Category Archive

Mac admin'ing

“Invalid Message – The message could not be parsed.” with Jamf Cloud

Posted on May 5, 2021 by alanysiu

Invalid Message - The message could not be parsed. is an odd error message for a jamf recon when you’re using Jamf Cloud, because if you Google that error message, there are only two results: FYI – Invalid Message – The message could not be parsed. Devices not updating inventory (Invalid Message – The message could not be parsed) The first is for on-premise Jamf and involves fixing a distribution point setting. The second tries to get some diagnostic data but then doesn’t actually give a solution. But what if you get that message, and you’re using Jamf Cloud, not


Why don’t Mac admins use MDM for Apple software updates?

Posted on April 28, 2021 by alanysiu

Context People who administer Mac deployments at a large-ish scale (hundreds to tens of thousands—i.e., large enough that you have to automate things and can’t physically touch every machine to change settings or install updates) generally want to be able to patch software and macOS while giving a decent user experience. I think you’ll find the vast majority of Mac admins (at least the ones on the MacAdmins Slack) don’t use MDM commands to install Apple software updates. What we used to be able to do was use the softwareupdate binary to script installs of software updates, but Apple’s made


Making sharding work with Munki catalogs in mind

Posted on March 31, 2021 by alanysiu

Some Munki admins use sharding to roll out to various portions of their fleet. Most versions of sharding create a random-looking (but not actually random) integer either between 0 and 99 or 1 and 100 that is based on a hash of the Mac’s serial number. Where that can be tricky is when you want to use it in conjunction with catalogs, which you likely do, especially if you have a catalog for early testers and one for VIPs or C-level execs. I’ve created a fork of munki-facts-conditions with a you can adapt for your own situation, based on


Copying the Rosetta 2 installer for offline installations

Posted on March 24, 2021 by alanysiu

I honestly don’t know why this gets asked about as often as it does, but I’ve seen several instances in which Mac admins want to know how to get the Rosetta 2 installer .pkg to be installed offline. The installer is about 6.2 MB, so I don’t think bandwidth is the issue, but maybe it is. In any case, if you have a Silicon-chip Mac with an active Internet connection, run softwareupdate --install-rosetta --agree-to-license to install Rosetta 2. Then, run grep "RosettaUpdateAuto.pkg" /var/log/install.log to find where the installer downloaded to. The location will likely be something like /var/folders/f5/_hdu19hcuin1ckjnqkjcndwkcnadskjnckjqwn/T/OAHSoftwareUpdate/RosettaUpdateAuto.pkg. Go to


Chrome mid-update versions and Munki

Posted on March 17, 2021 by alanysiu

Most of the time, if you want to patch Chrome using Munki, you just use add Chrome as a managed update or managed install to the relevant manifests in your Munki repo, and then have the AutoPkg Chrome.munki recipe import the new version of Chrome into your Munki repo from time to time (daily, weekly, etc.). And, most of the time, that isn’t an issue. Munki checks to see if the Chrome installed is the latest version, and then prompts to update if the latest version isn’t installed. That said, if Chrome is the primary browser your user is using,


Using a nopkg to “nudge” in Munki for Silicon Macs

Posted on March 10, 2021 by alanysiu

Context This is really just a proof-of-concept, but as of this writing both Nudge and Munki use the softwareupdate binary to try to download updates to see what’s available. With the Silicon chip Macs, Apple has now made it so that softwareupdate will prompt you for a password for downloading pending updates, even if you’re running as root. I strongly suspect both Nudge and Munki will move to some kind of model by which they either use an alternate method to determine which updates are pending (defaults read /Library/Preferences/ RecommendedUpdates isn’t always reliable, unfortunately) or will just ask that you


Conflict 409 Error: Duplicate alternate MAC address for Jamf API call

Posted on March 3, 2021 by alanysiu

Acknowledgements Major shoutout to Ben Toms from the MacAdmins Slack for pointing out what the issue is. The exact error message If you have a script that doesn’t return the actual response but just gives you an error code, you may get an error code of 409. If you Google something like 409 conflict jamf api, you’ll get a whole bunch Jamf Nation threads indicating that the 409 error comes up because your Jamf API account doesn’t have the correct permissions or you’re trying to update something to have the same name as some other thing (policy, profile, etc.). If


Adobe Package Downloader error on Big Sur

Posted on February 24, 2021 by alanysiu

If you get a The installation cannot continue as the installer file may be damaged. Download the installer file again. error when trying to run the Adobe Package on Big Sur, the quickest workaround (as of the writing of this blog post) is to copy the Adobe Package (or, more precisely, the .dmg that contains it) to a Catalina machine, and then run it there. P.S. I haven’t tried this myself, but Patrick Fergus on the MacAdmins Slack suggested you could also change the user agent string when downloading the Adobe Package Downloader so that the Adobe Admin


Updating Zoom manually if you’re using the Zoom IT installer

Posted on February 17, 2021 by alanysiu

What’s the issue? Many Mac admins use the Zoom IT installer to keep Zoom up to date, because it can actually be installed in the background. But if you (as a Mac admin) install the Zoom IT version and don’t immediately update to the latest Zoom version, your users will encounter a Your Zoom application is being managed by your IT administrator. Please contact your IT administrator to request an update. warning if they download a Zoom installer manually and try to install it: There are two workarounds for this if your users want to update right now instead of


“An error occurred during personalization” when updating to macOS 11.2

Posted on February 10, 2021 by alanysiu

Update Since I wrote this, Apple has already released macOS 11.2.1, so maybe this is no longer an issue? Not 100% sure. So see below if you are experiencing this issue. What’s the error? You may see this error when trying to download the update to macOS 11.2 if you’re on macOS 11.1. Software Update ToolFinding available software Downloading macOS Big Sur 11.2 Update Downloading: 100.00% Failed to download & prepare update: Error Domain=SUMacControllerError Code=7740 "[SUMacControllerErrorPrepareFailed=7740] Failed to perform Prepare operation: [MobileSoftwareUpdateErrorDomain(MSU):MSU_ERR_BRIDGEOS_PERSONALIZATION_FAILURE(44)_1_OSPErrorDomain:201_2_AuthInstallErrorDomain:11]" UserInfo={NSUnderlyingError=0x7ffc488150c0 {Error Domain=MobileSoftwareUpdateErrorDomain Code=44 "bridgeOS personalization failed" UserInfo={target_update=20D64, NSLocalizedDescription=bridgeOS personalization failed, NSUnderlyingError=0x7ffc488152b0 {Error Domain=OSPErrorDomain Code=201 "An error occurred