Error installing Sentinel One Version 22

mmolenda
New Contributor III

Here is the script I started using from Jamf Nation:

mmolenda_0-1684160894418.png

 

 

Parameters:

mmolenda_1-1684160894418.png

 

 

Error:

 

mmolenda_2-1684160894418.png

 

 

I found the Waiting Room and I had to give myself permission to view the folder because I don’t have access

 

 

mmolenda_3-1684160894419.png

 

 

The agent file is there.  But it fails to install.

 

mmolenda_4-1684160894419.png

 

 

Is there anything I should do?  It is failing on all of our organization's Macs.

 

1 ACCEPTED SOLUTION

Jordy-Thery
Contributor

Just a thought but could it be that SentinelOne is already installed on that machine and needs updating?

I used a similar script to update SentinelOne on our clients via Jamf (adjust to your needs): 

#!/bin/bash
echo "SITETOKEN" > "/Library/Application Support/JAMF/Waiting Room/com.sentinelone.registration-token"
sentinelctl upgrade-pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg"

 But could be something totally different as well. 

View solution in original post

12 REPLIES 12

Jordy-Thery
Contributor

Just a thought but could it be that SentinelOne is already installed on that machine and needs updating?

I used a similar script to update SentinelOne on our clients via Jamf (adjust to your needs): 

#!/bin/bash
echo "SITETOKEN" > "/Library/Application Support/JAMF/Waiting Room/com.sentinelone.registration-token"
sentinelctl upgrade-pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg"

 But could be something totally different as well. 

mmolenda
New Contributor III

Yes, I have S1 on this particular Mac.  One of the Macs that is failing doesn't have it at all.  Sometimes, I have seen other errors such as OS Version errors, but this is the latestest version of S1 and is compatible with macOS 12/13.  All of our Macs are Apple Silicon and I don't know if it has to do with that, either.

Update: Failed with different error.

Executing Policy Package - S1 Version 22 Upgrade

Downloading Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg...

Downloading https://use1-jcds.services.jamfcloud.com//download/51065be4104f400d994736181178ca03/Sentinel-Release......

Verifying package integrity...

Installing SentinelOne v22...

Installation failed. The installer reported: installer: Package name is SentinelOne

installer: Upgrading at base path /

installer: The upgrade failed. (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance. An unexpected error occurred while moving files to the final destination.)

Running script Upgrade - Sentinel One Version 22...

Script exit code: 1

Script result: Failed to upgrade (did not allow upgrade or downgrade as the version could not be extracted from the package).

mmolenda
New Contributor III

This just get stranger and stranger.  I wonder if it has to do with Ventura?  On one machine, I changed Waiting Room to be accessible by "everyone" because the error I kept getting was that it couldn't access the file.  I also found issue with my setup that the pkg file was downloading to the Waiting Room directory.  So, on this machine where I have this:

Opened up the Waiting RoomOpened up the Waiting Room

I modified the Waiting Room folder to have admin Read and Write; everyone Read and Write (I know these redundant...)

The log file and JAMF Pro says it failed.The log file and JAMF Pro says it failed.

It says it failed, but I see that it has been installed. Or maybe it's partially installed.  "An unexpected error occurred while moving files to the final destination."  But, it appears to have actually installed.  

23.1

Shows version 23.1.1.6697 installed.

Another machine, one of my users, failed completely.  Like it didn't download or Waiting Room isn't available...Another machine, one of my users, failed completely. Like it didn't download or Waiting Room isn't available...
Running the same script, it completely failed on this user's machine.  

Screenshot 2023-05-15 at 2.54.34 PM.png

I verified that 22.4.2 is still installed.  Actually, this one showed as failed and I thought it wasn't installed.  This is a pleasant surprise, but I am frustrated at the S1 install process.

scriptscript

This is the script that is running.

SmilieK
New Contributor III

@mmolenda FYI you should invalidate that token and create a new one as you shared it with everyone in the image you posted. 

SmilieK
New Contributor III

In your install policy are you selecting the action to install the cashed PKG?
Screenshot 2023-05-16 at 10.28.07 AM.png

mmolenda
New Contributor III

No, I have it set to "Install".  Is that what I should set it to?

