Monterey 12.2 update not installing

mcternan
New Contributor II

We have been experiencing issues with several of out managed devices which seem to be unable to successfully install the 12.2 update released this week. From what we have seen, the installer downloads and runs successfully, but after the system reboots it is still at the same OS version it was previously. 

We are seeing this on both Intel and Apple Silicon devices across different versions of macOS. For this reason it appears that it could be related to something on the JAMF/non Apple side of things. 

Has anyone else seen anything like this before? I've been reviewing the system and install logs, but can't see anything that jumps out as a specific cause. 

We have a policy configured to defer updates for 7 days, however we are seeing this issue on systems which were outside the scope of the policy (we have also tested removing devices from the scope and the issue occurs with them). 

10 REPLIES 10

andrew_nicholas
Valued Contributor

Are you using Defender ATP? I've been facing this all of last week as well and seem to have narrowed it down to that.

mcternan
New Contributor II

Yes we are actually. Have you been able to get around the issue? 

I thought it might be related to ATP, and coincidentally enough I'm seeing an updated version running on some of my machines (which I have not tried to update yet).  Will see if I have any luck by removing ATP on a test system...

andrew_nicholas
Valued Contributor

Yes, I removed ATP to test on some devices and it worked as expected. I spoke to support on Friday and there appears to be a known issue with the network extension in the previous version. The new version should be in update channels soon to my knowledge but I've a stand-alone installer from support I was planning to test this week. 

mcternan
New Contributor II

[Updated] Still experiencing the issue on some systems with the 101.56.35 release of ATP. Will continue to test. 

 

I manually installed the newest version of ATP (101.56.35) and it resolved the issue. I also noticed some of my systems had automatically updated via MS AutoUpdate. 

Just waiting for JAMF to add the new version to patch management so we can force it out to everyone else. 

dlondon
Valued Contributor

I have Defender ATP (101.56.35) and installed the 12.2 update yesterday afternoon.  My machine is a 27" imac Late 2015 i5 CPU.  I installed the Mac OS update via System Preferences > Software Update and the machine went from 12.1 to 12.2.

Maybe you should give more info on the policy unless you get these same problems with a manual update too

andrew_nicholas
Valued Contributor

My test device completed the move from 12.1 to 12.2 with the latest version installed but then I started getting more reports yesterday of the issue still being present. Worked with support all day to try and determine what could be the problem but nothing solid yet. I did revert to 101.49.25 and that allowed completion as expected. If you haven’t opened a case with them yet please do.

snowfox
Contributor III

I've run into the same issue with 101.56.35

Its the new DLP (data loss prevention) module that is causing the problem.  This has traditionally been Windows only but support for Mac has recently been added to Intune and the Mac client.

On M1 devices, with DLP enabled, the Rosetta 2 emulation layer will become disabled after a failed update and apps & installers that are not fully ARM64 native will throw an error 'quit unexpectedly'.  macOS will not prompt the end user to re-install Rosetta.  Manually re-installing it using softwareupdate --install-rosetta gets the broken apps & installers working again.

Current DLP work around:

Manually disabling the DLP module in the client allows the 12.2 upgrade to succeed.

If you type:

mdatp health

you will see listed near the bottom:

data_loss_prevention: status = 'dormant'

Even though it is idle, it will still interfere with updates.

To disable it type:

 

sudo mdatp config data-loss-prevention --value disabled

 

Its status will now change to 'disabled'

Now when you run the 12.2 update, it will succeed.

 

Worked on my test M1 MacBook and a colleague tested it on an Intel MacBook, also worked.

I'm still testing it but it looks like that is the issue.

Also note that Microsoft are working on an updated client with 'bug fixes'

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-wor...

101.56.62 (20.121122.15662.0)

  • Bug fixes

This may or may not resolve the issue.  Unknown if it will at this stage.

snowfox
Contributor III

[Update]

101.56.62 does not fix the issue.

Tested it today and the 12.1 - 12.2 update still fails/reverts back to 12.1.

Using the full 12.2 OS installer

The default unconfigured DLP setting of 'dormant' is causing the issue.

snowfox
Contributor III

[Update]

While we wait for Microsoft to fix the issue.

DLP can be disabled via the new JSON Schema downloadable from the Defender Github. Details here:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=...

or via the old XML config way by adding the following.

 

 

 <key>features</key>
    <dict>
      <key>dataLossPrevention</key>
      <string>disabled</string>
    </dict>

 

 

 

mcternan
New Contributor II

An update (101.59.10) appeared in the Current Channel (Preview) for me this morning. I've installed and tested on one system and was able to successfully upgrade. Hopefully this is released to the Current Channel soon.