09-06-2022 09:37 AM - edited 09-06-2022 09:50 AM
I have a policy with the command below to install macOS updates for high priority updates like 12.5.1.
softwareupdate --install --os-only -R
However, I have a bunch of machines that state there are no updates available in the logs.
Command result ("No updates are available."):
We have an SLA for zero-day patches like this of 7 days once it's released to hit 90% of eligible devices, and we've missed that, but I'd like to wrap this up ASAP.
My original command is below, but was installing things like Xcode command line tools, so I modified it slightly:
softwareupdate -i -r -R
09-06-2022 10:10 AM - edited 09-06-2022 10:37 AM
@PhillyPhoto The following script usually, but not always, fixes the visability of updates for the softwareupdate process:
#!/bin/sh /bin/rm "/Library/Preferences/com.apple.SoftwareUpdate.plist" /bin/launchctl kickstart -k system/com.apple.softwareupdated
In cases where it doesn't work try restarting
Posted on 09-07-2022 11:10 AM
No lock so far with that. Here's the log results:
SoftwareUpdate.plist Found PLIST Removal result: 0 SoftwareUpdate.plist NOT Found softwareupdate daemon kickstart result: 0 2022-09-07 08:09:31.312 softwareupdate[18036:21907241] XType: com.apple.fonts is not accessible. 2022-09-07 08:09:31.312 softwareupdate[18036:21907241] XType: XTFontStaticRegistry is enabled. No updates are available. softwareupdate install result: 0
Posted on 09-07-2022 12:14 PM
@PhillyPhoto The good news is I'm seeing the same XType messages from sofwtareupdate you are, the bad news is I have no idea if they're related to why it's returning the No updates are available message, but we are seeing it on 80+ machines
Posted on 09-07-2022 01:11 PM
I just opened an AppleCare for Enterprise case for this. We still have about 175 machines that needs the update.
The workaround I'm trying now is to push the full Monterey installer to the machine and run that. A little overkill, but I need to wrap this up.
Posted on 09-07-2022 02:08 PM
I'll avoid profanity because I'm sure the forum moderators wouldn't appreciate what I really feel like saying, but macOS 12.6 RC (21G115) is now available as a developer download. It would really be nice if Apple made it possible to get a macOS update fully deployed before they released the next update.
Posted on 02-06-2023 11:31 AM
Sorry for the late reply, but I had a question. I am dealing with a different issue, but your solution might help me resolve my own.
When you push the full installer (i.e. Device Stuck on 12.5.0 and you want to push them up to 12.6.3) do you just install the macOS onto of itself and that will get it off the problem version?
I have some random Macs either not seeing updates from the Software Update server or seem to be stuck on random versions of Monterey (i.e. 12.4.0, 12.3.1).
I was thinking to just drop 12.6.3 installer onto that device and then kick off the install with something like:
/Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction
Would doing the above punt them up to a current macOS? Or am I not understanding your process correctly. Thanks for your time & feedback <3
Posted on 02-06-2023 12:04 PM
@Todai I use the erase-install script for driving the upgrade process as it can download a specific macOS installer for you and handles prompting the user for authentication if they're on an M-series Mac. See the https://github.com/grahampugh/erase-install/wiki/6.-Use-in-Jamf-Pro section of the Wiki for Jamf Pro usage specifics.
Posted on 02-07-2023 01:43 PM
Thank you for the suggestion. I am currently kicking the tires on "Erase-Install" at the moment and so far so good. Of course now I have some follow up questions:
Question #1: What is the best way to filter out Macs that are not compatible with the newer macOS? (i.e. my Test Device installed Monterey without issue, but couldn't install Ventura). I assume just make a smart group and manually add in all device types prior to compatible versions, but that sounds horrid ;)
Question #2: When wanting to upgrade the macOS to the latest of the same macOS (i.e. 11.1 to 11.7.3 / 12.3.0 to 12.6.3 / 13.0 to 13.2) what is the best practice command for Erase-Install that you can suggest? I would assume its something like the following:
macOS to Jump from 11.X to 11.7.3 (Current)
/Library/Management/erase-install/erase-install.sh --os 11 --update --reinstall --confirm
macOS to jump from 12.X to 12.6.3 (Current)
/Library/Management/erase-install/erase-install.sh --os 12 --update --reinstall --confirm
macOS to jump from 13.X to 13.2.0 (Current)
/Library/Management/erase-install/erase-install.sh --os 13 --update --reinstall --confirm
Thanks again for the suggestion ^^
Posted on 02-07-2023 02:22 PM
I think I found the answer to question #1. Using a smart group with REGEX seems the way to go:
Credit to Talkingmoose
02-07-2023 07:25 PM - edited 02-07-2023 07:25 PM
@Todai I usually use erase-install with the --build option to install a specific build #. I believe the --os option you mention in Question #2 is the correct mechanism to update to the current version of that generation of macOS, but can't confirm from personal experience.
Posted on 09-07-2022 11:04 AM
The only way I found to solve this is due to two different causes of the problem (if a ordinary reboot does not "solve" it).
1. Flush system cache by policy (sudo jamf flushCache command should do the same but I haven´t tryed it) -> restart.
2. Due to the local accounts or admin account´s secureTokenStatus to be disabled and user is asked for credentials and these are not accepted as "valid" even though they are in fact valid.
Then check account status by
sysadminctl -secureTokenStatus "accountname"
If response is disabled then enable it and updates will work.
Posted on 09-07-2022 01:11 PM
I'll look in to those down the road, thanks!
Posted on 09-21-2022 07:39 AM
I had this on a handful of devices too, but eventually I just pushed the PKG to reach SLA. Lucky internet infrastructure is fast here. Once the updater was installed on the mac, software update caught on.