Posted on
03:58 PM
- last edited
Hi all, I have been getting a headache with patch management. I have tried to update adobe acrobat reader, and google chrome on two different machines. I have downloaded the recent update from the 3rd party site as well as from jamf's 3rd party product site. I click the patch in self service and I either get "error" or "finished" but upon inspect the version, it failed to update and the patch reappears in self service acknowledging the out of date software.
I called jamf support and they told me they weren't able to help at the moment and opened a case. Has anyone else experienced this? And can someone please help??
Solved! Go to Solution.
Posted on 01-21-2020 07:41 AM
So after 3 days of email with jamf support, their solution was to install the software locally and repackage it in composer. They said that the file being a dmg was the issue as there is no direction for the install. I was able to get this to work most of the time and find scripts to update other applications locally on the machine. Kind of a half hazard solution but at least I am getting my software updated.
Posted on 01-03-2020 05:25 PM
I use Patch Management for smart groups reporting, but not actually installing patches, so I can't say I have seen the same problem you're describing. However, I am having the problem of patch report not showing any recent data. I added a few titles yesterday, but today (after forcing inventory scans) there are no computers in the patch report.
Posted on 01-21-2020 06:16 AM
Same for me too, the definitions stopped showing the latest versions. Have opened a support ticket.
Posted on 01-21-2020 06:27 AM
We are having a similar issue, our JAMF support engineer believes it has to do with PI-007715. We have not been able to run the fix as it requires taking down the JSS and running some DB commands. But you may want to reach out to JAMF support and reference that PI number.
Posted on 01-21-2020 07:11 AM
Not sure if this is linked but we have had an issue where patch policies are scoped to a smart group but even when the deadline to update is hit and has passed the applications don't force the update.
Posted on 01-21-2020 07:41 AM
So after 3 days of email with jamf support, their solution was to install the software locally and repackage it in composer. They said that the file being a dmg was the issue as there is no direction for the install. I was able to get this to work most of the time and find scripts to update other applications locally on the machine. Kind of a half hazard solution but at least I am getting my software updated.
Posted on 01-21-2020 01:35 PM
Under Settings > Computer Management > Patch Management there is a listing of the "Patch Internal Source" server ( It doesn't answer on ping. Anyone else get the same result?
Posted on 01-23-2020 08:50 AM
I have the same settings and do get a ping back, however my patches are not deploying
Posted on 02-06-2020 07:56 AM
Same, looks like my patch management section hasn't updated since mid January. I am awaiting to hear back on my support case.
Posted on 02-20-2020 03:56 PM
I'm deploying the latest Reader update using a Patch Policy. Based on a smart group there are about 60% of machines that have been patched. However, the Patch Management total has been stuck at 4% for a few days now. We are on Jamf Cloud.
Posted on 03-04-2020 08:12 AM
I'm looking to use Jamf Pro's patch management and cannot for the life of me get it to complete a patch of Adobe Acrobat Reader DC on my machine as a test.
I've followed the instructions to a T. Given the posts above there are issues at the moment?
I'm going to give the work around a try above where someone had to repackage the .dmg.
All I get is installation error. That's it, no specifics.
Update: I extracted the .pkg and tried that, and it worked for Adobe Acrobat Reader DC. So am I to assume .pkg is the preferred package over .dmg?
Posted on 03-04-2020 11:51 AM
Just to follow up on my previous post, Jamf Support was able to resolve the issue with my policy numbers not updating. Don't know exactly what they did, but it worked. :)
Posted on 03-11-2020 10:13 AM
I'm having the same issue: no new patches since December.
Posted on 04-01-2020 08:47 AM
Out patch titles are updating but the counts are not going up even after patched.
Posted on 05-04-2020 03:23 PM
Similar issue here. Our Patch Management is not reflecting the actual versions of the applications installed. Our latest Google Chrome is showing up in Patch Management with the last version available there; meanwhile it is 4-5 versions behind the actual latest version from Google. The same thing is happening with Zoom Meetings Client, where users have version 5.0.x installed but it shows in Patch Management as the last version 4.x.
