I have a policy with the command below to install macOS updates for high priority updates like 12.5.1.
softwareupdate --install --os-only -R
However, I have a bunch of machines that state there are no updates available in the logs.
Command result ("No updates are available."):
We have an SLA for zero-day patches like this of 7 days once it's released to hit 90% of eligible devices, and we've missed that, but I'd like to wrap this up ASAP.
My original command is below, but was installing things like Xcode command line tools, so I modified it slightly:
softwareupdate -i -r -R
@PhillyPhoto The following script usually, but not always, fixes the visability of updates for the softwareupdate process:
#!/bin/sh /bin/rm "/Library/Preferences/com.apple.SoftwareUpdate.plist" /bin/launchctl kickstart -k system/com.apple.softwareupdated
In cases where it doesn't work try restarting
No lock so far with that. Here's the log results:
SoftwareUpdate.plist Found PLIST Removal result: 0 SoftwareUpdate.plist NOT Found softwareupdate daemon kickstart result: 0 2022-09-07 08:09:31.312 softwareupdate[18036:21907241] XType: com.apple.fonts is not accessible. 2022-09-07 08:09:31.312 softwareupdate[18036:21907241] XType: XTFontStaticRegistry is enabled. No updates are available. softwareupdate install result: 0
I'll avoid profanity because I'm sure the forum moderators wouldn't appreciate what I really feel like saying, but macOS 12.6 RC (21G115) is now available as a developer download. It would really be nice if Apple made it possible to get a macOS update fully deployed before they released the next update.
The only way I found to solve this is due to two different causes of the problem (if a ordinary reboot does not "solve" it).
1. Flush system cache by policy (sudo jamf flushCache command should do the same but I haven´t tryed it) -> restart.
2. Due to the local accounts or admin account´s secureTokenStatus to be disabled and user is asked for credentials and these are not accepted as "valid" even though they are in fact valid.
Then check account status by
sysadminctl -secureTokenStatus "accountname"
If response is disabled then enable it and updates will work.