Help

Critical update won't install after imaging

AVmcclint
Honored Contributor

Posted on ‎01-17-2017 10:29 AM

289672b4ddf147f8b885701899a83a73
After imaging 2016 MBP with a 10.12.1 image (built from the same model) the computer boots up and I immediately get a white square with a spinning gear for several minutes. Then I get the error above. There's no indication of what it's doing and I can't access the log to see what's wrong. The Mac is completely unusable because I have to shut it down or click Try again that never works. What the heck is going on? Anyone know what this is?

0 Kudos
Reply
3 REPLIES 3

Kaltsas
Contributor III

Posted on ‎01-17-2017 11:04 AM

I believe you are running up against this

http://blog.eriknicolasgomez.com/2016/11/27/the-untouchables-apples-new-os-activation-for-touch-bar-macbook-pros/

I'm guessing your network does not have unfettered access to Apple for the MBP to obtain the requisite touchbar software.

0 Kudos
Reply

perrycj
Contributor III

Posted on ‎01-17-2017 12:35 PM

@AVmcclint So we've ran into this recently and have an open ticket with Apple about it. Couple of gotchas with these touchbar Macs:

  • In addition to the blog post that @Kaltsas mentioned (which is a great read btw), Apple has confirmed to me that if you touch the EFI partition in any way, you get that prompt.

  • Apple confirmed OS updates, right now just 10.12.2, also tie into these touchbar updates. When you download the update from softwareupdate or the App Store, it also downloads the firmware in the background from Apple into the following directory: 

    /usr/standalone/firmware

    for reference later during the restart for the 10.12.2 update.

  • If, for some reason like at my company, the places it goes to get those updates for the touchbar are blocked on your network, it can't download them and therefore, when you restart you get the screen you provided.

  • Also, if you do get that prompt for any reason, you essentially have to have an open network to get them.. meaning, no fancy authentication as it is not supported from the Mini-setup assistant that pops up for this update. At my company, we used certificate based authentication to get on both internal wired and wireless (not supported). Also, our guest networks require authentication through a web portal/web page (also not supported). Apple has told me this is a bug and have submitted to product engineering for review.

In the meantime, the Macs are essentially bricked until they can get that update, as the blog posts states. Apple also told me as long as you don't destroy the hard disk when re-imaging, the EFI partition should remain. However, that has not been my experience and even with a brand new Mac, using the OS it comes with (meaning, no erasing, no re-imaging, just configured).. after rebooting for the 10.12.2 update, I get that prompt for a "critical software update".

I've received the following possible URLs from Apple that need to be open for this:

gs.apple.com
gg.apple.com
gnf-mdn.apple.com
sk1.apple.com

I know at least gs.apple.com is mentioned in the blog post about this. As far as I know, there is no official KB about this from Apple, nor a mention of it anywhere by them. That blog post was really the only thing I could find about this topic.

I can update this thread as I get more information.

0 Kudos
Reply

AVmcclint
Honored Contributor

Posted on ‎01-18-2017 04:03 AM

My original post was accidentally posted twice. Comments are building on both posts. Here is the link to the other post

0 Kudos
Reply