Jamf Nation Community

Chris · ‎10-15-2012

Hey guys,

i'm having a hard time getting the MS Office 2011 14.2.3 update to work during imaging with 10.8.2.

My package consists of
- Office 14.2.0 Installer
- Office 14.2.3 Update
- Office 14.2.4 Update
- Choices.xml file
These are copied to /tmp and then being installed by a postflight script.
Package is set to "install at reboot".

It gets stuck upon installing the 14.2.3 Update.
The ocspd process goes nuts with 95% CPU usage and the machine is trying to reach ocsp.apple.com.

We are behind a proxy here, which is only set up after all the package installations in the imaging workflow, by a script.

As soon as i ssh into the machine during imaging and set the proxy manually,
the installation continues.

I'm guessing that ML can't verify the 14.2.3 Updater's certificate,
although pkgutil --check-signature returns a valid cert.
I tried adding the -allowUntrusted option to the install command in the postflight script,
didn't help either.

10.7.5 doesn't have this problem.

Can anyone think of a solution for this,
other than changing my imaging workflow?

golbiga · ‎10-15-2012

Why not build the package that contains all the updates first. Instead of having it built during imaging.

Allen

talkingmoose · ‎10-15-2012

Two things come to mind:

You can rebuild the package without the certificate using the command line:

pkgutil --expand /path/to/Updater.pkg /tmp/Updater.pkg
pkgutil --flatten /tmp/Updater.pkg /path/to/new/NoCertUpdater.pkg

Beginning with new installs of Lion 10.7.5 and with Mountain Lion, Apple sets the OS to check for certificate revocation. If you look in the Keychain Access utility and under Keychain Access --> Preferences... --> Certificates tab you'll see the options are now set to Best Attempt. Setting these to Off via script before installing Office may resolve your issue.

defaults write com.apple.security.revocation.plist CRLStyle None
defaults write com.apple.security.revocation.plist OCSPStyle None

I haven't tested the second method.

dderusha · ‎10-15-2012

Try Installing at Login.

calumhunter · ‎12-16-2014

** Update: Ok I'm a clown. I had a typo in my script. Setting the two keys:

defaults write com.apple.security.revocation.plist CRLStyle None
defaults write com.apple.security.revocation.plist OCSPStyle None

in ```
/Library/Preferences
and
/var/root/Library/Preferences
```
did the trick

Talk about bringing back an old thread. BUT

I am running into this issue on 10.9.5 and 10.10.x

Setup:
AutoDMG created image of 10.9.5 or 10.10
Restored to machine.
Machine does not have any internet access as it is only available through an authenticated proxy server.
Attempt to install a signed package such as office 14.4.7 update whilst machine is at login window via ssh (package already exists on machine in /Library/Packages
This is done with installer -pkg /path/to/office.14.4.7.pkg -target /
watch the install.log and notice that the package sits at preparing or validating. it never installs - even after leaving it for over an hour.
watch top -u see ocspd go crazy 100-200% cpu usage
reboot machine.
log in as a local admin and enable proxy server and provide username and password in network preferences so machine has internet access
attempt to install package again and it goes through immediately.
this is an unworkable solution as proxy is authenticated and we need to be able to install software at the login window with out having users authenticated.

Have tried setting the CRL and OCSP settings with defaults. creating the pref in root users lib/prefs and also in /Library/Prefs still no change.

My Google Fu leads me to believe i'm one of the only people on the planet to run into this issue. :/

what the?

Jamf Nation Community

Installing Office 14.2.3 Update during Imaging with ML