14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Troubleshooting Guides
  3. Mac

Category filter

Troubleshooting Mac Unresponsive Issues in MDM

Jump To

The macOS device is not responding to the Hexnode portal even if the device is switched on and connected to the internet.

Possible troubleshooting methods:

  1. Make sure your device has a stable internet connection. If the current network connection is unstable or if it doesn’t have sufficient speed, you can try connecting your device to a different network and check whether the device is responding to the Hexnode server by performing a Scan Device action.
  2. Update your device to the latest OS version and try performing a Scan Device action to check whether the device is responding to the Hexnode server.

    3. Scan Device action for a device on Hexnode UEM

  3. Make sure the APNs token is not expired. The APNs has a validity of one year and it needs to be renewed every year. If the APNs token is expired, you will not be able to perform any actions/functions using the MDM protocol.

    Follow the steps given below to renew the APNs certificate:

    • Navigate to Admin > APNs and click on Renew Certificate.
    • Click on Generate CSR to download the CSR file.
    • Log in to the Apple Push Certificates Portal using your Apple ID credentials.
    • Identify the certificate that is to be renewed using the Expiration date provided in the portal.
    • Select the certificate and click on Renew.
    • Upload the CSR file and the updated APNs certificate gets downloaded automatically on the device.
    • Upload the new APNs certificate back in the Hexnode portal.

    The APNs certificate will get renewed and will be valid for another year.

  4. If the device is not DEP-enrolled, you can try re-enrolling the device back into the Hexnode portal by following the steps given below:
    • In the device, navigate to System Preferences > Profiles.

      • Profiles location under System Preferences on macOS

    • Remove the Hexnode MDM profile and enroll the device back into the Hexnode portal.
    • Perform the Scan Device action to confirm whether the device is responding.
  5. Your Apple devices make use of certain hosts and ports to establish a persistent connection with the APNs server. Make sure the following host and ports related to APNs are not blocked in your Firewall settings:
    • Host – *.push.apple.com
    • Ports – 443, 80, 5223, 2197

    If any of the above-mentioned hosts or ports are blocked, they need to be unblocked.

  6. To re-establish connection with the APNs server, you can try resetting your network settings. Follow the steps given below to reset your network settings:
    • Navigate to System Preferences > Network.
    • Select Wi-Fi from the left menu and click on the “” button to remove the existing network configurations.

      • Wi-Fi configuration page on macOS

    • Click on the “+” button and from the dropdown, select Wi-Fi to set up a new connection.

    Restart the device and perform the Scan Device action from the portal to test whether the connection has been re-established with the device.

  7. Troubleshooting your device using the sysdiagnose file. The sysdiagnose troubleshooting method can be performed on your device using the steps given below:
    • Download the APNs mobileconfig profile from Profiles and Logs.
    • Navigate to System Preferences > Profiles and install the downloaded profile.
    • Press the following keys to perform the sysdiagnose process from the Finder:

      Command + Option + Shift+ Control + Period (.)

      The process can take up to 10 minutes to complete.

    • Once the process is completed, the folder “/private/var/tmp/“ will automatically appear in the Finder and the sysdiagnose file name will look similar to this:

      “sysdiagnose_2017.08.17_07-30-12-0700_10169.tar.gz”

    • Along with your report, you can attach the sysdiagnose file that appears in /private/var/tmp/ to understand the issue in detail.
    • You can analyse and troubleshoot the sysdiagnose file by yourself or you can contact our support team for further assistance.
    • Once the troubleshooting process is completed, you can remove the mobileconfig file from the device.

    You can also perform the sysdiagnose operation using the Terminal as well. Download the sysdiagnose instruction file for macOS from Profiles and Logs to get a detailed explanation of the sysdiagnose troubleshooting method.

  8. In some instances, the macOS device token will not get fetched into the Hexnode portal. You will not be able to communicate with a device via any third-party MDM or application without the APNs device token. The device token will be sent along with any notification that is sent to the Apple Push Notification server in order to identify the device to which the notification is to be sent. Similarly, if the Hexnode Root CA certificate is deleted on the device end, the device will not ping to the server.
    • In case of non-DEP devices, you can manually re-enroll your device by removing the MDM profile from the device and re-installing it again. You will have to be an admin user in order to remove the MDM profile from devices running on macOS 10.15 and above.
    • In case of DEP devices, you can enter the following terminal command manually on the device to re-install the MDM profile:

      sudo profiles renew -type enrollment

    The MDM profile will get re-installed on the device. During device re-enrollment, APNs token will be fetched from the device.

    Removing a non-removable MDM profile

    If it’s a non-removable MDM profile, follow the below steps to remove it,

    1. Boot the Mac into Recovery Mode.
    2. Go to the Utilities menu, open Terminal and type:


      3. cd /Volumes

      Press return and type:

      ls

      On pressing return, you can view the name of your hard drive (Ex: Macintosh HD) as the output. Replace “Macintosh\ HD” with the hard drive name in the command below.

      cd Macintosh\ HD

      Type the following command to locate further the exact position of configuration profiles in the directory.

      cd var/db/ConfigurationProfiles

      To verify your position in the directory structure, type the pwd command and press return. Now, you will view the output as /Volumes/Macintosh HD/var/db/ConfigurationProfiles (or with your hard drive name in place of “Macintosh HD”).

      Note:


      Only proceed with the last commands if you are confident, you are in the correct directory, or data might get lost.

      Enter the commands below once you are in the right directory:

      rm -rf *

      mkdir Settings

      touch Settings/.profilesAreInstalled

    3. Restart the device.

      4. After you restart the Mac, you can log in and run "sudo profiles renew -type enrollment" command to re-install the MDM profile on your device.

      Note:


      In certain macOS versions like macOS 13.0 or 13.1, the sudo command may not function as intended. To address this issue, it is recommended to update macOS to newer versions and attempt running the sudo command again.

Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Troubleshooting Guides