Jamf Nation Community

Yes, I have S1 on this particular Mac.  One of the Macs that is failing doesn't have it at all.  Sometimes, I have seen other errors such as OS Version errors, but this is the latestest version of S1 and is compatible with macOS 12/13.  All of our Macs are Apple Silicon and I don't know if it has to do with that, either.

Update: Failed with different error.

Executing Policy Package - S1 Version 22 Upgrade

Downloading Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg...

Downloading https://use1-jcds.services.jamfcloud.com//download/51065be4104f400d994736181178ca03/Sentinel-Release......

Verifying package integrity...

Installing SentinelOne v22...

Installation failed. The installer reported: installer: Package name is SentinelOne

installer: Upgrading at base path /

installer: The upgrade failed. (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance. An unexpected error occurred while moving files to the final destination.)

Running script Upgrade - Sentinel One Version 22...

Script exit code: 1

Script result: Failed to upgrade (did not allow upgrade or downgrade as the version could not be extracted from the package).

This just get stranger and stranger.  I wonder if it has to do with Ventura?  On one machine, I changed Waiting Room to be accessible by "everyone" because the error I kept getting was that it couldn't access the file.  I also found issue with my setup that the pkg file was downloading to the Waiting Room directory.  So, on this machine where I have this:

Opened up the Waiting Room

I modified the Waiting Room folder to have admin Read and Write; everyone Read and Write (I know these redundant...)

The log file and JAMF Pro says it failed.

It says it failed, but I see that it has been installed. Or maybe it's partially installed.  "An unexpected error occurred while moving files to the final destination."  But, it appears to have actually installed.  

Shows version 23.1.1.6697 installed.

Another machine, one of my users, failed completely. Like it didn't download or Waiting Room isn't available...
Running the same script, it completely failed on this user's machine.  

I verified that 22.4.2 is still installed.  Actually, this one showed as failed and I thought it wasn't installed.  This is a pleasant surprise, but I am frustrated at the S1 install process.

script

This is the script that is running.

@mmolenda FYI you should invalidate that token and create a new one as you shared it with everyone in the image you posted. 

In your install policy are you selecting the action to install the cashed PKG?

No, I have it set to "Install".  Is that what I should set it to?

Still it fails, but for different reasons.

This is on all machines that don't have it installed.

This is on mine which does have it installed.

Can't resolve path: 

sentinelctl upgrade-pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-23-1-1-6697_macos_v23_1_1_6697.pkg"

It didn't download the .pkg but in the past, it has.

So to be clear this is our setup with SentinelOne: 

To install SentinelOne on a Mac without a previous version installed:
Upload the desired release pkg to Jamf (e.g: Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg).
Create a script in Jamf: 

#!/bin/bash
echo "SITETOKEN" > "/Library/Application Support/JAMF/Waiting Room/com.sentinelone.registration-token"
/usr/sbin/installer -pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg" -target /

Create a policy with:
Packages: cache the SentinelOne pkg
Scripts: priority after: run the created install script.

Scope as desired and that should work. If not you should look into download/distribution point issues or so. 

To update SentinelOne on a Mac with a previous version installed:
Upload the desired release pkg to Jamf (e.g: Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg).
Create a script in Jamf: 

#!/bin/bash
echo "SITETOKEN" > "/Library/Application Support/JAMF/Waiting Room/com.sentinelone.registration-token"
sentinelctl upgrade-pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg"

Create a policy with:
Packages: cache the SentinelOne pkg
Scripts: priority after: run the created install script.

Scope as desired

For scoping the install we created a smart group "Computers without SentinelOne installed" with criteria "Application title does not have SentinelOne Extensions.app". 

For scoping the update we created an extension attribute:

#!/bin/bash
if [ -f "/usr/local/bin/sentinelctl" ] ; then 
    RESULT=$( /usr/local/bin/sentinelctl version | awk '{print $2 $3}' )
else
    RESULT="not installed"
fi
echo "<result>$RESULT</result>"

 A smart group "Computers with SentinelOne version lower than 22.4.2.6599" that looks at the extension attribute output. 

We have an update inventory set on both policies (that run ongoing) as well so the Macs that complete the policies are no longer scoped. 

Does that assist you in any way? :-)  

HCS has a similar guide: https://hcsonline.com/images/PDFs/Jamf_Install_SentinalOne.pdf
And the SentinelOne support page: https://support.sentinelone.com/hc/en-us/articles/360055845253-Installing-and-Upgrading-macOS-Agents... 

Even though I didn't use that script, the way I did it does work but shows failed in the logs even though after a re-boot, the software inventory shows that the version number is now 23.1.1, which is all I can ask for.  I don't like it that the logs show failed, but at least the update is getting applied.  I am closing this topic.

I was running into the same issue and it's because the HCS guide doesn't mention you need to change the .pkg to cached (not install or cached install). Read through this thread, seems like that change made it work for you as well.

HCS's PPPC portion was also erroring for me (I guess it's possible it was a typo on my end, but I double-checked everything) so I went to S1's Jamf guide and just copied their config profile text to a file, then saved it as a .mobileconfig and uploaded to Jamf.

After everything had installed, S1 was still reporting my test machine needed to enable notifications in their console, but that went away after a reboot.