Software Update failing "You need to be the owner to install"

ajamfadmin1810
Contributor

Hello All

We are runnning into an issue with laptops trying to update OS and being met with an error that states "you need to be an owner to install". Some machines the workaround of "sudo softwareupdate -i -a -R", will install the update but this isnt ideal. All machines are M1 machines, DEP enrolled and going through the same prestage. It seems like its related to SecureToken missing (which might also be causing some FV2 issues) for the user, at least thats what my google fu leads me to. 

 

I kind of remember there being a script out there that could be used to assign a securetoken, we used it at my last place but I cant seem to find it. Any help is appreciated!!!!

1 ACCEPTED SOLUTION

jcarr
Release Candidate Programs Tester

Can you confirm the error text you quoted?  Might is read "volume owner" rather than just "owner?"  If so, you are likely running into a secure token or bootstrap token issue.

 

https://support.apple.com/guide/deployment/use-secure-and-bootstrap-tokens-dep24dbdcf9e/web

 

Did you by any chance deploy these devices with recovery lock enabled?

View solution in original post

6 REPLIES 6

jcarr
Release Candidate Programs Tester

Can you confirm the error text you quoted?  Might is read "volume owner" rather than just "owner?"  If so, you are likely running into a secure token or bootstrap token issue.

 

https://support.apple.com/guide/deployment/use-secure-and-bootstrap-tokens-dep24dbdcf9e/web

 

Did you by any chance deploy these devices with recovery lock enabled?

So it’s related to not that you said. I checked our system logs and a bunch of missing bootstrap tokens. I have a script that assigns secure token, once I did that the user could update no issue. Checking with Jamf why this is happening to 10% of our machines

Did you find anything from Jamf?

Can you specify what script you are using to resolve this?

kwoodard
Contributor III

Yes, can you please share your script? I have a bunch of M1/M2 that are showing this message. 

declure
New Contributor II

I haven't had a lot of practice on this issue but I ran into it today and tried:

sysadminctl interactive -secureTokenOn receivingUsername -password 'receivinguserpassword' and in my single case, it seemed to solve it.  I'd be curious if that helps anyone else.