Jamf Nation Community

sysadmin404 · Friday

Hi all,

I am trying to push Software Updates to a smartgroup, but this doesn't seem to go through; I tried many options (Download only, Download and install, Download and schedule to install ecc.) but nothing seems to work. This is happening on Apple Silicon device.

Having a check on the device > History > Operating System History, I see the Software Update failed and the error message:

"AppleSiliconNoEscrowKey".

Running sudo profiles status -type bootstraptoken I see the token is supported and is escrowed, and while running

sudo profiles validate -type bootstraptoken I see the token has been obtained from the server and is validated.

I am sure I am missing some basic checks, but can't find what.

Has anyone had the same issue?

AJPinto · Friday

In my experences software update issues are usually related to network configurations. What does /var/log/install.log say on an impacted device?

sysadmin404 · Friday

I see a lot of info in the logs file.. is there any specific term I need to search for? Searching for "software update" or "softwareupdate" returns ~300 results. I am pretty new to Jamf Pro, so I don't know how to proceed for this.

AJPinto · Friday

Unfortunately the install.log is a mess. You more or less need to read the logs around the OS update events and find stand out.

SUOSUAuthenticationManager should come up around the start of the OS update workflow. This is the authentication to do the thing. softwareupdated is the deamon doing the stuff, and you can pretty much ignore anything not related to softwareupdated.

Yam_Moktan · Sunday

@sysadmin404 I had the same issue.You will need to run the bootstrap token escrow again in affected device, which can be manual process.

sudo profiles install -type bootstraptoken

Or you can use this script which leverage the process but still need user intervention.

https://community.jamf.com/t5/jamf-pro/run-bootstrap-token-escrow-script/m-p/337533#M282136

mvu · Friday

Is your Jamf on cloud or on-prem?

Wondering if you're using DDM. If so, could try turning off the SOftware Update Feature. Then toggle back on after records clear.

Shyamsundar · Friday

What is the status of BootStrap Token Escrowed in the Security, It is displayed as Yes or No.

When I ran sudo profiles status -type bootstraptoken Manually on the device it showed Yes for both Supported on Server and Escrow on Server, but the Bootstraptoken status is displayed as No on the JAMF inventory

have raised a case with JAMF and had a two-level troubleshooting call, Shared the System diagnostic files from the affected devices, and waiting for the update from JAMF. it seems like a PI,

I would advice raising a case with JAMF, So they know it's more spread.

sysadmin404 · yesterday

Hi all,

So I was able to make it work, after some tests.. how? I am not sure. What I did is I took one of the scoped devices, erased it to MacOS 14.0, scoped the device and applied the update. I found out that the Install action is not always working, as sometimes I got it working by choosing Download, install and restart and some other times with Download and schedule; what made the difference is the Target version, apparently the only way to make it work in my case was to manually choose the Specific version. After this, it worked on ~75% of the cases.

Overall I think the feature is not reliable, as there are too many variables (I am thinking about security updates that need to be installed quickly).

I took a look on the web and found some people are using Nudge and S.U.P.E.R.M.A.N. for managed software updates, but I am wondering how this will be supported in future updates.

Jamf Nation Community

Can't apply software updates from Jamf