Skip to main content

Devices Not Communicating after Renewing APNS Certificate in Jamf Pro

Updated over 2 weeks ago

Issue Description

After renewing the APNS certificate devices have stopped receiving MDM commands. The JamfSoftwareServer.log may show:

2020-04-30 21:31:48,267 [ERROR] [ina-exec-23] [MRequestSignatureVerifier] - Device cert doesn't match for a request from a device of type 'COMPUTER' with UDID '########-####-####-####-############'
2020-04-30 21:31:48,267 [ERROR] [ina-exec-23] [MdmControllerUtil ] - Returning 500.

The MDM Push certificate was renewed with the incorrect Apple Account.

Troubleshooting Steps

We need to renew and re-upload the APNS certificate that was in Jamf Pro before.

  1. Identify the certificate previously used by finding the certificate topic id on an enrolled device not receiving commands:

    1. For an iOS device: Settings > General > Device Management > MDM Profile > More Details > Click the first link (Mobile Device Management) > In there grab the "Topic".

      This photo shows where you are able to find the "Topic" for your device.

    2. For a computer: System Preferences > Profiles or System Settings > Privacy and Security > Profiles, select the MDM Profile and get the Topic from the Details > Mobile Device Management section.

      This photo shows where the "Topic" is specifically found in your Details section within System Preferences.

  2. Log into https://identity.apple.com/pushcert/. Then click the "i" next to the certificates until you find the certificate with the "UID" that matches the "Topic" on the device.
    Example of the "UID" on the Apple Website:

    This photo serves as an example of what UID certificate you will enter on the Apple Website.

  3. ​If you find a certificate with a UID that matches the topic on devices, renew that MDM Push Certificate and reupload into Jamfo Pro following https://learn.jamf.com/bundle/training-video-shorts-jamf-pro/page/How_to_Renew_a_Push_Certificate_in_Jamf_Pro.html

    1. Cancel the pending and failed commands on devices so they re-trigger

    2. Any devices that were enrolled since the original renewal of the MDM Push Certificate need to be re-enrolled. For assistance identifying devices, see Jamf Pro Smart Group to find devices enrolled on a MDM Push Notification Certificate

More Resources

If the certificate is not listed, follow steps in Finding Apple ID used for Push Certificate Creation.

Did this answer your question?