MacOS Update Scan Failed

sprsass
New Contributor

Few devices are not able to get the latest released MacOS update when connected with internal corporate network. Can anybody tell us which all things need to be whitelisted in order to get the devices updated with Apple update server directly. Thanks! 

3 REPLIES 3

RaxiaDK
Contributor II

Hej
Download Mac Evaluation Utility from https://appleseed.apple.com/it

Apple dont allow you to SSL inspect where network trafik.

AJPinto
Honored Contributor II

As @RaxiaDK suggested, I'd probably start with MAU. However, there are also some other tools like JET and Jamf Check that provide similar information, though MAU is generally better.

GitHub - txhaflaire/JamfCheck: A native SwiftUI macOS application that check's Jamf Pro, Jamf School...

GitHub - jamf/Jamf-Environment-Test: Admin Utility for testing an environments network for success w...

 

As far as what you need to allow, Apple provides the list of hosts and ports on the link below. The tools above will tell you what is being caught up in a TLS filter and need to be bypassed.

 Use Apple products on enterprise networks - Apple Support

foobarfoo
Contributor

One thing I've seen in customer environments is that some genius has configured an apple content cache somewhere which isn't working properly, that clients detect automatically. Check if that's the case from an affected computer with the following command: AssetCacheLocatorUtil

If that's the case, the best way to block it is to block DNS for the record that's used for clients to register. If that's not possible or desirable, the next best option is to disable content caching via JAMF/MDM policy, but the drawback there is that all potential content cache computers need to be managed by your MDM.