Jamf Nation Community

fhturner · ‎11-10-2019

Hey Everyone—

Please forgive if this is outside the scope here... I don't actually have/use JAMF, but so many web searches about SUS have brought me here, that this seemed like the most knowledgeable place regarding the inner workings of the Software Update Service. Just tell me to get lost if I'm intruding! :)

Anyway, I maintain some older Mac Pro 10.6.8 Servers that recently stopped being able to download most system updates via SUS, seemingly coinciding w/ the "Great Certificate Re-issuance of 2019" a few weeks ago. Something like Safari 13.0.3 will download and be available, but Security and Supplemental Updates do not. Logs look like this:

Thu Nov 7 21:18:15 swupdate.mydomain.net swupd_syncd[89940] <Warning>: ignored invalid download request for product 061-27895, current state = PleaseMirror

The interface shows the clear bubble and greyed out checkbox. Looking at the html/content/downloads folder shows that it's not even creating the subfolders it needs, but even if I do that for it, it still doesn't download and save any files to disk.

I know these Snow Leopard servers are long in the tooth, but the SUS components have just continued to work as long as I added in new catalog paths and updated the Apache conf for each new OS. I'm hopeful this will be temporary or an easy fix for some of you experts, rather than having to change to something else.

Thanks for any insight and suggestions!
Fred

techizen · ‎11-11-2019

We have a similar setup (though not quite as old as 10.6.8!) and updating the catalog paths/apache conf for each new OS continues to mirror updates for all OS versions so far including Catalina.

In the SUS settings do you have it set to mirror automatically or manually?

You might have to "refresh" your software update status file and the updates that have been downloaded to the html/content/downloads folder, especially after the recent "Great Certificate Re-issuance of 2019" a lot of redundant updates have been left behind.

In Server Admin stop the SUS service
For 10.6.8 Server the location of the SUS configs/content are different to later versions of macOS/Server app. So for 10.6.8, delete the downloaded content by deleting the /var/db/swupd/html folder.
Delete the software update status file which is /etc/swupd/com.apple.server.swupdate.plist (there might be a backup file as well - delete that too).
Leave /etc/swupd/swupd.plist &/etc/swupd/swupd.conf as is, as these are your SUS configs for catalog paths/apache conf.
Start up SUS service - the deleted files/folders above will be recreated and updates will have to be re-downloaded. If you set your SUS to manually mirror the updates, you will have to re-enable/re-download all the updates that you want enabled.

Hopefully this helps!

Cheers,
Takeo

oba888 · ‎11-12-2019

Thank You slot

oba888 · ‎11-12-2019

Thank You slot

fhturner · ‎11-21-2019

Hey Takeo, thanks for the reply! I'm sorry I'm so slow back here...at first my post was moderated, so I didn't realize it had been cleared and just happened to check back today!

To answer your question, I mirror manually. For these troublesome updates, if I select the entry and click Copy Now, swupd_syncd starts up and looks like it's going to download the update, but then it turns back off and gives the error message above in the logs. I will try your suggestion and see what happens. BTW, it's not just one 10.6.8 server I'm having trouble with— there are 3 or 4 that do the same thing.

Thanks again for the input. I will post back w/ what I find.

Fred

Jamf Nation Community

Changes to Apple SU servers causing trouble for my SUS?