Posted on 05-15-2023 07:30 AM
Here is the script I started using from Jamf Nation:
Parameters:
Error:
I found the Waiting Room and I had to give myself permission to view the folder because I don’t have access
The agent file is there. But it fails to install.
Is there anything I should do? It is failing on all of our organization's Macs.
Solved! Go to Solution.
Posted on 05-15-2023 08:00 AM
Just a thought but could it be that SentinelOne is already installed on that machine and needs updating?
I used a similar script to update SentinelOne on our clients via Jamf (adjust to your needs):
#!/bin/bash
echo "SITETOKEN" > "/Library/Application Support/JAMF/Waiting Room/com.sentinelone.registration-token"
sentinelctl upgrade-pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg"
But could be something totally different as well.
Posted on 05-15-2023 08:00 AM
Just a thought but could it be that SentinelOne is already installed on that machine and needs updating?
I used a similar script to update SentinelOne on our clients via Jamf (adjust to your needs):
#!/bin/bash
echo "SITETOKEN" > "/Library/Application Support/JAMF/Waiting Room/com.sentinelone.registration-token"
sentinelctl upgrade-pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg"
But could be something totally different as well.
05-15-2023 08:10 AM - edited 05-15-2023 08:24 AM
Yes, I have S1 on this particular Mac. One of the Macs that is failing doesn't have it at all. Sometimes, I have seen other errors such as OS Version errors, but this is the latestest version of S1 and is compatible with macOS 12/13. All of our Macs are Apple Silicon and I don't know if it has to do with that, either.
Update: Failed with different error.
Executing Policy Package - S1 Version 22 Upgrade
Downloading Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg...
Downloading https://use1-jcds.services.jamfcloud.com//download/51065be4104f400d994736181178ca03/Sentinel-Release......
Verifying package integrity...
Installing SentinelOne v22...
Installation failed. The installer reported: installer: Package name is SentinelOne
installer: Upgrading at base path /
installer: The upgrade failed. (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance. An unexpected error occurred while moving files to the final destination.)
Running script Upgrade - Sentinel One Version 22...
Script exit code: 1
Script result: Failed to upgrade (did not allow upgrade or downgrade as the version could not be extracted from the package).
05-15-2023 11:58 AM - edited 05-15-2023 12:22 PM
This just get stranger and stranger. I wonder if it has to do with Ventura? On one machine, I changed Waiting Room to be accessible by "everyone" because the error I kept getting was that it couldn't access the file. I also found issue with my setup that the pkg file was downloading to the Waiting Room directory. So, on this machine where I have this:
I modified the Waiting Room folder to have admin Read and Write; everyone Read and Write (I know these redundant...)
It says it failed, but I see that it has been installed. Or maybe it's partially installed. "An unexpected error occurred while moving files to the final destination." But, it appears to have actually installed.
Shows version 23.1.1.6697 installed.
Running the same script, it completely failed on this user's machine.
I verified that 22.4.2 is still installed. Actually, this one showed as failed and I thought it wasn't installed. This is a pleasant surprise, but I am frustrated at the S1 install process.
This is the script that is running.
Posted on 05-16-2023 07:26 AM
@mmolenda FYI you should invalidate that token and create a new one as you shared it with everyone in the image you posted.
Posted on 05-16-2023 07:29 AM
In your install policy are you selecting the action to install the cashed PKG?
Posted on 05-16-2023 09:51 AM
No, I have it set to "Install". Is that what I should set it to?
Posted on 05-16-2023 09:58 AM
The script you’re using is expecting a cached package so you should set it to cache rather than install. 😊
05-16-2023 11:08 AM - edited 05-16-2023 11:20 AM
This is so frustrating.
If I say "Cache", it downloads the file and that's it.
----
I had one of my users reboot and the 23.1 version installed. After the cache and install policies (separated), it needs a re-boot. I have another user that I am going to do and he will reboot tonight and tomorrow I will see if it worked.
If I say "Install", it fails.
If I say "Install Cache", it fails because the file it downloaded as "Cached" is removed and not re-downloaded.
I have no idea what's going on. The token file keeps getting re-created.
I had them in Combination.
Policy 1: Cached. That succeeded.
Policy 2: Install. Failed.
Policy 3: Install Cached. Failed due to resolve package path. i.e., the package is no longer there.
Posted on 05-16-2023 10:24 AM
Still it fails, but for different reasons.
This is on all machines that don't have it installed.
This is on mine which does have it installed.
Can't resolve path:
sentinelctl upgrade-pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-23-1-1-6697_macos_v23_1_1_6697.pkg"
It didn't download the .pkg but in the past, it has.
05-16-2023 11:19 AM - edited 05-16-2023 11:26 AM
So to be clear this is our setup with SentinelOne:
To install SentinelOne on a Mac without a previous version installed:
Upload the desired release pkg to Jamf (e.g: Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg).
Create a script in Jamf:
#!/bin/bash
echo "SITETOKEN" > "/Library/Application Support/JAMF/Waiting Room/com.sentinelone.registration-token"
/usr/sbin/installer -pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg" -target /
Create a policy with:
Packages: cache the SentinelOne pkg
Scripts: priority after: run the created install script.
Scope as desired and that should work. If not you should look into download/distribution point issues or so.
To update SentinelOne on a Mac with a previous version installed:
Upload the desired release pkg to Jamf (e.g: Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg).
Create a script in Jamf:
#!/bin/bash
echo "SITETOKEN" > "/Library/Application Support/JAMF/Waiting Room/com.sentinelone.registration-token"
sentinelctl upgrade-pkg "/Library/Application Support/JAMF/Waiting Room/Sentinel-Release-22-4-2-6599_macos_v22_4_2_6599.pkg"
Create a policy with:
Packages: cache the SentinelOne pkg
Scripts: priority after: run the created install script.
Scope as desired
For scoping the install we created a smart group "Computers without SentinelOne installed" with criteria "Application title does not have SentinelOne Extensions.app".
For scoping the update we created an extension attribute:
#!/bin/bash
if [ -f "/usr/local/bin/sentinelctl" ] ; then
RESULT=$( /usr/local/bin/sentinelctl version | awk '{print $2 $3}' )
else
RESULT="not installed"
fi
echo "<result>$RESULT</result>"
A smart group "Computers with SentinelOne version lower than 22.4.2.6599" that looks at the extension attribute output.
We have an update inventory set on both policies (that run ongoing) as well so the Macs that complete the policies are no longer scoped.
Does that assist you in any way? :-)
HCS has a similar guide: https://hcsonline.com/images/PDFs/Jamf_Install_SentinalOne.pdf
And the SentinelOne support page: https://support.sentinelone.com/hc/en-us/articles/360055845253-Installing-and-Upgrading-macOS-Agents...
Posted on 05-18-2023 08:02 AM
Even though I didn't use that script, the way I did it does work but shows failed in the logs even though after a re-boot, the software inventory shows that the version number is now 23.1.1, which is all I can ask for. I don't like it that the logs show failed, but at least the update is getting applied. I am closing this topic.
Posted on 02-29-2024 12:23 PM
I was running into the same issue and it's because the HCS guide doesn't mention you need to change the .pkg to cached (not install or cached install). Read through this thread, seems like that change made it work for you as well.
HCS's PPPC portion was also erroring for me (I guess it's possible it was a typo on my end, but I double-checked everything) so I went to S1's Jamf guide and just copied their config profile text to a file, then saved it as a .mobileconfig and uploaded to Jamf.
After everything had installed, S1 was still reporting my test machine needed to enable notifications in their console, but that went away after a reboot.