The script you’re using is expecting a cached package so you should set it to cache rather than install. 😊

mmolenda
New Contributor III

This is so frustrating.

If I say "Cache", it downloads the file and that's it.

----

I had one of my users reboot and the 23.1 version installed.  After the cache and install policies (separated), it needs a re-boot.  I have another user that I am going to do and he will reboot tonight and tomorrow I will see if it worked.

Cached: PassedCached: PassedInstall: FailedInstall: FailedInstall Cached: FailedInstall Cached: Failed

If I say "Install", it fails.

If I say "Install Cache", it fails because the file it downloaded as "Cached" is removed and not re-downloaded.

I have no idea what's going on.  The token file keeps getting re-created.

I had them in Combination.  

Policy 1: Cached.  That succeeded.
Policy 2: Install.  Failed.
Policy 3: Install Cached.  Failed due to resolve package path. i.e., the package is no longer there.

mmolenda
New Contributor III

Still it fails, but for different reasons.

 Screenshot 2023-05-16 at 1.12.00 PM.png

This is on all machines that don't have it installed.

Screenshot 2023-05-16 at 1.14.36 PM.png

This is on mine which does have it installed.

Can't resolve path: 

sentinelctl upgrade-pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-23-1-1-6697_macos_v23_1_1_6697.pkg"

It didn't download the .pkg but in the past, it has.

Jordy-Thery
Contributor

So to be clear this is our setup with SentinelOne: 

To install SentinelOne on a Mac without a previous version installed:
Upload the desired release pkg to Jamf (e.g: Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg).
Create a script in Jamf: 

 

 

#!/bin/bash
echo "SITETOKEN" > "/Library/Application Support/JAMF/Waiting Room/com.sentinelone.registration-token"
/usr/sbin/installer -pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg" -target /

 

 

Create a policy with:
Packages: cache the SentinelOne pkg
Scripts: priority after: run the created install script.

Scope as desired and that should work. If not you should look into download/distribution point issues or so. 

 

To update SentinelOne on a Mac with a previous version installed:
Upload the desired release pkg to Jamf (e.g: Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg).
Create a script in Jamf: 

 

 

#!/bin/bash
echo "SITETOKEN" > "/Library/Application Support/JAMF/Waiting Room/com.sentinelone.registration-token"
sentinelctl upgrade-pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg"

 

 

 

Create a policy with:
Packages: cache the SentinelOne pkg
Scripts: priority after: run the created install script.

Scope as desired

 

For scoping the install we created a smart group "Computers without SentinelOne installed" with criteria "Application title does not have SentinelOne Extensions.app". 

For scoping the update we created an extension attribute:

 

 

#!/bin/bash
if [ -f "/usr/local/bin/sentinelctl" ] ; then 
    RESULT=$( /usr/local/bin/sentinelctl version | awk '{print $2 $3}' )
else
    RESULT="not installed"
fi
echo "<result>$RESULT</result>"

 

 

 A smart group "Computers with SentinelOne version lower than 22.4.2.6599" that looks at the extension attribute output. 

We have an update inventory set on both policies (that run ongoing) as well so the Macs that complete the policies are no longer scoped. 

 

Does that assist you in any way? :-)  

HCS has a similar guide: https://hcsonline.com/images/PDFs/Jamf_Install_SentinalOne.pdf
And the SentinelOne support page: https://support.sentinelone.com/hc/en-us/articles/360055845253-Installing-and-Upgrading-macOS-Agents... 

mmolenda
New Contributor III

Even though I didn't use that script, the way I did it does work but shows failed in the logs even though after a re-boot, the software inventory shows that the version number is now 23.1.1, which is all I can ask for.  I don't like it that the logs show failed, but at least the update is getting applied.  I am closing this topic.

whiteb
Contributor II

I was running into the same issue and it's because the HCS guide doesn't mention you need to change the .pkg to cached (not install or cached install). Read through this thread, seems like that change made it work for you as well.

HCS's PPPC portion was also erroring for me (I guess it's possible it was a typo on my end, but I double-checked everything) so I went to S1's Jamf guide and just copied their config profile text to a file, then saved it as a .mobileconfig and uploaded to Jamf.

After everything had installed, S1 was still reporting my test machine needed to enable notifications in their console, but that went away after a reboot.