System Updates for Apple devices are broad and powerful, and there are quite a few common problems that can arise due to its complexity. In this article, we will be covering some common issues, what they mean, and how they can be remediated.
Table of Contents
- Devices are not updating
- An update occurred when it was not supposed to
- Update(s) not showing as available
- Unwanted pending update in GoLive
- Failed update during ADE
Devices are not updating
The first thing to check when devices aren't updating is the settings you have enforced and what events are generating for the device. Oftentimes, the update is being scheduled in accordance with the update settings in the policy, so it's best to verify whether the update is within the criteria of your settings or not.
To check your update settings, simply navigate to the policy that houses the update policies and select the "Updates" tab. Then, expand the relevant OS type. In another tab, navigate to an affected device's GoLive > Events tab. You will need to filter for the following, which will show the Addigy update activity.
- Filter: Any
- Is: =
- Value: Addigy DDM
If you are using scheduled update declarations, you should see an event like the one below. If so, please reference the Scheduled Update Declaration section.
If you only see events like this other example, you are leveraging updates via device AI. Please reference the Updates via Device AI section for further steps.
Scheduled Update Declaration
If you see an event with a date, reference the update settings in your policy and consider whether the enforcement day in the latest event is before or after the intended enforcement day by comparing this to the "Force install (x) days after release, at (y)" setting in your policy.
For example, if I have macOS 26.2 set to force install 90 days after release, the intended enforcement date is March 12th. If we are before that day, the enforcement date shown in events should match. If we are after that date, the device could be encountering problems that are delaying the update. These are some important things to review for devices that are past the enforced install day and consistently have problems completing the update:
- Was the device available for the scheduled install time?
- If you have an update set to install at 11 pm, there is a good chance that devices may not be available to update at that time. If desired, you could shift the enforcement time to something more like 6 pm.
- If you need help verifying this, please do not hesitate to reach out to our support team and we can review device logs.
- Does the device have a high uptime?
- How long since a device last rebooted can greatly impact update performance.
- You can view the uptime by reviewing the "Uptime" device fact. If this is something more than 14 days, there is a fairly good chance that certain update processes may be stuck, which a reboot can help remediate.
- Check for errors
- There are some instances where the update is encountering an error that is preventing it from updating. To check for errors, navigate to GoLive, select the blue OS version, and select the "Update Status (DDM)" tab.
- It's important to note that not all errors are valuable. Some errors give less than helpful information that in some cases do not necessarily interfere with the update. If you need help deciphering these errors, please do not hesitate to reach out to our support team for help.
- There are some instances where the update is encountering an error that is preventing it from updating. To check for errors, navigate to GoLive, select the blue OS version, and select the "Update Status (DDM)" tab.
Updates via Device AI
These updates rely on an internal machine learning mechanism that Apple has created to handle updates in the background. As such, there is no enforcement date and no information from the device on when or how long it will take to decide when to update. More on this here.
If you do not have deferrals configured in the Updates tab of the policy, the update should in theory apply within a matter of days or a week, but sometimes that does not happen. These are some important things to consider:
- Timeframe for the device to learn when to do the update
- The machine learning mechanism learns device usage habits and hardware availability. If it knows when a user will not be on the device and enough battery power will be available, it more than likely knows when to do the update. There is no certain timeframe on how long a device needs to plan when to update, but if it's been something longer than 3 weeks, there may be something interfering with the update.
- Does the device have a high uptime?
- How long since a device last rebooted can greatly impact update performance.
- You can view the uptime by reviewing the "Uptime" device fact. If this is something more than 14 days, there is a fairly good chance that certain update processes may be stuck, which a reboot can help remediate.
- Check for errors
- There are some instances where the update is encountering an error that is preventing it from updating. To check for errors, navigate to GoLive, select the blue OS version, and select the "Update Status (DDM)" tab.
- It's important to note that not all errors are valuable. Some errors give less than helpful information that in some cases do not necessarily interfere with the update. If you need help deciphering these errors, please do not hesitate to reach out to our support team for help.
- There are some instances where the update is encountering an error that is preventing it from updating. To check for errors, navigate to GoLive, select the blue OS version, and select the "Update Status (DDM)" tab.
An update occurred when it was not supposed to
When this happens, there are a few important things to account for:
- Was the update/upgrade initiated by Addigy?
- To check if an update/upgrade was initiated by Addigy, simply check out the GoLive > Events page and filter for the following:
- Filter: Any
- Is: =
- Value: Addigy DDM - Once filtered, look for the "completed installed-os-update" and expand the details and the install reason will be shown:
- The possible update reasons are as follows, with 'declaration' and 'mdm' being the two that indicate Addigy initiated the update. If a user performed the update and you do not want that to happen in the future, review point #3 in this list.
