With Addigy's new implementation of System Updates via MDM, update functionality now relies on MDM connectivity. Sometimes the MDM connection can be interrupted, preventing the update from proceeding.
The following will serve as a checklist for troubleshooting MDM updates.
Check for MDM Connectivity
MDM connectivity is required for updates to execute. Without MDM connectivity, the device will never receive theScheduleOSUpdate command and thus never update.
The best way to determine if a device is still communicating with MDM is by checking the last audit dates. Note that the device can be offline, so reference the Last Check-in device fact as well.
macOS
Suppose you find that a device has not checked in to MDM recently. In that case, you can leverage our MDMClient Connectivity Check fact to determine if this was caused by the MDM Identity Certificate in the keychain no longer being valid.
- If the fact returns "False," then you must remediate this by attempting a keychain restore or re-enrolling the device into MDM.
- If the fact returns "True" (the MDMClient is connected), the MDMClient may be hung. To remediate this, you can leverage our Restart MDMClient Service community script.
iOS
If a device has not checked in to MDM recently, the only known remediation steps are to restart or re-enroll the device.
Available Update Status: "There are currently no updates available"
You may see this message in the update status even though the device is on an outdated OS version. This may be because the built-in macOS software update utility is not working as expected. This mechanism is responsible for identifying, downloading, and installing all updates.
As a remediation step, leverage our Kickstart Software Updates community script. This should kickstart the "softwareupdate" process, allowing the device to poll for updates.
Another cause could be that the OS version is not compatible with the machine.
Troubleshooting Checklist
Does your deployment window allow the update to download and install within a reasonable timeframe?
Depending on the update and network speed/stability, the download and installation process can take longer than expected. This is particularly relevant for schedules with a deployment window of 2 hours or less.
Was the device online for an extended period during the deployment window?
This requires some scanning through the Apple Install log to see the times when the device was executing processes
Does the device have an Apple Silicon processor and was it enrolled manually via Device Enrollment? If so, does the device have the proper Secure Boot settings?
Manually-enrolled Apple Silicon devices require "Reduced Security Mode" and "Allow remote management of kernel extensions and automatic software updates" to be enabled for MDM updates.