Skip to main content

Hi all, I have been getting a headache with patch management. I have tried to update adobe acrobat reader, and google chrome on two different machines. I have downloaded the recent update from the 3rd party site as well as from jamf's 3rd party product site. I click the patch in self service and I either get "error" or "finished" but upon inspect the version, it failed to update and the patch reappears in self service acknowledging the out of date software.



I called jamf support and they told me they weren't able to help at the moment and opened a case. Has anyone else experienced this? And can someone please help??

For everyone posting in this thread, do you have an open case with Jamf support?



I do, and they are actively working on it, but have said that there appears to be more than one cause, so I highly recommend opening a ticket if you haven't already.


Yes, always open a ticket 1st.


Opened a case on this also :)


Opened a ticket yesterday afternoon, resolved overnight. Software versions are updating, and my email notifications are working again.


They have a workaround that can be done overnight. I've had the issue 3 or 4 times over the last six months.


Didn't fix for me :)


For those having this problem with Chrome and Firefox, There are plenty of scripts that check for versions and update automatically. These browsers are some of the easiest to keep up to date with scripts as apposed to a pain in the ass like Zoom. I suggest you search either the 3rd party software page or discussions for scripts to update these two rather than patch management.


Hi, is patch management still working?
Skype for Business 16.29.41 is out for about 2 weeks,
Symantec Endpoint Protection 14.3.3384.1000 is out for over a month... But Patch Management still shows the old versions.



Edge is still not integrated even many want it to (and most of Microsoft apps are already working fine).
Vote up for Edge to get integrated in patch management: https://www.jamf.com/jamf-nation/feature-requests/9140/microsoft-edge-patch-management-policy


It broke for me again, was working for a while raise a support case once more. @Tjernigan our security team is using patch management for reporting as it displays information in very user friendly way, but then it lies I'm starting to get a lot of questions why devices are out of date then they aren't really 🙂


@thomas.moser



I'm having the exact same issue and have opened a case. Please open a case if you haven't already.



Restarting Tomcat will quickly update the patch catalog but then it just stops updating again.


We've been having this same issue on and off for months now. Started again today. Everything is showing fully updated on the Policy tab but on the Report tab its a 0% for multiple Apps. Chrome doesn't even show the latest patch to pick from in the definition tab.



This is getting really old having to open a ticket every couple weeks just to get it working again for Cloud accounts.


Yeah, at the moment I'm seeing that the Chrome version has not updated in my Patch reporting. Not sure yet if I should reopen my never-ending ticket about Patch Management not updating or if someone is just having a Monday and forgot to update it.



Edit: Looks like it was someone just forgetting to update the Chrome definition as it now appears correctly.


I have been trying to use the Firefox patch management and it's not working. The extension attribute script looks different from the original one. I noticed the new script doesn't actually return any value in Jamf Pro. When I run the script in Terminal it prints out pipes around the version which I've noticed my working scripts do not have.



#!/bin/sh
#######################################################
# A script to collect the Version of Mozilla Firefox. #
#######################################################

PATH_EXPR=/Applications/*/Contents/*/application.ini
RELEASE="mozilla-release"
BUNDLE_ID="org.mozilla.firefox"
KEY="CFBundleShortVersionString"

RESULTS=()
IFS=$'
'
for APP_INI in $(/usr/bin/grep -l "${RELEASE}" ${PATH_EXPR} 2>/dev/null); do
PLIST="$(/usr/bin/dirname "${APP_INI}")/../Info.plist"
if [ "$(/usr/bin/defaults read "${PLIST}" CFBundleIdentifier 2>/dev/null)" == "${BUNDLE_ID}" ]; then
RESULTS+=($(/usr/bin/defaults read "${PLIST}" "${KEY}" 2>/dev/null))
fi
done
unset IFS

if [ ${#RESULTS[@]} -eq 0 ]; then
/bin/echo "<result></result>"
else
IFS="|"
/bin/echo "<result>|${RESULTS
  • }|</result>"
    unset IFS
    fi

    exit 0


  • The original script



    #!/usr/bin/env bash

    ##############################################################################
    #Script is designed to return the 'version number' of Mozilla Firefox. #
    #Locates the the installed firefox application verifies 'release' #
    #before returning 'version number' or 'not installed' #
    ##############################################################################
    RESULT="Not Installed"

    for i in /Applications/Firefox*.app; do
    /usr/bin/grep mozilla-release "$i"/Contents/Resources/application.ini
    if [[ $? -eq 0 ]]; then
    RESULT=$(/usr/bin/defaults read "$i"/Contents/Info.plist CFBundleShortVersionString)
    fi
    done
    /bin/echo "<result>$RESULT</result>"



    Attached screen shot of result in terminal. Could this be part of the issue? I'm not familiar with Inline Field Separators.


    @tomt Here try using this script. It is much easier than just trying to go through patch managment all the time with how many updates google sends out.



    !/bin/sh



    dmgfile="googlechrome.dmg"
    volname="Google Chrome"
    logfile="/Library/Logs/GoogleChromeInstallScript.log"



    url='https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg'



    /bin/echo "--" >> ${logfile}
    /bin/echo "date: Downloading latest version." >> ${logfile}
    /usr/bin/curl -s -o /tmp/${dmgfile} ${url}
    /bin/echo "date: Mounting installer disk image." >> ${logfile}
    /usr/bin/hdiutil attach /tmp/${dmgfile} -nobrowse -quiet
    /bin/echo "date: Installing..." >> ${logfile}
    ditto -rsrc "/Volumes/${volname}/Google Chrome.app" "/Applications/Google Chrome.app"
    /bin/sleep 10
    /bin/echo "date: Unmounting installer disk image." >> ${logfile}
    /usr/bin/hdiutil detach $(/bin/df | /usr/bin/grep "${volname}" | awk '{print $1}') -quiet
    /bin/sleep 10
    /bin/echo "date: Deleting disk image." >> ${logfile}
    /bin/rm /tmp/"${dmgfile}"



    exit 0


    @Tjernigan Thanks, I only use Patch for quick reporting on Chrome and to alert me of new versions in case I miss the email from Google. We will hopefully be allowed to move to autoupdates soon. Then I can pretty much forget about it except for stragglers.


    Reply