- Jamf Nation Community
- Products
- Jamf Pro
- Re: Upgrading to Mojave on closed network
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Upgrading to Mojave on closed network
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-29-2019 10:52 AM
We have a fleet of laptops on a closed-end network that never reach the internet. I update their apps and OS by bringing things into the environment manually and pushing via Jamf. I have been trying to update these machine running 10.13.6 to 10.14.X but results have been blocked by the installer that appears to keep looking for "The recovery server could not be contacted".
I have downloaded the full offline installer (6.05GB) and cache it to the systems before running the install command. Everything seems to kick off just fine but it stops when it tries to call home to Apple for app compatibility checks, software update catalog, and recovery info.
I know the installer is good and have run it manually on a few systems to confirm it completes out. Oddly enough it seems I don't hit the errors when running manually on the systems. I can't do that manually on each machine though from a logistics standpoint.
Is there a command or method I can use to suppress such pre-update checks on the systems to just allow the update to run?
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-29-2019 11:18 AM
What's the exact command you're using to kick off the installer? Are you using the startosinstall command? If so, have you included the --nointeraction and --agreetolicense flags? Those might prevent the issue you're seeing if you aren't currently using them.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-29-2019 11:21 AM
/Applications/Install macOS Mojave.app/Contents/Resources/startosinstall --nointeraction --agreetolicense &
This is what I am running from the Files and Processes field so it runs as root.
The error I am getting is pulled from the Console on the machine once I have pushed the install policy and of course after the installer is cached and extracted to the Applications directory from a previous policy.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-29-2019 12:21 PM
What model Macs are you trying to update? In general, Apple has advised an internet connection is needed during the update process since Yosemite.
If your Macs have the T2 security chip, then an internet connection is required unless you're booting into Recovery and setting Secure Boot to "medium" or "no" security.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-29-2019 12:38 PM
@sshort We are using newer Gen MacBook Pro laptops. The oldest being about 3 years old.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-30-2019 10:30 AM
Hello long-time lurker.
Even the T1 equipped Macs will need to phone home to validate a firmware update.
What’s your use case for offline, closed circuit laptops? Sounds like the wrong device for that purpose.
My suggestion would be to expose a controlled, limited-access, open WiFi network into this area during the OS installation, then turn it off when they are done. Network policy should whitelist all URLs with *.apple.com (including final DNS resolution of CNAME records). No hard proxy or SSL termination.
The way you sell this to the powers that be is that Apple’s online verification is the only sure way to know that someone hasn’t injected malware into an OS payload a la Stuxnet. Microsoft lacks this capability; you’d have no idea if Windows was compromised by an insider.
