Patch Policies Stuck In Loop

maffettb
New Contributor III

Just opened a ticket about this but it's kind of a nightmare since I was forced into self quarantine unexpectedly at the beginning of the week so I only have a fresh laptop and no test machines and my users are also all remote.
Anyone else experiencing this or have an idea of what I could try to fix it?
I'm also on a hosted JSS server nothing is on prem.

I have had several complaints today about Self Service prompting people to install an update let's say for Zoom...they open Self Service to install the update and it either fails or says complete but then an hour later they get another prompt from Self Service asking them to install the update.
I checked logs and it looks like this is effecting all of my current patches.
EVERY patch policy pushed within the last couple of days has a status of pending with multiple attempts (some over 10)
with a status of:
Attempt: 5
No Actions
Attempt: 4
Executing Patch Policy Mozilla Firefox
Downloading Firefox-77.0.1.pkg...
Downloading https://use1-jcds.services.jamfcloud.com//download/cdcc6000fd67498e9bc359cfa3fdc5ca/Firefox-77.0.1.pkg?token=0548aa34894e48c69a011e3b9d6fedcbic0y7m1yykw5ncbg7a2v39yda713ctbg...
Error: Package was not successfully downloaded. 403

4 REPLIES 4

Eltord
Contributor

We are also experiencing something very similar still. Were you able to come to any resolution for this so far?

maffettb
New Contributor III

No not really, support said it was a PI and that editing the policy and changing it from auto install to make available in SS (or the other way around), saving and then re-editing the policy and changing it back to what you want it to will fix it BUT, I had already removed the patch title entirely and adding it again just shows zero computers have the software installed...but inventory reporting on the machine level is still reporting correctly.
Leaving me at dealing with smart groups and normal policies for patches, I haven't had time to mess with that yet...hence patch management/policies.

If you haven't removed a title from patch management than try that workaround to see if you can get it running correctly again.

robertliebsch
Contributor

I tried adding a script to run after every policy that just runs jamf recon. I'm seeing some folks don't get moved out of Smart Groups in a timely manner so they do not fall out of scope after a policy is applied. It seems to help a little.

nahuelrodriguez
New Contributor

Hi @robertliebsch , would you mind sharing the steps and script to do this? I'm quite interested as this would fix a loop we're facing for some mismatching versions as well. Thanks so much in advance!