Forcing updates using the new Software Update feature

mrrobertbuss
New Contributor III

Is it just me or is this forced update feature not working for you too? Noth

Is it just my system or is this not working for you too? Updates do not get forced and we are all on Sonoma. 

 

B2C9B51C-50C4-41B9-83CC-87F6AC48E084.jpeg

2 ACCEPTED SOLUTIONS

sdagley
Esteemed Contributor II

WARNING! - PI116287 "Scheduled Software Updates (DDM) using Specific Versions Does Not Work" 

Apparently I was incredibly lucky that using a DDM Scheduled Update specifying version 14.2.1 actually worked because there is a bug in the current implementation that generates malformed DDM commands. Use the "Latest version based on device eligibility" or "Latest minor version" options to schedule an update instead.

This bug is present as of Jamf Pro 11.2.0, and reportedly will not be fixed until after Jamf Pro 11.3.0 is released.

View solution in original post

mrrobertbuss
New Contributor III

Thank you for this. For me, this is the way to move forward on this issue. It may not be a solution for all. Resolving this ticket with this answer. 

View solution in original post

16 REPLIES 16

mrrobertbuss
New Contributor III

Sorry for the two sentences posted. Thought I deleted the first sentence but it showed up anyways. 

red_beard
New Contributor III

I also haven't had success. My example is with my Mac Studio lab here. I was trying to get them to go from Ventura to Sonoma. I set it up to run about two weeks ago and not one machine out of 35 has updated. As far as I can tell there is no window into the process to see what's gone wrong or if it's actually trying to do anything. 

I fully accept I might be missing something obvious here, but I don't know what to do about.

Your devices already need to be on Sonoma to set a deadline. Doing this for pre-Sonoma clients does nothing. You need to have a different update flow for these using the traditional options (download, install and restart).

sdagley
Esteemed Contributor II

@mrrobertbuss Have you previously deployed a Scheduled Software Update request with a deadline further out? It appears that you need to cancel any pending Scheduled Software Updates before a new one will be recognized. You can do that by turning off the beta Software Update mechanism which will cancel all in-flight updates. You can then turn it back on and schedule your new update.

I'd also suggest you implement the two EAs from my https://community.jamf.com/t5/jamf-pro/extension-attributes-to-report-on-ddm-scheduled-macos-updates... post which will report the version and deadline for pending updates.

mrrobertbuss
New Contributor III

Set up the deferral to kick in 1.9.24 at 8:00 am

Nothing happened. Consensus is this works for some but not for others. 

mm2270
Legendary Contributor III

I've also had almost no luck getting the new Software Update functions to work.

I wasn't aware of the potential for pending scheduled requests interfering with any new ones. That seems like a silly flaw in the process. We should not need to be turning off and on features to get things to work, but I appreciate the heads up on that issue @sdagley regardless.

If I could have one wish in regards to macOS management, it would be for a truly reliable and easy way to deploy OS updates to my Macs again, that doesn't require a wing and a prayer, prompting (begging) users to install them or any user interaction. This mess we're in of Apple's making has been going on for so many years now. I'm so tired of having to explain to my management that getting these installed is so difficult.

AJPinto
Honored Contributor II

This workflow still uses Apples MDM framework to manage OS updates. The problem is not so much JAMF, its more so Apples entire workflow for handling OS updates is flat out garbage.

 

If there is anything causing the update to fail, JAMF does not notify you. You must go to each inventory record individually and check. Even then, JAMF is relying on the data that Apple kicks back with the MDM framework which usually is nowhere near enough to troubleshoot an issue. I would suggest having the install.log from a few of the effected devices sent to you and looking over them. I'd wager you either have a network block, or a persistent app that is preventing the reboot as none of Apple's commands will actually force quit an app that does not want to quit.

 

TL;DR: JAMFs new Software Update panel is just putting lipstick on a pig, macOS updates are still just a pig.

 

About software updates for Apple devices - Apple Support

macOS Upgrades and Updates Using a Mass Action Command - Technical Paper: Deploying macOS Upgrades a...

ScheduleOSUpdateCommand.Command.UpdatesItem | Apple Developer Documentation

Get the OS Update Status | Apple Developer Documentation

sdagley
Esteemed Contributor II

@AJPinto In my testing of DDM Scheduled Updates a Mac will restart at the scheduled time to complete the update even if there are applications open with un-saved documents. Have you found an application that can't be terminated that repeatedly prevents installation?

While I'm not exactly happy it's taken Apple this long to address the gaping hole in managing macOS updates that Big Sur introduced I am pleased with the introduction of DDM Scheduled Updates in Sonoma. Are there some rough edges at the moment with both the Jamf Pro and macOS parts for configuring and completing DDM scheduled updates? Yes, but for my environment it's working much better for ensuring Sonoma updates by a deadline than Nudge did for Monterey and Ventura. I'm optimistic that both Jamf and Apple will aggressively improve things over their next few releases, and we'll finally be able to cross "Provide reliable management of macOS updates" off the Mac Admins Wish List.

sdagley
Esteemed Contributor II

To follow up on my comment that I'm optimistic DDM Scheduled Updates will truly be useful here are the current macOS Sonoma stats for my org:

Screenshot 2024-01-19 at 3.16.17 PM.png

macOS Sonoma 14.2.1 is being rolled out as our base macOS install so the majority of devices listed are upgrades from macOS Ventura, but for all that were already on Sonoma a DDM Scheduled Update was used to ensure the update to 14.2.1. Of the 3 Macs not yet on 14.2.1 one hasn't been online since the scheduled deadline, one hasn't been logged back into since the deadline, and the 3rd (showing as Unknown) is running the macOS 14.3 Release Candidate build.

janthenat
New Contributor III

Just adding my experience, and apologizing for not fully reading all the previous posts ;^)

I've experimented with trying to perform the following two items using Software Updates, unsuccessfully:

  • Install macOS 11.7.10 on a Mac Pro 2013, running macOS Big Sur 11.7.9
  • Install macOS 12.7.2 on a Mac Pro 2013, running macOS Big Sur 11.7.10

For both tests I get the following result in Jamf Management...

Screen Shot 2024-01-11 at 3.30.29 PM.png

sdagley
Esteemed Contributor II

@janthenat For x86 Macs that old you can use erase-install (ignore the name, it can be used to upgrade Macs as well). See the wiki page for info on using from Jamf Pro: https://github.com/grahampugh/erase-install/wiki/6.-Use-in-Jamf-Pro

janthenat
New Contributor III

@sdagley Yes indeed, and I'm already doing this. But, there is a new thing and I must play with it ;^)

sdagley
Esteemed Contributor II

WARNING! - PI116287 "Scheduled Software Updates (DDM) using Specific Versions Does Not Work" 

Apparently I was incredibly lucky that using a DDM Scheduled Update specifying version 14.2.1 actually worked because there is a bug in the current implementation that generates malformed DDM commands. Use the "Latest version based on device eligibility" or "Latest minor version" options to schedule an update instead.

This bug is present as of Jamf Pro 11.2.0, and reportedly will not be fixed until after Jamf Pro 11.3.0 is released.

mrrobertbuss
New Contributor III

Thank you for this. For me, this is the way to move forward on this issue. It may not be a solution for all. Resolving this ticket with this answer. 

jender
New Contributor II

Have there been any updates on this? From Apple or Jamf? The solution above does not work for me. In fact, all combinations result in a 'AvailableOSUpdates - Scheduled Pending' status which eventually disappears but never actually notifies the user.