Help

Mixed results with Software Updates (Beta)

Rich_C
New Contributor III

Posted on ‎09-06-2023 08:07 AM

I am testing Software Updates (Beta) in my environment, and I am seeing mixed results. 
So, I started with a Monterey 12.6.6 and sent a request to update it to 12.6.7 which was successful.  Then I send another request to update the same machine to 12.6.8, locked the machine and left it overnight.  The machine did not update.  I researched and checked for anything I could find to see if the machine got the instructions.  I looked at the install.log and nothing stands out.   I ran the update command again, still no update.  Can anyone tell me if there is a certain time frame that it waits or a location or command at the machine can be checked.  Any help or information would be greatful.

0 Kudos
7 REPLIES 7

SabariG
New Contributor III

Posted on ‎09-06-2023 08:37 AM

Software Update via MDM command will not work always and we have seen intermittent issues like this. Hopefully as apple moving Software update to DDM in macOS Sonoma we will have some improvements :-)

 

0 Kudos

AJPinto
Honored Contributor II

‎09-06-2023 08:57 AM - edited ‎09-06-2023 08:59 AM

MacOS updates and managing them is absolute hot garbage. At this current point in time don't expect a higher success rate then around 70% without user involvement.

 

My suggestion is using a Managed AppleID from Apple Business/School Manager and submitting feedback using the feedback app. Then get the Feedback request number, and forward it to your Apple Account Rep. If you have an ACE Agreement also open a ticket with Apple.

 

Apple is going to tell you to run the Mac Evaluation Tool (located in Apple Seed). If you have any blocked or intercepted traffic showing on the Evaluation Tool, Apple is going to tell you to allow it. Most of Apples traffic does not matter for OS updates. So you will need to do a bit of poking around to see what you actually need, Apple wont spell it out for you unfortunately. JAMF has a similar tool to the Mac Evaluation Tool called Jamf Environment Test. Of course this is assuming you are on prem (or using a VPN), and/or your JAMF instance is hosted by you guys if not you have no control over the network configuration of the network the devices are using.

 

  1. Ensure your devices are correctly supervised and that your MDM has a secure token to authorize the install of OS updates
  2. Make sure nothing on the network side is causing any communication issues between JAMF, Apple and the device.
  3. Identify applications that suppress reboots, as Apples OS update workflow cannot force quit all apps even when you use the force quit flag on the MDM command.
  4. Get your fleet on macOS 13, many enhancements were added to the software update work flow with macOS 13.3
    1. Idealy you always want to be running the most current release of macOS. N-1 only gets security updates, not bug fixes.

 

Some links I found helpful.

https://marketplace.jamf.com/details/jamf-environment-test

https://support.apple.com/guide/deployment/manage-software-updates-depc4c80847a/web

https://docs.jamf.com/technical-papers/jamf-pro/deploying-macos-upgrades/10.34.0/Updating_macOS_by_S...

ScheduleOSUpdateCommand.Command.UpdatesItem | Apple Developer Documentation

mm2270
Legendary Contributor III

Posted on ‎09-06-2023 09:16 AM

Hot garbage is the best description I've seen for the current state of macOS update management. It's amazing how long this has been in such a bad state and still not fixed, or at least more reliable. It never should have been allowed to get to this state by Apple, but here we are.

Lessardrp
Contributor
In response to mm2270

Posted on ‎03-22-2024 12:52 PM

IMO if the device is "managed" by an MDM, the MDM administrator should be able to do anything they want on the device and time they want, regardless of whether Apple considers it a restriction for a consumer purchased device. I just want to have our people leave for the weekend with their devices plugged in and locked, and do whatever maintenance I want, and have them ready to go come Monday morning. That's nowhere even close to reality and any major maintenance task is inherently disruptive to the end user during working hours.

0 Kudos

SMR1
Contributor III

Posted on ‎09-06-2023 11:54 AM

When I was as JNUC last year, a bunch of people were talking about this and it go brought up in a few sessions. Still just as clunky, just added a to option on the left to give it quicker access.

Lessardrp
Contributor

Posted on ‎03-22-2024 12:46 PM

I am interested in testing this for IOS devices myself. Question, could there be a minimum age set in a configuration profile interfering with whether a certain update gets installed? I know that if this minimum age deferral setting is in place, devices only download up to that age update. Doing a manual update mass command supposedly overrides this setting but maybe it doesn't work that way with managed updates?

0 Kudos

Lessardrp
Contributor

Posted on ‎03-22-2024 12:56 PM

Here's another question. In one of the documents discussing managed updates I see this warning:

Warning: 

Enabling the (Beta) managed software updates feature will initiate a record cleanup, which includes clearing any update commands that have previously been deployed from Jamf Pro. You can re-deploy these updates with the (Beta) managed software updates feature. When the new feature is enabled, mass action update commands are disabled.

Can the managed updates be disabled if test results are not what we want? I don't want to lose mass action update commands forever if things don't work out.

0 Kudos