Skip to main content
Question

JAMF / PPPC/ Microsoft Autoupdate

  • December 31, 2020
  • 2 replies
  • 57 views
N
Forum|alt.badge.img+6

Is there a good way to debug an issue with TCC / PPPC policy and Microsoft Update?

I've implemented the PPPC Policy from @pbowden and associated update script. However for a subset of machines the "msupdate --config" step never returns any results and the rest is ignored. I would guess this is related to PPPC policy and ability to send Apple events.

I've tried to look at TCC logs and get the following:

2020-12-31 14:24:54.162632-0500 0xf70f98 Error 0x109e829 660 0 tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing={identifier=com.microsoft.autoupdate.fba, pid=91467, auid=501, euid=501, binary_path=/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant}, requesting={identifier=com.microsoft.autoupdate.fba, pid=91467, auid=501, euid=501, binary_path=/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant}, 2020-12-31 14:24:54.162695-0500 0xf70f98 Default 0x109e829 660 0 tccd: [com.apple.TCC:access] target_executable_path_URL: file:///Applications/iTerm.app/Contents/MacOS/iTerm2 2020-12-31 14:24:54.163179-0500 0xf70b68 Error 0x1099aee 160 0 tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing={identifier=com.microsoft.autoupdate.fba, pid=91467, auid=501, euid=501, binary_path=/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant}, requesting={identifier=com.apple.appleeventsd, pid=570, auid=55, euid=55, binary_path=/System/Library/CoreServices/appleeventsd},

but this appears on machines that work and those that don't. Even manually running "msupdate --config" fails.

Other things I have tried:
- checking binary code signing signature (codesign -dr - <path>)
- updated PPC to include some additional Apple Events settings for jamf and com.microsoft.autoupdate.cli

Any thoughts on best way to track down what is blocking autoupdate?

    2 replies

    N
    Forum|alt.badge.img+6
    • nycnewman
    • Author
    • Contributor
    • January 4, 2021

    Just a follow up. Current investigation:

    • under a variety of conditions some systems appear to get no response from msupdate via AppleEvents
    • Logs seems to imply that it is possible that the msupdate process is dying and thus not returning results
    • I have seen stack trace type failures when manually running "msupdate --config" under sudo but not consistent
    • Fixed the above errors with an update PPC policy but still having issues getting the config test to respond.

    Anyone else seeing issues with msupdate?

    N
    Forum|alt.badge.img+6
    • nycnewman
    • Author
    • Contributor
    • February 1, 2021

    Sadly still seeing this. Approx half a dozen machiens across 10.14, 10.15, and 11.1 all produce the TCC errors. I have done the following:

    • Checked MDMOverrides.plist is distributing consistently to all machine and has correct TCC values
    • Trace the logs on several machines and see the following across them all
    • Revalidated application signatures on machines (codesign -dr -<app>) for jamf and msupdate

    Is there a better way to debug tccd issues?

    2021-01-28 13:05:05.420001+0000 0x694da Error 0x0 306 0 tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for RESP:{ID: com.jamfsoftware.jamf, PID[14276], auid: 0, euid: 0, responsible path: '/usr/local/jamf/bin/jamf', binary path: '/usr/local/jamf/bin/jamf'}, ACC:{ID: com.microsoft.autoupdate.cli, PID[18750], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/msupdate'}, REQ:{ID: com.apple.appleeventsd, PID[77], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}

    RESP: com.jamfsoftware.jamf
    ACC: com.microsoft.autoupdate.cli
    REQ: com.apple.appleeventsd

    2021-01-28 13:05:06.888646+0000 0x69402 Error 0x7d65d 404 0 tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.microsoft.autoupdate.fba, PID[18793], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant'}, REQ:{ID: com.microsoft.autoupdate.fba, PID[18793], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant'}

    RESP:
    ACC: com.microsoft.autoupdate.fba
    REQ: com.microsoft.autoupdate.fba

    2021-01-28 13:05:06.932372+0000 0x694da Error 0x0 306 0 tccd: [com.apple.TCC:access] Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for ACC:{ID: com.microsoft.autoupdate.fba, PID[18793], auid: 501, euid: 501, binary path: '/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant'}, REQ:{ID: com.apple.appleeventsd, PID[77], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}

    RESP: ACC: com.microsoft.autoupdate.fba
    REQ: com.apple.appleeventsd

    Terms & ConditionsCookie settingsAccessibility statement