Issue Description
After renewing the APNS certificate devices have stopped receiving MDM commands. The JamfSoftwareServer.log may show:
2020-04-30 21:31:48,267 [ERROR] [ina-exec-23] [MRequestSignatureVerifier] - Device cert doesn't match for a request from a device of type 'COMPUTER' with UDID '########-####-####-####-############'
2020-04-30 21:31:48,267 [ERROR] [ina-exec-23] [MdmControllerUtil ] - Returning 500.
The MDM Push certificate was renewed with the incorrect Apple Account.
Troubleshooting Steps
We need to renew and re-upload the APNS certificate that was in Jamf Pro before.
Identify the certificate previously used by finding the certificate topic id on an enrolled device not receiving commands:
For an iOS device: Settings > General > Device Management > MDM Profile > More Details > Click the first link (Mobile Device Management) > In there grab the "Topic".
For a computer: System Preferences > Profiles or System Settings > Privacy and Security > Profiles, select the MDM Profile and get the Topic from the Details > Mobile Device Management section.
Log into https://identity.apple.com/pushcert/. Then click the "i" next to the certificates until you find the certificate with the "UID" that matches the "Topic" on the device.
Example of the "UID" on the Apple Website:
If you find a certificate with a UID that matches the topic on devices, renew that MDM Push Certificate and reupload into Jamfo Pro following https://learn.jamf.com/bundle/training-video-shorts-jamf-pro/page/How_to_Renew_a_Push_Certificate_in_Jamf_Pro.html
Cancel the pending and failed commands on devices so they re-trigger
Any devices that were enrolled since the original renewal of the MDM Push Certificate need to be re-enrolled. For assistance identifying devices, see Jamf Pro Smart Group to find devices enrolled on a MDM Push Notification Certificate
More Resources
If the certificate is not listed, follow steps in Finding Apple ID used for Push Certificate Creation.