Posted on 05-04-2020 05:45 PM was able to get this resolved for me quite quickly in March. This was a known issue, and they were able to patch patch management after hours.
Posted on 05-05-2020 02:24 PM
Happened to us too, Jamf had to patch our database. Known issue and has not been fixed in over 6+ months. You can tell Jamf really cares about their patch management...LOL.
Posted on 05-07-2020 06:24 AM
Is this normal (getting a 404 error) when you navigate to ?
Posted on 05-09-2020 01:38 PM
Looks like JAMF did some maintenance this morning
Jamf Maintenance - JAMF Pro - Standard: 10.21 Upgrade for us-west-2 - 9 May 2020
and it magically resolved our Patch Management issue.
Posted on 05-09-2020 01:38 PM
(delete - duplicate)
Posted on 05-09-2020 01:38 PM
(delete - duplicate)
Posted on 10-14-2020 03:47 AM
We are using JAMF PRO 10.24 in the cloud is set.
Under Settings > Computer Management > Patch Management there is a listing of the "Patch Internal Source" server (
However on the macOS Catalina from home on internet not VPN, went to ran ping on results "PING Request timeout for icmp_seq zero to 14 and then I ended it. Why is this timing out.
Posted on 10-29-2020 10:30 AM
Having a similar issue, just updated a bunch of packages in composer and patch management is just sitting with them and not seemingly updating anything. Any word on this from anyone?
Posted on 10-30-2020 09:28 AM
My Firefox patch reporting has not moved in a week. I tried using a Patch Policy and it did nothing. I've used a standard policy and updates are going out normally but the Patch Reporting does not reflect any changes.
It's just broken.
Posted on 10-31-2020 09:34 AM
Same here. Jamf Pro 10.25 (Cloud). I put in a ticket a couple of weeks ago because patch versions were not displaying the latest versions (no notifications either). This would not allow me to upload the latest patch definition for Chrome. Jamf support noticed a "Known issue on the server PI-007715) that would be causing the patch versions to be behind". They scheduled maintenance for that night and the problem appeared to be resolved. That was Oct. 15 2020. Now I am experiencing the same issue as others. I released a Zoom update to 5.4.0 yesterday. It worked on two machines (used for testing) however, when I added "All Managed Clients" nothing has happened. Patch set to install automatically, with a 120 minute delay if the program is open. No other computers have patched. I can see that this is also happening with Chrome, albeit with fewer machines, because I released the 86.0.4240.111 patch a while back, and the problem started over the past few days. I created a new patch policy for Zoom, but it did not help. This has worked fine for a long time.
Also has anyone notice that the log files for the patch policies don't say whether the patch policy completed or failed. Maybe I am missing something. I am putting in a support ticket right now.
Posted on 11-10-2020 05:05 AM
still nothing; see screenshot, we need assistance.
Posted on 11-10-2020 05:12 AM
For everyone posting in this thread, do you have an open case with Jamf support?
I do, and they are actively working on it, but have said that there appears to be more than one cause, so I highly recommend opening a ticket if you haven't already.
Posted on 11-10-2020 07:44 AM
Yes, always open a ticket 1st.
Posted on 12-02-2020 12:17 AM
Opened a case on this also :)
Posted on 12-02-2020 10:21 AM
Opened a ticket yesterday afternoon, resolved overnight. Software versions are updating, and my email notifications are working again.
Posted on 12-02-2020 10:27 AM
They have a workaround that can be done overnight. I've had the issue 3 or 4 times over the last six months.
Posted on 12-03-2020 12:01 AM
Didn't fix for me :)
Posted on 12-29-2020 10:03 AM
For those having this problem with Chrome and Firefox, There are plenty of scripts that check for versions and update automatically. These browsers are some of the easiest to keep up to date with scripts as apposed to a pain in the ass like Zoom. I suggest you search either the 3rd party software page or discussions for scripts to update these two rather than patch management.
Posted on 01-19-2021 10:40 PM
Hi, is patch management still working?
Skype for Business 16.29.41 is out for about 2 weeks,
Symantec Endpoint Protection 14.3.3384.1000 is out for over a month... But Patch Management still shows the old versions.
