Does anyone have consistent results installing Mac App Store apps automatically?

GabeShack
Valued Contributor III

I can't seem to get this to work right. It's very inconsistent, where I have some apps install properly and others never showing up or even in the pending installs list.

Anyone getting this to consistently work for automatically installing vpp mac app store apps?

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools
8 REPLIES 8

GabeShack
Valued Contributor III

Actually here is another question, did you have to delete your app record in the jss of all the apple apps that they made free this week, or just check the free box?

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools

nhubbard
New Contributor III

I checked off the free box on all of the apps. But I currently have an open ticket with support on the pending issue. It is extremely inconsistent and so far they have yet to be able to provide me with a reason as to why. They are still working on it but there is no consistency of who it is working on and who it does not. Could be staff or student, does not matter. The only way I have been able to resolve it is by canceling the pending commands, re-enroll the device using recon and then it seems to push through. That's fine but I can't do that for 300+ machines.

Kaltsas
Contributor III

I have never been able to get device distribution VPP to work with 100% consistency.

In my testing I found the following.

Sometimes there will be pending commands for the device. If the only pending commands are the InstallApplication MDM commands (ex. Install App – Pages). If you log out and back in on the client computer as an MDM enabled user the commands will usually execute successfully and the apps will be installed.

Sometimes there will be where the App supposedly installed based on logs but does not exist on the client computer.

Sometimes there will be no pending commands, no logged install actions, no logged MDM commands.

Usually (75% of the time?) everything goes fine and the client gets the applications that are in scope.

Once a client is stuck in scenario 2 or 3 (or scenario 1 where logging out and back in with an MDM enabled user does not work) the only way to get the application installed is to re-enroll. I have had some test clients that I have had to completely delete the computer record from the JSS. I am in an industry where I cannot delete historical records like this.

I worked with jamf for several weeks on this (v9.97). The inconsistency is maddening, with seemingly no rhyme or reason when it will act up. I scrapped my plans to use VPP device distribution and I'll revisit come v10. I looped in Apple on this thinking maybe it was an MDM issue on their end and Jamf came back that there are several logged PIs regarding VPP and App Store. I tabled my plans for VPP device distribution in hopes that this behavior is better come v10.

kendalljjohnson
Contributor II

I'll add to the frustration, with the scenario of Lab environments.

From how it was explained to me (potentially old news to some), a MDM capable user has to login to trigger the installation process. In a lab environment, I can't guarantee every computer will get used in a day, meaning I either have to be the one to login to trigger the process or wait and see, checking if the command is pending for a user that was logged in when I pushed the command but may not log back into that same computer for the process to complete. Not really a clean way to instantly push a VPP app.

Add on top of that, I'm trying to push Xcode which is such a large download that the potential of failed install only increases.

dmichels
Contributor II

Yes, same thing mixed results. I found that if I install via Self Service (even though I have Install Automatically/Prompt Users to Install) they still show up in Self Service as well. Then just trigger one, the others will download as well.

Another option: Log in as Administrator on Mac and in Terminal run:
sudo jamf removemdmprofile
sudo jamf mdm
sudo jamf mdm -userLevelMdm

That installs all the Apps as well (because if you look on the Computer Record in JSS this will add Administrator to MDM Capable Users) and then it Force Update on the App in the Mac App Store Apps.

Chris_Hafner
Valued Contributor II

I've never had a problem when repackaging MAS apps via composer, packages, etc... however, that era is really at an end. I will soon be in your boat as well.

frozenarse
Contributor II

Can that era really come to an end if the 'replacement' isn't reliable?

I'm not looking for an answer to that. I'm just tossing that out there in frustration, and as a 'bookmark' to keep an eye on this thread.

Chris_Hafner
Valued Contributor II

You have a very good point!