Yosemite in-place upgrade deployment

bbot
Contributor

Hi all,

I've been browsing many threads regarding nightmares of Yosemite upgrades in corporate environments and have found that many people have reported login issues/freezing problems like those seen in https://jamfnation.jamfsoftware.com/discussion.html?id=12589

Given that these posts are a few months old, has anyone experienced the same issue recently with 10.10.4? I'm planning on rolling out Yosemite using Self-Service on 10.9.X machines that are filevaulted encrypted.

14 REPLIES 14

davidacland
Honored Contributor II

We've completed a 300 unit upgrade to 10.10.3. We used createosxinstallpkg and a scheduled policy but it has worked fine.

mm2270
Legendary Contributor III

I don't want to say anything definite, since every environment is unique and could pose their own problems, but 10.10.4 is turning out to be the most solid release of Yosemite in our testing. I don't think you should experience any showstopper issues if you put 10.10.4 up as an upgrade for your Mac users.
I would avoid all previous versions at this point, especially since the most serious security issues have been addressed in the .4 release and not prior.

Josh_Smith
Contributor III

The primary issue discussed in that thread was resolved in 10.10.3. I'm not having any trouble with 10.10.4 or FV2 when upgrading from 10.8.5 or 10.9.5. I'm using a Self Service Policy, createOSXinstallPkg, and First Boot Package Install Generator.app

Apple 10.10.3 release notes: Addresses an issue that could cause Macs bound to an Active Directory server to become unresponsive at startup

bbot
Contributor

Thanks. That relieves some of my worries to hear that from you guys.

I successfully updated on a few test machines using the method below with no issues..

I'll be caching the installer on a small group of actual user's laptops, then setting a policy in self-service to install cached and having the user click the upgrade button when they're ready.

@davidacland How does using the createosxinstallpkg work vs just dragging the Yosemite install .app that I downloaded from the App Store directly into Casper Admin? Any reason why you went that route instead?

AVmcclint
Honored Contributor

I am still finding 10.10.4 machines do sometimes take longer to login after unlocking FileVault. It's not consistent. One day a computer will log right in with no delay and the next day it will take 5 minutes. We had the same problem on 10.10.3, but it seems to be a little more frequent with 10.10.4.

davidacland
Honored Contributor II

@brandobot When you run the plain installer it asks you to specify the target disk. createosxinstallpkg doesn't and so gave us a zero touch upgrade process.

bbot
Contributor

@davidacland Hmm.. I don't remember it asking when I tried it. Let me run another test and see. If I recall correctly, after clicking the Self Service install option, it reboots into the OS X Installer.

stevewood
Honored Contributor II
Honored Contributor II

I've been using the JAMF method to upgrade users to Yosemite with no major problems. I've had a small subset of users have trouble logging in from FV window. They log in and the machine beach balls. I've been able to get around that by restarting and then logging in as the local admin user, log out and then the user can login. We do not use home folders, so I do not believe it is the same "50% progress" error that the OP linked to.

I've never had a machine pop up and ask for the target disk as @davidacland mentioned, and I used this method to upgrade to 10.9 as well.

Josh_Smith
Contributor III

I haven't seen any prompts to choose the target volume either, but my machines only had one volume (plus the Recovery HD).

The reason I use the createOSXinstallPkg and First Boot Package Install Generator.app is that you can run packages after the upgrade but before the user logs in. I currently do 4 things with this:

  1. Disable the Diagnostic opt-in option that comes up at user login (only admins see this)
  2. Prevent the Dock from Auto Updating with Photos/Maps/iBooks etc
  3. removeDisableFDEAutoLogin.sh
  4. Run a recon so the JSS knows we upgraded and users can see 10.10 apps in Self Service immediately (Office 2016)

bbot
Contributor

@Josh.Smith I like #4. The reason why we're rolling out Yosemite is because management wants Office 2016 available. Thanks for sharing!

davidacland
Honored Contributor II

I'm not sure why it was prompting to select the target disk in my case, although it happened even if there was only one OS drive.

Quite possible I'm doing something wrong as it's always behaved that way for me.

joecurrin
New Contributor III

We use the JAMF method for 10.10 and 10.9 last year. I think we only had one or two botched installs. We basically cache the installer. Then make a self service policy available once the installer is cached. As the policy is running we do a checksum to make sure the policy is cached, fv2 is enabled, and warn them to back up their data. The upgrade occurs in less than an hour so users can run it while they are at lunch. I highly recommend using JAMF's method on this.

bbot
Contributor

@davidacland Just reran the upgrade and it goes straight into reboot without selecting the disk. :)

@joecurrin Thanks Joe. I'm going the same exact route. Good to know it worked successfully for you.

bbot
Contributor

Another question about this.

I have a policy that caches the Yosemite installer, and another policy that installs cached packages at logout(for other software). I do not want the Yosemite installer to install at next reboot, do you know if it's smart enough to skip the OS X Installer?