Jamf Nation Community

Yup I have seen that as well. Apple has all but admitted that Server 5.0.15/5.0.4 is borked when it comes to El Cap updates. Lets hope we see a new Server.app sooner rather than later.

Still having this issue. Updated one of the DP/SUS servers to 10.11.2, same deal. Crickets from Apple so far...

I upgraded my system to 10.11.2 yesterday and its still working. but like i said i had to wipe the whole system

Also opened a bug report 24056668, trying the build as new server on test hardware now. Don't like the idea of having to rebuild a large number of ASUS servers in our environment.

Mine is now doing this again. i have about 450 updates that stay enabled but anything from December forward keeps getting disabled.

Submitted my own bug glad this thing is still in testing

Apple Bug 24056937

Did any one in this "club" find a solid solution? I applied the Apple Security updates in December and after rebooting some of the updates stay enabled and some of the older ones before the Security update install don't(I have to keep checking them and enabling them). Just wanted to see if there was any other progress.

And I thought I was crazy! I'm having the same issue here. I'm new to Mac servers so I thought I was just making a silly mistake. I hope Apple can give us something helpful.

We are still having this issue with Server 5.0.15. We have had some success rolling back to Server 4.1.3 for the time being... Still waiting to hear an update from Apple on this...

We are also still having issues. I submitted a bug report with Apple and have contacted our SE. I hope we will seen an update soon since this has been ongoing for several months in our environment.

You know something is screwy when they release Server 5.0.15 as an update to Server 5.0.4...

I spun up a fresh iMac with OS X 10.11.2 and Server 5.0.15. The Software Updates are syncing from Apples servers at this time. Expect it to be done sometime tonight. Once finished will see if changing the settings will stick for the updates.

Not sure if it will work, and not sure I will trust it if it looks like its working.

So spinning up a new server clean with just OS X 10.11.2 and Server 5.0.15 was a big fail.

The update packages will not except any changes to being active or inactive.

will have to point all our internal clients to one of our older (10.10.5 server 4.0) ASUS for updates until this is fixed.

I would really encourage everyone who is experiencing this issue to contact your SE at Apple and let them know that this is an issue for you. Apple IS aware of the issue, but it doesn't seem like enough of a fire has been lit under their butts to get this fixed in a timely manner.

Apple IS aware of the issue, but it doesn't seem like enough of a fire has been lit under their butts to get this fixed in a timely manner.

And what else is new? Besides the year that is. Unless this impacts Apple's bottom line in some way, they have little incentive to fix it quickly. Apple's more or less out of the server business anyway, not just with their hardware. Once they started dumbing down OS X Server to basically point and click functions with little control or oversight on how they work is when I gave up on the product. They probably think everyone should just allow all updates to be installed directly from Apple all the time anyway. And upgrade all your Macs to the latest OS X release as soon as its out too by the way!

I would actually encourage anyone running into this to look at spinning up a Reposado instance and ditch Apple's OS X Server if possible, and let your Apple SE know what you did and why. And you get the bonus of being able to set up branches if you use Reposado.

optional image ALT text

There is a new Server beta up on the Dev site, but it requires 10.11.4 beta...

Apple have told me 5.1 beta doesn't fix the issue...

I am having the same issue and waiting for some update through this thread. And for me, the only available option is to use Apple Software Update, not anything else.

In the mean time, I am planning a workaround using a second OS X server which will set to auto enable all the updates. Because, if the server is setup to Auto Enable all, it remains enable.

The configuration:
1. Server1 is configured to get the Updates from Apple and the updates will be manually enabled
2. Server2 will be configured to get its updates from Server1 and will be configured to Automatically download and enable all
3. Clients will get updates from Server2

The execution:
1. I'll manually enable all the desired updated on Server1.
2. Force Server2 to check for updates immediately. So that it gets all the software updates from Server1 immediately before the updates gets disabled!!
3. The clients check with Server2 and the updates are there.

Hope Apple resolves this issue immediately.

__
Mohammad

Anyone ever find a good solution, I have tired setting up both a Netsus and Reposado system but cant get anything to connect to them. So im 100% stuck. No one at apple has any info nor do they seem to care.

@Matt.Ellis I setup the Software Update Service from scratch on our server, placed it in Manual Mode and unchecked Automatically download new updates so that new updates only appear as Available. Then I select Download and Enable ONLY when I'm ready to deploy them.

This method has worked fine for us the last few months, but then again we've rarely ever had the need to disable an update once it's already been enabled. Then I could see it being problematic.

I'm reaching the end of my rope on this ridiculousness. I tried all the suggestions on our existing server. I've vanilla imaged a new server.
I've kept it simple, followed every suggest best practice.
And and this still happens. I enable something today, tomorrow, it's disabled. The command line and the GUI versions don't appear to have anything to do with each other.
All of us here work hard (including JAMF) to try and keep these Apple devices functional in enterprise environments of varying sizes, and the one group that SHOULD care, Apple, doesn't give a damn.

Hi All,

In regards to our case 976946712, I tested a script today from Apple that should help keep the updates enabled after manually setting them to the enabled state. Fingers crossed, so far so good, but we are waiting until Friday to see if it holds in our environment.