Edge is still not integrated even many want it to (and most of Microsoft apps are already working fine).
Vote up for Edge to get integrated in patch management:
Posted on 01-20-2021 12:39 AM
It broke for me again, was working for a while raise a support case once more. @Tjernigan our security team is using patch management for reporting as it displays information in very user friendly way, but then it lies I'm starting to get a lot of questions why devices are out of date then they aren't really :)
Posted on 02-12-2021 05:57 AM
I'm having the exact same issue and have opened a case. Please open a case if you haven't already.
Restarting Tomcat will quickly update the patch catalog but then it just stops updating again.
Posted on 03-15-2021 10:14 AM
We've been having this same issue on and off for months now. Started again today. Everything is showing fully updated on the Policy tab but on the Report tab its a 0% for multiple Apps. Chrome doesn't even show the latest patch to pick from in the definition tab.
This is getting really old having to open a ticket every couple weeks just to get it working again for Cloud accounts.
Posted on 03-15-2021 11:05 AM
Yeah, at the moment I'm seeing that the Chrome version has not updated in my Patch reporting. Not sure yet if I should reopen my never-ending ticket about Patch Management not updating or if someone is just having a Monday and forgot to update it.
Edit: Looks like it was someone just forgetting to update the Chrome definition as it now appears correctly.
Posted on 03-18-2021 07:46 AM
I have been trying to use the Firefox patch management and it's not working. The extension attribute script looks different from the original one. I noticed the new script doesn't actually return any value in Jamf Pro. When I run the script in Terminal it prints out pipes around the version which I've noticed my working scripts do not have.
# A script to collect the Version of Mozilla Firefox. #
for APP_INI in $(/usr/bin/grep -l "${RELEASE}" ${PATH_EXPR} 2>/dev/null); do
PLIST="$(/usr/bin/dirname "${APP_INI}")/../Info.plist"
if [ "$(/usr/bin/defaults read "${PLIST}" CFBundleIdentifier 2>/dev/null)" == "${BUNDLE_ID}" ]; then
RESULTS+=($(/usr/bin/defaults read "${PLIST}" "${KEY}" 2>/dev/null))
unset IFS
if [ ${#RESULTS[@]} -eq 0 ]; then
/bin/echo "<result></result>"
/bin/echo "<result>|${RESULTS[*]}|</result>"
unset IFS
exit 0
The original script
#!/usr/bin/env bash
#Script is designed to return the 'version number' of Mozilla Firefox. #
#Locates the the installed firefox application verifies 'release' #
#before returning 'version number' or 'not installed' #
RESULT="Not Installed"
for i in /Applications/Firefox*.app; do
/usr/bin/grep mozilla-release "$i"/Contents/Resources/application.ini
if [[ $? -eq 0 ]]; then
RESULT=$(/usr/bin/defaults read "$i"/Contents/Info.plist CFBundleShortVersionString)
/bin/echo "<result>$RESULT</result>"
Attached screen shot of result in terminal. Could this be part of the issue? I'm not familiar with Inline Field Separators.
Posted on 03-18-2021 10:54 AM
@tomt Here try using this script. It is much easier than just trying to go through patch managment all the time with how many updates google sends out.
volname="Google Chrome"
/bin/echo "--" >> ${logfile}
/bin/echo "date
: Downloading latest version." >> ${logfile}
/usr/bin/curl -s -o /tmp/${dmgfile} ${url}
/bin/echo "date
: Mounting installer disk image." >> ${logfile}
/usr/bin/hdiutil attach /tmp/${dmgfile} -nobrowse -quiet
/bin/echo "date
: Installing..." >> ${logfile}
ditto -rsrc "/Volumes/${volname}/Google" "/Applications/Google"
/bin/sleep 10
/bin/echo "date
: Unmounting installer disk image." >> ${logfile}
/usr/bin/hdiutil detach $(/bin/df | /usr/bin/grep "${volname}" | awk '{print $1}') -quiet
/bin/sleep 10
/bin/echo "date
: Deleting disk image." >> ${logfile}
/bin/rm /tmp/"${dmgfile}"
exit 0