is not an ideal way to get profiles onto our machines.

😕

Sorry for the blasts of updates. I hope that it may shed some light on my problem.

One new bit of information I've noticed is that in all the profiles for; Users, Groups, Devices, and Devices Group - "The name of the organization" field is blank and I cannot edit it. It's greyed out.

Not sure if this matters or not.

I can say that it is working for Groups. I just tested settings for Workgroup and now when I log in as the test user to myserver.com/mydevices i can see the "Settings for Workgroup" in the "Profiles" section in "My Devices" and I can download it.

So, I don't know why this isn't working for Device Groups.

iToaster wrote:

Sorry I just re read your post .

Your orginsation name should not be blank in the profiles and it's. Normal to be greyed out

Providing you filled in the orginsation name when setting up PM

I remember entering our company's iTunes Apple ID to allow push notifications. But if I set the profile to be manually downloaded, is the push notifications from Apple still necessary?

I also remember entering the Organization Name when setting this up.

When I am in PM in Server.app, under the "Default Configurtaion Profile", I see "Include configuration for services: No Services Enabled" - the check box is checked off and "No Services Enabled" is greyed out.

Also, in one of the PM logs I have been seeing "PushSettings' (prio:0) for nil" - not sure if this is related.

Sign configuration profiles is enabled.

Thanks for the firewall tip. Those ports ended up being blocked after all in addtion to a couple of other settings on our firewall that was preventing the Push Notifications to be sent to and from Apple.

I really appreciate your help.

Things seem to be "working" for the most part although now I am having trouble with Profiles with Mobile Home Account settings not being applied unitl the 2nd time they log into the Mac. But I'll save that for another post.

Thanks again.