Software Update Policy not working

kirkd
New Contributor II

I have all of my iMacs pointing to my internal SUS on a 10.8 server. I verified that they are talking to the internal SUS, no problems there. If I manually initiate a software update the updates download and install without issue. I have a policy set to run Software Updates between 3-5AM on Tuesday mornings scoped to a smart group. The smart group contains all my iMacs that need software updates. This policy never runs and there aren't any policy logs to look into. Here are my policy setttings:

General Tab:
Trigger: every15
Execution: ongoing - I also tried once per week - both failed. Active as of 2/6/13 with no expiration date
Do Not Execute: All days checked except for Tuesday
Do not Execute Between: 5AM-3AM - This should run the policy between 3-5AM on Tuesday morning, it doesn't
Minimum Connection: Ethernet - All iMacs are connected to our network via ethernet
Network Segments: I have this set to our internal network segment - all iMacs are on this segment. Override Default Policy Settings: Tried both my internal SUS for Software Update Server as well as Default for Each Computer - neither setting made a difference.

Scope
I have the policy scoped to a smart computer group I created, I verified that this group has all iMacs that need software updates.

Self Service = unchecked

Packages Set Server = unchecked Install All software updates = checked

Scripts, Printers, Dock, Accounts
All empty, no reason to add anything here.

Reboot
Only if SWU or package requires set for logged in or not logged in.

Advanced
Update Inventory is the only setting checked.

I have no idea why the policy refuses to run, the logs don't even show that the poilicy tried to run and failed.

9 REPLIES 9

mm2270
Legendary Contributor II

Are your iMacs going to sleep perhaps? You have it set to run at a very early morning timeframe, so if they are asleep they'll never check in and run the policy.
Barring that, it could be an issue with the Do Not Execute Between times. I rarely use that feature, but I'm wondering if having it set to not run between 5 AM and 3 AM the next day on only a single day of the week may be tripping it up. Maybe its thinking it shouldn't run at all.

kirkd
New Contributor II

Hi mm,
If this was a case of sleeping computers I would at least get a policy log error stating that the policy started but ultimately failed. The policy logs are empty. The do not execute between times should work as it is a component of the JSS. Actually, this policy was setup during our jumpstart by the jamf engineer, so it "should" work.

nessts
Valued Contributor II

it is the client that checks in to see if it needs to run a policy, thus a sleeping computer never checks in and never starts any log entry.

mm2270
Legendary Contributor II

nessts is correct. The JSS never reaches out to a Mac. Its the other way around, so if your Macs are asleep, they won't check in again until they are awake., but at that point, they are no longer in scope of the policy due to the timeframe you have it set to.

If you really need them to run this policy at that time, you may need to send out a pmset command the day before to make sure they either startup or wake up prior to the time the policy needs to run, or just find a way to make sure they don't sleep. That can also be done with pmset commands.

Hope that helps.

kirkd
New Contributor II

Thanks for the replies everyone, I looked at my Macs, they are set to "never" sleep. The only setting I noticed was that the "Put hard disks to sleep when possible" was checked. I fixed that. I will test and reply to this thread with my results. Thanks again everyone!

Nix4Life
Valued Contributor

hey Kirk;

I use the same settings sans the do not execute stuff, day of week, segment. I can't remember why , but i have always added the command line to the advanced tab in the Run Command: sudo softwareupdate -i -a; sudo reboot
and i haven't had a problem with macs updating
hth

LS

kirkd
New Contributor II

I just tested the SUS policy scoped to a single machine with the execution time changed to run between 10-10:45AM today. The policy ran perfectly. I will change the policy to run overnight tonight using the "Needs Software Updates" smart group, hopefully all will be well.

barnesaw
Contributor III

Try setting it for do not run between 5 AM and 11:45 PM. Unless your machines are in heavy use at midnight, that keeps it within the same day and still has the installs done by 5.

FastGM3
Contributor

@kirkd I run mine using a similar policy, however I run mine at startup. Seems to work fine on my end using 8.63.

Question for anyone that I have is can I turn off Automatically Check for Updates in System Prefs and have this policy still work? But more importantly will it kill that darn software updates notification in 10.8.x?