Curt

Hello everyone, just wanted to confirm me too I cannot make SUS working correctly with OSX 10.11.3/Server App 5.0.15
Waiting for a solution, I ended up resurrecting an old 10.9.5/Server App 3.2.1 serving El Capt clients with the old trick of modifying the relevant parts in

/Library/Server/Software Update/Config/swupd.conf

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} Darwin/10
    RewriteRule ^/index.sucatalog$ http://%{HTTP_HOST}/cgi-bin/SoftwareUpdateServerGetCatalog?/index-leopard-snowleopard.merged-1.sucatalog
    RewriteCond %{HTTP_USER_AGENT} Darwin/11
    RewriteRule ^/index.sucatalog$ http://%{HTTP_HOST}/cgi-bin/SoftwareUpdateServerGetCatalog?/index-lion-snowleopard-leopard.merged-1.sucatalog
    RewriteCond %{HTTP_USER_AGENT} Darwin/12
    RewriteRule ^/index.sucatalog$ http://%{HTTP_HOST}/cgi-bin/SoftwareUpdateServerGetCatalog?/index-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
    RewriteCond %{HTTP_USER_AGENT} Darwin/13
    RewriteRule ^/index.sucatalog$ http://%{HTTP_HOST}/cgi-bin/SoftwareUpdateServerGetCatalog?/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
    RewriteCond %{HTTP_USER_AGENT} Darwin/14
    RewriteRule ^/index.sucatalog$ http://%{HTTP_HOST}/cgi-bin/SoftwareUpdateServerGetCatalog?/index-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
    RewriteCond %{HTTP_USER_AGENT} Darwin/15
    RewriteRule ^/index.sucatalog$ http://%{HTTP_HOST}/cgi-bin/SoftwareUpdateServerGetCatalog?/index-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
</IfModule>

and /Library/Server/Software Update/Config/swupd.plist

<array>
<string>index-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog</string>
<string>index-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog</string>
<string>index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog</string>
<string>index-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog</string>
<string>index-lion-snowleopard-leopard.merged-1.sucatalog</string>
<string>index-leopard-snowleopard.merged-1.sucatalog</string>
</array>

This should also work with Yosemite Server 4.x SUS

@claven Did your script work?

@anix Sort of. I checked and I had 8 updates that reverted back to disabled sometime over the weekend. I just sent a log package in for Apple to review. It feels like progress though :)

@claven A few updates were automatically disabled even when our SUS worked fine (e.g. 031-48511, XProtectPlistConfigData 1.0), maybe invalidated by Apple after release.

You have mentioned a script. Is it a patched version of one of the existing SUS scripts, or is it an additional script that is supposed to fix data / cache issues?

Morning @anix

Most of the ones that are disabling on our SUS box seem like they still should be valid. Here is a screen capture of the ones that are going back to disabled/available. I can live with where our SUS is now compared to everything from 10/1/2015 forward being disabled.

On the script, from my understanding it should set the updates from pending to enabled. I checked and Apple does not want me to post it at this time since it is an engineering test only.

Curt

@claven Thank you for the list. I'm rather certain, most of these updates were those that have been automatically disabled when our SUS worked flawlessly. Only exception is AppleConnect and SafeViewUAT which were not available until our SUS stopped working. Maybe someone with no SUS issues can confirm this.

I hope Apple will release a fix soon.

In the end, I thought about what was important to me here... and that was hosting the SUS internally so clients don't have to reach out to download content when it's local. While being able to test the patches first is also very important, since I cannot get the SUS to behave the way I want and having repeatedly disabled patches (note: 10.11.3 Update & Combo Update would get disabled! That's a big deal to me.), and facing the prospect of not using the SUS at all and have client download the content without testing anyway... I endeavored to try and get this to work.

And in the end, it's working.

Forgive me, because I tried MANY time to reset this so I could make it work the way I wanted and it would always end up in varying states of failure, so I finally settled on something that appears to be working, I will try and retell the steps I took. Some of the steps are possibly pointless, but I did them out of desperation and some voodoo.

This was on a vanilla re-image of OS X 10.11.3 with Server 5.015.

I turned off SUS in the Server.app.
I rebooted the server. (Pointless?)
I removed the "Software Update" directory and all t's content from /Library/Server/.
I rebooted the server. (Pointless?)
I opened Server.app chose "Automatic" to download & enable content (this PAINS me still).
I quit Server.app. (Pointless?)
I opened Terminal and did "sudo swupd_syncd" and let it do it's thing.

All content was downloaded, mirrored, and enabled for my institution going on..... 8 days now?

[A note about the "Pointless?" from above. I've no evidence that these steps are useful in any way, however, given the issues that I'd had trying to get the SUS to work, I felt the need to get a little medieval with my approach to nuking the SUS, making SURE it was nuked, and starting over.]

@yellow Any updated on your steps. last time i did the full wipe mine worked for a few weeks and then started disabling things again. Would love to here if your is up and running.

It is indeed still running, and updating.

Apple have said this should be fixed in OS X Server 5.1 beta 6.

Apple have said this should be fixed in OS X Server 5.1 beta 6.

10.11.4 / Server 5.1 appear to be out as of today, updating our SUS tonight, fingers crossed!

Any word on a fix for OS X Server for 10.10.x. Server 5.1 is 10.11.4 only. I now need to upgrade multiple production servers from OS X 10.10.x to 10.11.4 just for Software Update.

This is crazy! Five months! How about fixing the problem not forcing an upgrade of everything.

You are killing me Apple!

I can say i have been working with apple on testing beta versions of Server and 10.11.4 and as of the last beta version issue is not fixed. they cannot reproduce it. So im guessing i need to wipe my system for the 7th time and install the released items.

I have upgraded to 10.11.4 and Server 5.1, then clean wiped SUS as suggested by Apple enterprise support, i.e. stopped the service, reboot, clean wiped /Library/Server/Software Update, emptied trash, reboot, and restarted SUS... issue not fixed. All enabled products are silently disabled after a short time. Very disappointed.

Since ive always wanted to reformat a system for the 8th time im trying again but not hopeful... this is just beyond unacceptable.

And as im sure you all guessed the release version of 5.1 is still broken. Im waiting to hear from apple engineering.