Open Tuttu opened 5 months ago
iancd-hofy
commented
5 months ago @Tuttu - Does this time frame look right? WorkflowZeroDateAutomatic = "2024-02-09:09:19"; DeadlineDaysSoft = 5;
2024-02-11 18:12:51. 14.3.1-23D60 update is discovered by Software update. 2024-02-11 19:18:57. You choose to defer by for one day.
2024-02-11 19:48:47 Super launches itself. Mac OS installer preflight begins no prompt.
Tuttu
commented
5 months ago Hello @iancd-hofy ,
Yep, it looks right. The Mac was opened and running at this time and date. I was watching a replay and then left the Mac idle (Completely forgot it was there while doing some work at home ๐ ) so it was idle with the lid opened and with a replay that was ended still in full screen but the screen itself went to sleep.
I don't explain why it decided to install the update before the deadline though.
iancd-hofy
commented
5 months ago @Tuttu I've experienced something similar with a few Apple silicon devices where my soft deadline is ignored but did not have a verbose log like yours which was useful to examine. I am not using Jamf.
I also can't explain why it decided to install the updates.
Do you have a Jamf or some sort of cron script script which manually launched super around the 2024-02-11 19:48:47 mark?
Tuttu
commented
5 months ago @iancd-hofy I don't think so. All we have is a Jamf policy to install Super which has 3 arguments (The Jamf client ID and secrets and the --reset-superargument) and which is executed only once.
In the logs, we can see that the super daemon started first at 18:12, when I have booted the Mac. It fails to authenticate with the Jamf Pro API and then perform a full update/upgrade check. super finds the 14.3.1 minor update available and at 18:13:05, the bootstrap token is successfully escrowed and validated with the Jamf Pro server.
Right after that, it says that it is Unable to validate the saved --auth-jamf-client credentials and the workflow fails. It will auto-launch again 60 minutes later.
Fast forward and it's now 19:13. super kicks again and shows the IBM notifier windows asking to chose between a deferral or a reboot. I'm not in front of the Mac so the windows times out and select the 30 minutes deferral automatically. Fast forward again and it's now 19:48. super kicks once more and shows the IBM notifier windows asking to chose between a deferral or a reboot. Here again, I'm not in front of the Mac so the windows times out and select the 30 minutes deferral automatically. It's not 20:28 and we are in for yet the same loop. See you again in 30 minutes. You know the drill. It's 20:53, nobody's in front of the Mac. cya at 21:33. New cycle at 21:38 and then, I notice the Mac and stop it before 30 more minutes have ellapsed.
We now are on Monday and it's 7:57 when I boot the Mac and start working. super goes to life and what's following is a mystery to you as the logs stops here so I will tell you the rest of the story. It tries to download the update but fails after a timeout. It's 8:24 when that happens so super will start again at 9:24. Fast forward, it's 9:24. And this is when it has happened. I'm adding all the other logs to that message so you can also review them. ๐
I also checked all my archives and unfortunately, I don't have the logs for the first time it happened on the 8th of February. โน๏ธ
iancd-hofy
commented
5 months ago @Tuttu Thanks for the background notes. I will look over these new logs. For info, I've seen similar behaviour in my org on multiple devices when the soft deferral deadline is not respected, although I have not been able to replicate on my own device where I'm collecting verbose logs (like you).
We employ a regular weekly MDM command that starts super and checks for new versions, and reinstalls super if it's been deleted - that runs in addition to super's internal scheduling (which is now much improved in version 4 rewrite). It may even run in parallel if a super operation is running. We've stopped that command for the period until can track this issue. It's not good experience for users in the middle of working to be pushed into OS update.
There has been some media reports of macOS automatically installing without prompting the user but to my knowledge this is a Ventura to Sonoma major upgrade, not a 14.2 > 14.3 or 14.3 > 14.3.1 like you have seen. Thanks for sharing.
Tuttu
commented
5 months ago Hello @iancd-hofy
You're welcome. I will continue to monitor what's happening next time an update is available. By the time it happens, don't hesitate to tell me if I should plan to test anything in particular so I can get everything needed on D-Day. ๐
I will also have to add a similar MDM command like yours to perform a weekly update check and reinstall (when needed). I guess you are simply launching the super script without arguments?
Tuttu
commented
4 months ago Hello,
A new macOS is available. I will provide more information if things have evolved. I will also deploy to more users so I will have more chance to gather logs in case of failure to respect the deadline.
Tuttu
commented
4 months ago Hello @iancd-hofy !
Is it normal that a minor update is installed while the computer is turned on and waiting on the login screen with no user connected at all? Or is it a bug?
iancd-hofy
commented
3 months ago Hello @Tuttu Just following up here that with with 14.4.1 I was able to replicate the problem. However it was found to be an error on our part with engineering of the Super update script command that ran on a schedule for us. Since disabling the bad script we've had no problems.
I hope you have not had repeats of the issue yourself. Unless we more reports it would be a courtesy to the developer to close this issue I think because it's been open for a while now.
Tuttu
commented
3 months ago Hello @iancd-hofy ,
Just this morning, my Mac has once again had a weird behavior. I still need to read the logs to know what really happened but I'm starting to feel like the issue comes from a weird configuration on my end. Looks like my Mac is the only one affected in our fleet.
Macjutsu
commented
1 month ago Please try the latest release of super as it may resolve this issue: https://github.com/Macjutsu/super/releases/tag/v4.1.0-beta1
Tuttu
commented
1 month ago Hello,
I will give it a try next week as I plan to work on Super at that time. I will let you know if that solves that issue for me. :)
Hello,
We are currently trying Super to check if it can work for us. This morning, it installed an update (14.3.1) by itself without even prompting me (We use Jamf API credentials). I was a bit taken aback for two reasons:
I can't explain why the update have been installed before reaching the deadline and without even being notified. It's the second time Super is installing an update without prompting me and before the deadline is reached so either there's an issue with my config or there's a bug somewhere and I think I will need your help to sort it out. :) I have attached logs for this morning. If needed, I can also give the next set of logs.
super-logs-2024-02-12.08-10-30.zip