Troubleshoot: macOS Update Installation Failures

macOS updates require a healthy secure token to successfully install. This article helps you troubleshoot macOS update installation failures.

Symptoms

If the secure token for the current user isn't healthy (for example if it's missing, corrupted, or not properly associated with the user account), you'll encounter an error message during the macOS update process.

Error Message: Installation Failed. In order to continue installing, you need to be an owner.

Cause

macOS updates require a secure token to unlock the locked, signed OS partition via the macOS softwareupdate process. Local system updates require user authentication, even for non-admins applying minor updates.

An MDM-initiated update process doesn’t prompt for the user’s authentication because it can use a bootstrap token to unlock the system volume.

Resolution

If you encounter this error, it indicates the current user account either doesn't have a secure token or the existing token isn't functioning correctly.

To troubleshoot this error:

1. Verify the service account is healthy. See Troubleshoot: macOS Service Account to learn more.
2. Check the device's secure token status.
   • Open Terminal and run the following command: sysadminctl -secureTokenStatus <username>
3. Reset the user's password:
   • In some cases, resetting the user account password can resolve secure token issues. See Users: Change Your macOS Password.

4. Recovery Key (for FileVault): If FileVault is enabled, booting to macOS recovery and using the Recovery Key to reset the user’s password will re-provision a secure token for the account and bring its password back into sync.
5. Erase the system: Erasing the system and walking through the initial out-of-box configuration will provision a secure token to the first user account.
6. Contact Apple Support: If the issue persists, contact Apple Support or your organization's IT support for further assistance. They may have specialized tools to diagnose and repair secure token issues.