Skip to main content
Question

Random Policy Failure

  • October 27, 2012
  • 8 replies
  • 37 views
F
Forum|alt.badge.img+23

We're getting policy failures completely at random from what we can see. The general error log from the JSS always looks something like this:

/usr/sbin/jamf is version 8.62 Executing Policy *name here* ... Mounting afp://xx.xx.xx.xx/CasperShare to /Volumes/CasperShare... Mounting afp://xx.xx.xx.xx/CasperShare to /Volumes/CasperShare... (failover share) Error: Could not mount a distribution point.

We also get logs where it mounts the DP share correctly but then cannot see some/any/all of the package files. We've tried building a test NetSUS appliance and using the AFP shares from that. Our normal DP's are five ish year old Xserves running OS 10.5.8 ... except for one, which is on an iMac running 10.8.2 server. All the shares are AFP, so no SMB or HTTP are in use.

Could this potentially be a DNS issue? Our current DNS is more than a little flaky and we're in a project to migrate away from the current Novell one to a Microsoft one.

    8 replies

    mscottblake
    Forum|alt.badge.img+25
    • mscottblake
    • Honored Contributor
    • October 27, 2012

    I've seen this same issue randomly. It seems to be worse when the load is high. My shares are SMB though.

    F
    Forum|alt.badge.img+23
    • franton
    • Author
    • Esteemed Contributor
    • October 27, 2012

    I wish I could use load as an excuse but three macs on our test appliance shouldn't make it fail.

    B
    Forum|alt.badge.img+4
    • buckychappell
    • New Contributor
    • October 28, 2012

    We have seen a lot of these, and figured it was two policies stepping on each other: the second policy could not mount the distribution point because it was already mounted from the first policy.

    Eric 'Bucky' Chappell
    F
    Forum|alt.badge.img+23
    • franton
    • Author
    • Esteemed Contributor
    • October 28, 2012

    So casper is basically continually mounting and dismounting the DP share and it's getting hung up on itself? Oh jeez, that means completely redoing our JSS architecture.

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Hall of Fame
    • October 28, 2012

    I came to the same conclusion.

    We have a few policies that run @ login & every15.

    These are often scoped to smart groups, so I'm thinking of having one script @ login & one every15 with logic in the scripts akin to the smart groups.

    Haven't got around to doing it yet so cannot advise of that's the case.

    The other option would be to move from AFP to HTTP distribution points.

    This would also stop shares from being shown on the desktop.

    F
    Forum|alt.badge.img+23
    • franton
    • Author
    • Esteemed Contributor
    • October 28, 2012

    That's exactly what we have. I'm going to refer this whole thread onto my boss/casper architect and see what they think about testing an IIS http DP.

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Hall of Fame
    • October 28, 2012

    AFAIK, HTTP distribution used to be much slower than AFP/SMB... But I'll test & will reply once tested.

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Hall of Fame
    • October 28, 2012

    Opps... Dupe.

    Terms & ConditionsCookie settingsAccessibility statement