A very annoying bug in the latest release of Workspace ONE Intelligent Hub caused us to uninstall it from our macOS fleet using Munki.
Last week VMware released version 23.04.0 and the users in our testing group were immediately bombarded with a confusing error dialog. These errors would appear repeatedly throughout the day and worst of all, steal focus every time.
We halted the rollout and immediately engaged VMware support who confirmed the issue isn’t isolated to our tenant. Multiple customers are experiencing the bug including others in the #workspaceone channel on the MacAdmins Slack.
However despite pulling 24.04 from Munki and making sure automatic updates were disabled in our WS1 console, the install count continued to climb. With no resolution in sight from VMware we decided to remove 24.04 from our fleet completely.
So much for Read-Only Friday! Read on for the details…
We had originally hoped to ride out the errors until VMware released a fix. Under 100 devices had received the update when we started investigating. However by Friday afternoon Intelligent Hub was still being auto-updated and the level of complaints was escalating.
Downgrading Software with Munki
We use Munki to install and patch third-party software so that is how we decided to remediate Intelligent Hub. Munki doesn’t natively support downgrading software, but there were a couple approaches I could take.
One option would be to edit the installs array for the previous release so that Munki would install it over top of the newer problematic version.
I decided to use a NoPkg to check for the problem version (23.04) of Intelligent Hub and then uninstall it if found. This would then trigger Munki to install the latest version in the repo, which is now the previous month’s release (23.03).
Using a NoPkg gave me these benefits:
- I didn’t need to change the installs array in the existing PkgInfo for 23.03.
- It let us run the full Hub uninstall script in case that extra cleanup mattered.
- It made it easier to exclude specific computers from the downgrade so we could continue to test and gather logs.
A downside to this approach is that Intelligent Hub won’t get reinstalled until the next Munki run about an hour later.
The NoPkg contains two scripts to do the work. First is the
installcheck_script that evaluates whether 23.04 is installed:
#!/bin/bash # Version 23.04.0.13 of Workspace ONE Intelligent Hub has an annoying bug # This script checks the installed version and triggers remediation if needed # Make sure Intelligent Hub is installed if [[ -e /Applications/Workspace\ ONE\ Intelligent\ Hub.app/Contents/Info.plist ]]; then # Get the version of Intelligent Hub currently installed hubVersion=$(/usr/libexec/PlistBuddy -c "Print CFBundleVersion" /Applications/Workspace\ ONE\ Intelligent\ Hub.app/Contents/Info.plist) else # If not found, exit 1 to skip the postinstall_script echo "Intelligent Hub is not installed, no action needed." exit 1 fi if [[ $hubVersion = 23.04.0.13 ]]; then # If the version matches, exit 0 to trigger the postinstall_script echo "Version 23.04.0.13 is installed, remediation needed." exit 0 else # If the version doesn't match, exit 1 to skip the postinstall_script echo "The problem version is not installed, no action needed." exit 1 fi
If it is, the
postinstall_script is executed which uninstalls Intelligent Hub. Ideally with the official uninstall script but by just deleting the application bundle if needed:
#!/bin/bash # This script removes Workspace ONE Intelligent Hub if the installcheck_script determined the need # Make sure the Intelligent Hub uninstall script exists if [[ -e /Library/Scripts/hubuninstaller.sh ]]; then # Use it to uninstall Intelligent Hub echo "Uninstalling Intelligent Hub." /bin/bash /Library/Scripts/hubuninstaller.sh else echo "Intelligent Hub uninstall script is missing; deleting the application to trigger reinstall." /bin/rm -rf /Applications/Workspace\ ONE\ Intelligent\ Hub.app/ fi
The install count of Intelligent Hub version 23.04 immediately began falling after this NoPkg rolled out to the fleet. This will allow us to eliminate disruptions to our users while we await a fix from VMware.
The full NoPkg file is available on GitHub.