Any help on this would be great as I haven’t found any relief from this as of yet. We have been dealing with this for several months now spanning different updates, 10.13.4, 10.13.5, etc. and I have opened tickets with IBM to no avail. On a large majority of our MacBooks when we run the security update, after the user restarts it does not apply the update it just restarts like normal and the patch reports back as failed.
Now on some of the macs on a second and third attempt it succeeds, but after 3 attempts we still have 38/116 MacBooks needing 10.13.5 because it failed 3 times for them.
For 10.13.4 I did not run the Combo update, I just ran the regular update and had the same problems. This time around for 10.13.5 I ran the combo and still got failures. I know 10.13.6 is out, and we haven’t even gotten 10.13.5 to apply on 1/3 of our Macs, so sadly I am not expecting 10.13.6 to be any different.
I’m not sure yet if there is something with our network firewall that may be causing the issues because its reaching out to Apple or what the deal is. From the tests we did so far when we reach out to Apple to manually install the update it works though.
As an aside it is also frustrating that the patch reaches out to Apple to download and doesn’t have a BigFix server version that we can cache on our relays, as its causing our network to get pegged unless we stagger downloads, preventing us from using our baselines.
I ran into similar issues with the individual update fixlets a couple of years ago, and since then I’ve just started using a task that runs softwareupdate -ia and installs whatever available updates there are. Here’s the relevance for whether there are available updates on a given computer:
exists (unique values of string "Display Name" of it) of dictionaries of values of array "RecommendedUpdates" of dictionaries of files "/Library/Preferences/com.apple.SoftwareUpdate.plist"
A number of people have reported this before but there doesn’t appear to be a solution yet as it seems to happen at random. Usually it only fails once and not over 3 times like what you’re experiencing.
That’s because Apple stopped providing a direct download URL for a lot of the modern security updates, so this is the only way patches can be downloaded onto the endpoint.