softwareupdate command says no updates available

PhillyPhoto
Contributor III

I have a policy with the command below to install macOS updates for high priority updates like 12.5.1.

 

 

softwareupdate --install --os-only -R

 

 

However, I have a bunch of machines that state there are no updates available in the logs.

Eligible device:

Screenshot 2022-09-06 at 12.29.38.png

Command result ("No updates are available."):

Screenshot 2022-09-06 at 12.30.01.png

We have an SLA for zero-day patches like this of 7 days once it's released to hit 90% of eligible devices, and we've missed that, but I'd like to wrap this up ASAP.

My original command is below, but was installing things like Xcode command line tools, so I modified it slightly:

softwareupdate -i -r -R
13 REPLIES 13

sdagley
Esteemed Contributor II

@PhillyPhoto The following script usually, but not always, fixes the visability of updates for the softwareupdate process:

 

#!/bin/sh

/bin/rm "/Library/Preferences/com.apple.SoftwareUpdate.plist"
/bin/launchctl kickstart -k system/com.apple.softwareupdated

 

In cases where it doesn't work try restarting

No lock so far with that. Here's the log results:

 

SoftwareUpdate.plist Found
PLIST Removal result: 0
SoftwareUpdate.plist NOT Found
softwareupdate daemon kickstart result: 0
2022-09-07 08:09:31.312 softwareupdate[18036:21907241] XType: com.apple.fonts is not accessible.
2022-09-07 08:09:31.312 softwareupdate[18036:21907241] XType: XTFontStaticRegistry is enabled.
No updates are available.
softwareupdate install result: 0

 

sdagley
Esteemed Contributor II

@PhillyPhoto The good news is I'm seeing the same XType messages from sofwtareupdate you are, the bad news is I have no idea if they're related to why it's returning the No updates are available message, but we are seeing it on 80+ machines

I just opened an AppleCare for Enterprise case for this. We still have about 175 machines that needs the update.

The workaround I'm trying now is to push the full Monterey installer to the machine and run that. A little overkill, but I need to wrap this up.

sdagley
Esteemed Contributor II

I'll avoid profanity because I'm sure the forum moderators wouldn't appreciate what I really feel like saying, but macOS 12.6 RC (21G115) is now available as a developer download. It would really be nice if Apple made it possible to get a macOS update fully deployed before they released the next update.

Todai
New Contributor II

Sorry for the late reply, but I had a question. I am dealing with a different issue, but your solution might help me resolve my own.

When you push the full installer (i.e. Device Stuck on 12.5.0 and you want to push them up to 12.6.3) do you just install the macOS onto of itself and that will get it off the problem version?

I have some random Macs either not seeing updates from the Software Update server or seem to be stuck on random versions of Monterey (i.e. 12.4.0, 12.3.1).

I was thinking to just drop 12.6.3 installer onto that device and then kick off the install with something like:

/Applications/Install\ macOS\ Monterey.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --nointeraction

Would doing the above punt them up to a current macOS? Or am I not understanding your process correctly. Thanks for your time & feedback <3

sdagley
Esteemed Contributor II

@Todai I use the erase-install script for driving the upgrade process as it can download a specific macOS installer for you and handles prompting the user for authentication if they're on an M-series Mac. See the https://github.com/grahampugh/erase-install/wiki/6.-Use-in-Jamf-Pro section of the Wiki for Jamf Pro usage specifics.

Todai
New Contributor II

Thank you for the suggestion. I am currently kicking the tires on "Erase-Install" at the moment and so far so good. Of course now I have some follow up questions:

 

Question #1: What is the best way to filter out Macs that are not compatible with the newer macOS? (i.e. my Test Device installed Monterey without issue, but couldn't install Ventura). I assume just make a smart group and manually add in all device types prior to compatible versions, but that sounds horrid ;)

Question #2: When wanting to upgrade the macOS to the latest of the same macOS (i.e. 11.1 to 11.7.3 / 12.3.0 to 12.6.3 / 13.0 to 13.2) what is the best practice command for Erase-Install that you can suggest? I would assume its something like the following:

 

macOS to Jump from 11.X to 11.7.3 (Current)
/Library/Management/erase-install/erase-install.sh --os 11 --update --reinstall --confirm

 

macOS to jump from 12.X to 12.6.3 (Current)
/Library/Management/erase-install/erase-install.sh --os 12 --update --reinstall --confirm

 

macOS to jump from 13.X to 13.2.0 (Current)

/Library/Management/erase-install/erase-install.sh --os 13 --update --reinstall --confirm

Thanks again for the suggestion ^^

Todai
New Contributor II

I think I found the answer to question #1. Using a smart group with REGEX seems the way to go:

Monterey:
https://gist.github.com/talkingmoose/74731895981b14da4ce1d524eeebdf1d

Ventura:
https://gist.github.com/talkingmoose/3100dab934baa13a799ba29be62ca357

Credit to Talkingmoose

sdagley
Esteemed Contributor II

@Todai I usually use erase-install with the --build option to install a specific build #. I believe the --os option you mention in Question #2 is the correct mechanism to update to the current version of that generation of macOS, but can't confirm from personal experience.

mooler
New Contributor III

The only way I found to solve this is due to two different causes of the problem (if a ordinary reboot does not "solve" it).

1. Flush system cache by policy (sudo jamf flushCache command should do the same but I haven´t tryed it) -> restart.

2. Due to the local accounts or admin account´s secureTokenStatus to be disabled and user is asked for credentials and these are not accepted as "valid" even though they are in fact valid.
Then check account status by
sysadminctl -secureTokenStatus "accountname"

If response is disabled then enable it and updates will work.


I'll look in to those down the road, thanks!

piotrr
Contributor III

I had this on a handful of devices too, but eventually I just pushed the PKG to reach SLA. Lucky internet infrastructure is fast here. Once the updater was installed on the mac, software update caught on.