Apple Profile Manager – Mountain Lion Migration

Recently I had the pleasure of migrating an OSX Lion server to Mountain Lion.  It’s primary function was an MDM server for Apple devices.  Basically, the upgrade process involves upgrading to Mountain Lion followed by installing the updated Lion Server app.

Primarily, my interactions with the Apple Server have been for Profile Manager functionality.  In Lion, the Profile Manager utilized a PostgreSQL backend with a datastore located in /usr/share/devicemgr/backend/.  iOS applications and other push to device material were located in the ‘/backend/file_store/’ directory named as their MD5 checksum equivalent.  Logs for the devicemgr service were located in the ‘/backend/logs/’ directory.

In Mountain Lion Server, what used to be located in /usr/share/ is now packed into the Server Application itself.  For example, the same ‘/devicemgr/backend/’ is now located at ‘/Applications/Server.app/Contents/ServerRoot/backend/file_store/’.  The iOS applications and other push material are now located at ‘/var/devicemgr/ServiceData/Data/FileStore/’.

This knowledge is critical if you encounter an issue with the Profile Manager; there is not much info to go on if you have a problem.  In Lion, I had seen cases where the Profile Manager would for an unknown reason delete applications I was trying to push, causing managed devices to be unable to receive the application.

In the case of Mountain Lion Server, I encountered the following issue with devices post-upgrade when trying to upload an updated version of an application.

ProfileManager[217] <Error>: Caught unhandled exception undefined method `get_all_devices’ for nil:NilClass at …’

To me, this sounded like a nonexistent remnant of Lion was being referenced to.  To some people, this might sound like a good time to reset the Profile Manager with the wipeDB.sh script.  However, this would require you to rejoin all devices to the MDM.  In this case, there was only a single application which the MDM was being used to deploy, so I figured I would try clearing the Postgres tables containing the application information and see what happened.  After running the following commands, I was able to upload my application and push without the ‘undefined method’ error as show above.

sudo psql –U _postgres –d device_management
DELETE from public.ios_applications; SELECT setval('ios_applications_id_seq', 1); DELETE from ios_application_library_item_relations; SELECT setval('ios_application_library_item_relations_id_seq', 1);
/q
serveradmin stop devicemgr
serveradmin start devicemgr
Advertisements

7 thoughts on “Apple Profile Manager – Mountain Lion Migration

  1. I just ran into this (seemingly) issue. When I delete the app from the database I’m a bit concerned that all of the devices using the app will also have it removed. Can you confirm this is / isn’t the case?

  2. I am having the same problem with a specific app. I have several apps I am using in Profile Manager. How can I isolate the individual app I am having trouble with and remove only that? I couldn’t remove the app from the profile manager side of things, so I think clearing the data on the app is my only option – of course Apple Support won’t help with this, so I’m on my own.

    1. I figured this out! First, I had issues connecting the the device_management database, likely because this was a fresh install on OSX Mountain Lion, so I used:

      sudo psql /Applications/Sever.app/Contents/ServerRoot/usr/bin/psql -h ‘/Library/Server/PostgreSQL For Server Services/Socket/’ –U _postgres –d device_management

      Then, I ran the SQL command to display all the applications:

      SELECT * FROM public.ios_applications;

      Then, I deleted the app by name since the id didn’t display (insert your application name for :

      DELETE FROM public.ios_applications WHERE name=”;

      Then I ran the query to see all the apps in this table, and sure enough everything had worked perfectly.

      Your original article was extremely helpful in figuring this out! Thanks!!

      1. Glad you figured this out. I would also suggest once you’ve got everything up to date upgrading to the latest OSX Server app. With this one you can actually delete the applications through the web UI.

        I’d also suggest the following two applications, pgadmin3 and LaunchAsRoot. This gives you a nice GUI interface to manage the postgres database. Launch pgadmin3 using LaunchAsRoot to give it root access.

        These are the connection parameters for pgadmin3.
        Host – /Library/Server/PostgreSQL For Server Services/Socket
        Maintenance DB – device_management
        Username – _devicemgr

        Then go to Schemas -> Public -> Tables

        Look around and modify what you need to.

        I would also suggest you run OSX Server inside a VM. I have mine installed on a Mac Mini server which I installed VMware ESXi on top of. This allows you to ‘snapshot’ the server on the fly prior to major upgrades or changes. I always take a snapshot before I upgrade or change anything to do with certificates related to the Profile Manager service. You can quickly revert and get back to a working state!

  3. Hi, I came up with a couple of questions about how to safely connect to Mountain Lion’s Profile Manager DB with pgAdmin:
    1) Should I connect to the postgres DB and then somehow “switch” to the Profile Manager’s DB or should I directly connect to the device_management DB?
    2) Is it safe to connect to either the postgres (with the _postgres user) or device_management (with the _devicemgr user) databases? I really don’t want to mess them up just by connecting with pgAdmin.

    Full story here (for Apple Developers): https://devforums.apple.com/thread/255570
    Or here: http://lists.apple.com/archives/macos-x-server/2014/Nov/msg00042.html

    Thanks in advance.

    1. Andrea, I am not an expert with this, and it has been a few years now since I last touched this technology. I believe it to be safe to connect, I don’t ever remember messing something up from simply connecting to the database. However, I would suggest the device_management database with the devicemgr user.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s