If You Are Using MDM, You’ll Want To Know These Tricks
A main part of my job is going around to businesses and schools and helping them deploy, support and manage their Apple devices using MDM solutions such as Jamf and Zuludesk. In many cases if there’s a hiccup its a similar issue to another site, so I’ve created a toolbox of useful tricks, commands and apps to help me tackle these more efficiently from site to site.
Services Test App (iOS Only)
MDM requires Apple Push Notification Service (APNS) in order to work. This means that the network that the Apple Devices are running on need access to certain Apple services and URLs. One of the main problems on a network when MDM isn’t working correctly is that a firewall or filter is stopping APNS connections.
The Services Test app checks in with the URLs and ports that are required for APNS and gives a red or green light depending on if the service is reachable on that network. If its not then its easy to show the network teams what needs unblocking.
If you’ve used MDM to configure AirPrint printers you’ll know that there is a number of things that you will need to know about the printer, such as its IP address and resource path.
If you know that IP of the printer then there is a terminal command that can be used to find the resource path but you have to fish it out of a load of information you don’t need.
If you have a Mac that’s on the same network as the printer and you have Apple Configurator 2 installed theres a much easier way. Open up AC2, create a new profile and create a new AirPrint payload. When you hit configure your Mac will see the printers that you can config as AirPrint printers including their name, IP, resource path and port number.
Simply copy these details into you MDM.
An important part of a modern Apple deployment is a Caching Server. Its relatively easy to set up but depending on your network might not be the easiest for your devices to contact.
If you’ve got a Caching Server setup and you think it should be caching for your Apple device but doesn’t seem to be, put your Mac onto the same network or VLAN as the client devices. Open up Terminal and use AssetCacheLocatorUtil.
You will see a report back that shows you any caching servers that are available, what they are caching (just apps or iCloud data too) and if you can reach the server.
Knowing this information makes troubleshooting a lot easier.
Search For “storedownloadd” In The Console App
When using VPP with a Mac it’s hard to see if an App is actually downloading (unlike and iPad app where theres a ‘clock’ showing that its progressing). You could use Activity Monitor to see that theres network activity but it could be something other than an App downloading and installing.
If you open up the Console App, macOS built in Log viewer, you get search for storedownloadd and hit the ‘now’ button. This will show you any detail that is being logged by the storedownloadd process. This includes the App name and the % of the app that has downloaded. Its a really useful tool when it looks like a Mac is sitting there doing nothing.
Use the nettop -n -p “AssetCache” Command in Terminal
This is something that really helped me out a lot in recent weeks. Its a new command to me after reaching out to a contact in Apple but one that’ll went straight in my toolbox.
Open up terminal on the caching server and type nettop -n -p “AssetCache” this then shows you a live list of what a caching server is doing. It’ll show you when the caching server is downloading an app from the App Store and when a client (in the form of an IP address) is having data served to it.
Using this command I was able to see that only devices on a certain subnet were being served which enabled me to use the advance options of Caching, in the Sharing System Prefs pane to edit the subnets that should have been served.