- system-settings
- install-tonight
- auto-update
- notification
- setup-assistant
- command-line
- mdm
- declaration
- To check if an update/upgrade was initiated by Addigy, simply check out the GoLive > Events page and filter for the following:
- Review if the update complies with your policy
- If the install reason of an unexpected update is 'declaration' or 'mdm', make sure to verify what settings you have to confirm if it was expected. For example, in this sequence, we can see the enforced install is set for Feb 3rd at 1 am. The update ended up installing Feb 3rd at 7:05 pm EST, which means the update installed as past due. This is expected according to the update policy applied to this device.
- If the update was technically expected but you do not want it to keep trying on other devices, you could change the Enforcement Days in the policy to not allow any day. This will force Addigy to pull any pending update declarations.
- If the install reason of an unexpected update is 'declaration' or 'mdm', make sure to verify what settings you have to confirm if it was expected. For example, in this sequence, we can see the enforced install is set for Feb 3rd at 1 am. The update ended up installing Feb 3rd at 7:05 pm EST, which means the update installed as past due. This is expected according to the update policy applied to this device.
- Deferrals and macOS blocker limitations
- If a Restrictions MDM profile is in place with settings to ignore updates, is the update older or newer than the deferral days configured? Apple allows for a maximum of 90 days to ignore an update, and if an update/upgrade is older than 90 days (or however long you defer the update for), then the update will be visible to users.
- Updates initiated via DDM can bypass deferrals, so be sure to check the install reason and what settings you are using.
- If our blocker is present, it's important to note that this is only capable of blocking installs that stem from the OS pkg installers. More info here.
- If neither were present and a device was updated, it's possible the device auto-updated or the end user initiated the update.
- If a Restrictions MDM profile is in place with settings to ignore updates, is the update older or newer than the deferral days configured? Apple allows for a maximum of 90 days to ignore an update, and if an update/upgrade is older than 90 days (or however long you defer the update for), then the update will be visible to users.
Update(s) not showing as available
Addigy will try to show available updates for a specific device, but there are some cases where the desired version may not show, or no updates are showing at all.
Specific update not showing as available
The first and easiest thing to check for is any configurations that could be hiding the update. Specifically, either the macOS blocker or update deferrals. These update deferrals can be configured in the Restrictions MDM Profile or through the Deferrals on the Policy > Updates page.
If there are no settings deployed that could block or hide the update, a reboot would be best. This will restart any softwareupdate specific processes on the device that could be stuck.
If the update still does not report, confirm if the device in question is properly communicating via MDM. If the device is not successfully communicating via MDM, Addigy will not be able to display the correct information. We have a guide on how to troubleshoot MDM connectivity here.
If the update is still not reporting, please reach out to Addigy support for further assistance with troubleshooting.
No updates available
First, it's best to review the points highlighted in the above section, "Specific update not showing as available", as what's covered there can be relevant here. Beyond that, there are a couple of factors that can cause zero updates to show as available within Addigy.
As of now, if a device has a pending update (example below), Addigy will not show that update as available.
If there is no pending update but no updates show available anywhere in GoLive, please reach out to Addigy support for further assistance with troubleshooting.
Unwanted pending update in GoLive
You may see scenarios where a pending update is reported in GoLive for a version that you are not deploying. Addigy will report all information it receives from the OS's SoftwareUpdateStatus messages, so sometimes, this is just idle noise from the OS and does not always mean the update is going to happen soon.
In this example, we can see that there is a pending update for 26.2, with the source being 'User', method being 'Install Tonight', and status is 'Prepared'. On the surface, that sounds like the user clicked "Install Tonight" somewhere on the device, and while that may be true in some cases, in others, it could be a false positive. In the case of a device that has been correctly configured not to automatically update, this is just the device saying that it has the update prepped for whenever the user may want to do the update, either via an immediate update or install tonight.
These are the settings configured in System Settings on this device. As seen, no settings are enabled that would allow this device to auto update to 26.2, and this example device is in no update policy within Addigy.
If you would like help confirming whether an update is indeed pending, please reach out to our support team for assistance.
Failed update during ADE
If you are using the "Minimum OS version required before enrollment" setting for ADE, it's good to make sure you are sending the latest OS version. In some cases, if you are setting a minimum version that is not the latest, it can lead to enrollment issues, like this error that states:
"System update could not be installed.
macOS could not be downloaded. Make sure you're connected to the internet and try again, or contact Apple support for assistance."