Resolve issues with Profile Manager in macOS Server

Find out how to locate and fix issues if Profile Manager isn't working as you'd expect it to.

If you can't access the administration page

Profile Manager's basic setup is in the Server app. You must use Safari to access Profile Manager's /mydevices web page and the administration web page.

Only server administrators can access your administration page. The URL format for your administration page is:

  • https://your_server's_fully_qualified_domain_name/profilemanager
    Example: https://www.example.com/profilemanager

To enrol an iPhone, iPad, iPod touch or a Mac, go to:

  • https://your_server's_fully_qualified_domain_name/mydevices
    Example: https://www.example.com/mydevices

If you can't access the administration page with a web browser other than Safari, try using Safari. If you can't access it with Safari, check your DNS server. DNS settings are important when you're managing a Profile Manager deployment. If Profile Manager isn't opening, make sure that your server points to a reliable DNS server.

If you can't push profiles or apps to clients

If you're experiencing issues when pushing profiles or apps to client systems, check the system log file in Console. If it reports that your server can't reach Apple's APNs servers, check your network's configuration. Make sure that all of the needed ports are open.

For more information, turn on APNS debug logging with these Terminal commands:

sudo defaults write /Library/Preferences/com.apple.apsd APSWriteLogs -bool TRUE
sudo defaults write /Library/Preferences/com.apple.apsd APSLogLevel -int 7
sudo killall apsd

You can view the logs in the Console app by filtering on the com.apple.apsd and com.apple.apspd subsystems.

When your APNS transactions have been logged, use these Terminal commands to turn off debug logging:

sudo defaults write /Library/Preferences/com.apple.apsd APSWriteLogs -bool FALSE
sudo defaults delete /Library/Preferences/com.apple.apsd APSLogLevel
sudo killall apsd

If you experience other issues with Profile Manager

Profile Manager logs can help you fix issues with Profile Manager. You can find a symbolic link named "devicemgr" at /var/log. This file points to /Library/Logs/ProfileManager, where you can find these logs:

AuditLogs
  • Files in this directory provide CSV formatted logging of requests and responses from the corresponding service logs, such as all of the commands sent to a device or all of the actions initiated by a particular user. Each file has a header to describe the data logged in each column.
devicemgrd.log
  • Provides the status of querying and syncing Open Directory and Active Directory users and groups.
  • Reports errors that occur from queries executed by devicemgrd.
  • Displays entries related to sending push notifications.
  • Displays entries related to DEP and VPP transactions.
dmAuthService.log
  • Logs the status of web-based user authentication attempts.
dmDeviceService.log
  • Logs interactions between Profile Manager and the devices it manages.
dmhttpd.log
  • Logs high-level HTTP data for the requests and responses of Profile Manager services.
dmPortalService.log
  • Logs requests and errors from the /mydevices user portal.
dmSCEPService.log
  • Logs requests and errors for the SCEP service (used during device enrolment)
dmWebAdminService.log
  • Logs requests and errors while using the /profilemanager web admin.
dm_helper.log
  • Logs information related to MDM-related user authentication from macOS network users.
dmrunnerd.log
  • Displays the status of starting and stopping the managed ruby processes that support the Profile Manager web page (/profilemanager and /mydevices). This log is sometimes empty.
migration_tool.log
  • Shows the status and details of migration from a previous Server.app version. 

php-fpm.log

  • Displays the status of starting and stopping the individual php-fpm helper processes.

php-fpm.devicemgr.log

  • Issues with PHP are logged to this file.
PostgreSQL-<yyyy-mm-dd>.log
  • Logs any queries with Profile Manager's PostgreSQL database that result in an error.
  • This also logs commands that change the database schema.
servermgr_devicemgr.log
  • Logs the starting and stopping of the Profile Manager service.

This log can provide helpful information related to the web server:

  • /var/log/apache2/service_proxy_error.log

The following terminal command can provide you with additional information:

sudo log show --info --debug --predicate "(eventMessage contains[cd] 'devicemgr') or (category contains[cd] 'HTTPServer')"

About transaction "failures"

Some of these logs may list transaction "failures" or retries. Most of these entries are expected and don't indicate an issue. These logged events are conflicts between attempts to modify the underlying PostgreSQL database at the same time. These kinds of failures are retried until they succeed.

You can identify transaction conflicts when you see any of these notes in your log files:

  • Cancelled on conflict out to pivot
  • could not serialise access due to concurrent update
  • @@@ Retry #X
  • @@@ Retry X

Check the apspd CFPrefs file

Navigate to /Library/Preferences/ApplePushServiceProvider, select com.apple.apspd.plist, then choose File > Get Info. If the file is larger than 5KB, remove it and restart the apspd process with the following Terminal command:

sudo killall apspd

Use verbose logging to find more info

More information on how to fix an issue is sometimes available if you increase the log level. To gather the information you need, reproduce the issue after you've increased the logging level.

When you've finished, revert to the original logging level. If you leave the logging level at a higher setting, it will decrease the available space on your startup drive.

Turn on verbose logging

To increase the level of logging, use this Terminal command:

sudo debugDeviceMgr 4

This will automatically restart Profile Manager Service.

Turn off verbose logging

To revert the logging level back to its original setting, use this Terminal command:

sudo debugDeviceMgr 1

This will automatically restart Profile Manager Service.

Published Date: