Casper Admin will not mount DP in 10.9

freddie_cox
Contributor III

I have updated the JSS and local Applications to 8.73 yet Casper Admin fails to mount the primary DP when launched.

I can manually mount the DP and if I open CasperAdmin on a 10.7/10.8 box it connects to the main DP without a problem.

Resetting Casper Admin doesn't allow the connection. This is happening so far on two different machines.

Anyone have any thoughts on how to proceed?

1 ACCEPTED SOLUTION

freddie_cox
Contributor III

Interesting solution... switching my primary DP to SMB as a protocol. Connected right up.

Hopefully AFP isn't broken in Mavericks as well. :-)

Thanks all for your comments.

View solution in original post

39 REPLIES 39

jeffpugh
New Contributor III

Did you check for open kerberos tickets? I am running into a verify similar issue. Deleting Kerberos tickets resolves this issue for me.

freddie_cox
Contributor III

I ran a kdestroy -a but didn't look at ticket viewer to see if I had any active tickets. I'll take a closer look at this one and report back.

freddie_cox
Contributor III

Still no luck. No open kerberos tickets when viewing Ticket Viewer.app or klist in terminal. I even re-installed Mavericks yesterday as a hail-mary.

PeterClarke
Contributor II

Just tested mine: Works OK for me. (with clients: OSX 10.6.8 .. 10.9.0 )

My Distribution Point is on a Virtualised Mac OS X 10.6.8 Server, offering AFP, and HTTP.

freddie_cox
Contributor III

Thanks Peter

My primary DP is 10.7.5, physical, offering AFP only. I feel like there may be something server-side that I can do to resolve it but I am drawing blanks as to what might be a solution.

freddie_cox
Contributor III

Interesting solution... switching my primary DP to SMB as a protocol. Connected right up.

Hopefully AFP isn't broken in Mavericks as well. :-)

Thanks all for your comments.

Not applicable

I noticed that I needed to hold down Option when launching Admin v9.2 on OS X 10.9 and re-specify the JSS address, after that it mounted fine.

jeffpugh
New Contributor III

Switching to SMB did resolve my issue as well. Thanks freddie!

freddie_cox
Contributor III

Glad to help Jeff!

DVG
New Contributor III

I actually blew up the casperadmin/casperinstall accounts, removed from sharing, re-added & was able to mount. Server is running 10.8.5.

Dusty VanGilder

bentoms
Release Candidate Programs Tester

@freddie.cox & @jeffpugh on the macs where there is an issue, you should be able to find a CasperAdmin log file.

Can you check it? I wonder if the JSS is trying to mount //jss.fqdn/CasperShare & as we're now on 10.9 that changes to: SMB://jss.fqdn/CasperShare & not AFP://jss.fqdn/CasperShare as per pre-10.9.

Just wondering, as if that's the issue... Should be an easy fix for JAMF.

jeffpugh
New Contributor III

@bentoms Casper Admin / Remote loads without issue and mounts caspershare and everything works good if I don't have a kerberos ticket but with tickets I get negative results when using AFP.

mpebley
New Contributor III

I think our issue was I am using a service account (casperadmin) - you know the defaults for r/w access etc. I also setup svc accounts in AD with same shortname.This is what I used since v 5 of JSS - all worked fine.
What I did to fix was create a local account on the fileserver for AFP that doesn't have an associated AD account and I'm back in business.

freddie_cox
Contributor III

@bentoms where is the log located, I was trying to find it and was unsuccessful.

bentoms
Release Candidate Programs Tester

@freddie.cox I think it's ~/Library/Logs/CasperAdmin.log

freddie_cox
Contributor III

@bentoms The only thing that I have in that location is a Casper Admin Sync Log.log

I was hoping there was a way to access a log for Casper Admin to see what it was doing, but it doesn't appear to be writing one. Heck, I even ran composer while launching Casper Admin just to see what/where it was writing to.

Kumarasinghe
Valued Contributor

@freddie.cox][/url
You can put the Casper Admin to Debug mode by just putting a file named "debug" in app's "Support" folder.

sudo touch /Applications/Casper Admin.app/Contents/Support/debug

Then do the test and grab the debug log file from;
~/Library/Logs/JAMF/CasperAdminDebug.log
or
~/Library/Logs/CasperAdminDebug.log

I think this method applies for all Casper Suite apps.

freddie_cox
Contributor III

@Kumarasinghe][/url This was the nugget I was hoping to get out of this. Thanks so much.

After doing this I get this output:

Running Simple Shell Command: '/Applications/Casper Suite/Casper Admin.app/Contents/Support/jamf' mount -type afp -server 'server_address' -share 'CasperDP' -username 'CasperUser' -passhash 'hashofpasswordhere' -visible Simple Shell Result: Mounting afp://server_address/CasperDP to /Volumes/CasperDP... There was an error mounting the file server afp://server_address/CasperDP. Will attempt again. Mounting afp://server_address/CasperDP to /Volumes/CasperDP... There was an error mounting the file server afp://server_address/CasperDP. Giving up.

It appears the binary can't mount the dp for some reason and trying to run that manually in terminal results in the same error. Removing the password hash and using the -password flag also ends in a failed connection.

bentoms
Release Candidate Programs Tester

@Kumarasinghe nice one. That's what i was reaching for.

@freddie.cox can you map the drive via the GUI authenticating as the CasperAdmin user?

Do you have any special characters in the password? ?%*<$|*

Can you simplify the Casper admin password & then try?

freddie_cox
Contributor III

@bentoms -Yes, I can manually map the drive as the CasperAdmin user. -Yes, I do have special characters. -At this point I am too lazy to change the password as we have 14 DP's I would have to touch. :-)

bentoms
Release Candidate Programs Tester

@freddie.cox haha!

Can you change it for this 1 DP to see if it's the characters?

nessts
Valued Contributor II

they have this recent invention called Directory Services, you can set the password on a server and all the rest of the computers that are connected to the directory service know the new password. You should try it :)

bentoms
Release Candidate Programs Tester

@nessts then give all domain users read access to the drive as it'll mount using Kerberos?

We use server local accounts + HTTPS secured to that account to stop people nosing around our share.

nessts
Valued Contributor II

not sure my users are that smart to find the casper share and mount it and look around, and since they dont have admin rights. I figure if they have Self Service and can download and install the apps through that whats the harm in them viewing the share if they find it? Sorry i should not be a smarty pants and try to make humor.

bentoms
Release Candidate Programs Tester

@nessts.. Humour was fine & well placed (plus we NEED it here).

Just making a point... + mine are admins so why am I bothering? They can is install anything!!

Ok well old habits...

Right, now let's have a nose @ this new fangled directory whatjamajigger

Chris_Hafner
Valued Contributor II

Strangely, I'm experiencing the opposite symptom from freddie.cox Casper admin won't mount the SMB share for the primary DP via SMB. If I change it to AFP it mounts just fine and will replicate to either AFP or SMB shares. Switching back to SMB causes the error again. Hate to say it but I'm not sure this one is completely solved.

Chris_Hafner
Valued Contributor II

Well, here's what I found. Deleting

/Library/Preferences/com.apple.AppleShareClient

resolved my issue. Something must have kurfuffled at some point in the past.

freddie_cox
Contributor III

@Chris_Hafner - I just checked and I don't have that same plist. However, we just completed the upgrade to 9.21 from 8.73 and I am now able to sync all my DP's (SMB or AFP) from my Maverick's install without any issue.

Once again, thanks to the Nation for jumping in to help! (Even for the sarcasm!)

Chris_Hafner
Valued Contributor II

Good to hear! Though, that file may not exist in 10.9 with the "server" app. I just got the servers to finally stop doing stupid things after upgrading them to 10.8 so I'm leaving well enough alone for just now ;-)

Olivier
New Contributor II

We also had this issue since we upgraded to 8.73.

We had a special character (an @) in the read-only CasperShare AFP share password, and jamf binary always failed to mount the share in 10.9. The problem did not exist in 8.6.

After digging with "sudo newproc.d", I noticed that on 10.8, the password was not passed on the command line to mount the share, so this is why it continued to work : /sbin/mount_afp -i -o nobrowse afp://myuser@server:548/CasperShare /Volumes/CasperShare

On 10.9, the password was passed on the command line, and obviously failed to interpret the double "@@" (password was similar to "PaSsWoRd@") :

/sbin/mount_afp -i -o nobrowse afp://myuser:PaSsWoRd@@myDPname:548/CasperShare /Volumes/CasperShare

Somehow, it also failed with a "!" special character (don't ask me why, maybe it worked but we were in rush to fix issue after 8.73 upgrade), and we had no other choice than to change the password on 45 DPs :-((((

Walter
New Contributor II

If the passwords are being passed on the command line and are not being quoted, the shell is interpreting them before passing them to the mount_afp command. Some special characters would certainly have meaning to the shell and thus be stripped out and interpreted, so the resulting password string given to the mount_afp command would be incorrect.

We are seeing this exact same problem with our 10.9 clients running 8.73 CasperSuite trying to access a 10.6.8 server. This "special character in the password" possibility never crossed our mind until this thread came up. Unfortunately we in the Federal Government space have enforced password requirements that mandate at least one special character in the password so JAMF will have to resolve this or we will have to figure out how to upgrade our 10.6.8 Apple Server to OS X 10.9 and CasperSuite 9.x.

sbrosnihan
New Contributor III

Removing an @ character from my password resolved the issue for me. Running 10.9.1 on the DP and Casper Admin client, JSS 8.73

majedian21
New Contributor III

@sbrosnihan can you provide further details on all the steps you had to do to change the password? We have a password with a special character and I would like to test this. Did you just change the casperadmin user's password in the DP's File Sharing tab? Also need to change it in System Preferences?

sbrosnihan
New Contributor III

I reset the password in the users section of sever.app and on the JSS in the DP's sharing tab.

epardee
New Contributor

I'm not a User of this software but I found this post in searching for the same issue with special characters in my AFP password. Basically you have to encode them, i.e. @ = %40. You can find the applicable URL encodings here:
http://www.w3schools.com/tags/ref_urlencode.asp

- source: http://www.opendoor.com/shareway/pro/ug/afp_urls.html

Special characters in AFP URLs AppleTalk names and zones, and Macintosh volume, folder and file names often contain characters not normally found in URLs. These characters include spaces, slashes and high-bit ASCII characters (such as those used for international characters). AFP URLs should encode these special characters using the %xx construct (for instance, %20 for space). In many cases Macintosh browsers will understand URLs which contain special characters, but it is especially important to encode slashes (%2F) which otherwise will be used as directory delimiters.

perrycj
Contributor III

Just want to confirm what @sbrosnihan and @epardee said...

Having an @ in your password on your DP mac will cause it not to mount through Casper Admin. You can mount manually but not through admin. What a pain that was. Now it replicates fine. Thanks again.

dwoodfill
New Contributor III

So I'm basically having this issue. I get the same result as freddie.cox does except that I'm using SMB from a 2008 R2 server.
Changing the password does not address this issue.

Mine has an interesting twist in that I can use these just fine on the network where my JSS resides, but on VPN I'm not able to. Our VPN joins the same subnet I would be in if I were at the office. My client sites report the jss just fine as well.

Any thoughts?

martin_behrmann
New Contributor

We faced a similar issue.

Casper Admin 8.73 could not mount Casper Share via AFP from Casper 8 DP under OS X 10.9.x.
Same scenario worked under OS X 10.8.x

A local folder "CasperShare" was created in /Volumes but then Casper Admin just stalled.

We had a slash "/" in the password. After we got rid of that, mounting works as expected.

pmcgurn
New Contributor III

Just chiming in that the "Deploying OS X v10.7 or Later with theCasper Suite" PDF is much better than the above steps, because it pre-caches the huge install file, rather than having the user sit there and wait for it to download via Self Service.

Also, one note. When you copy the .app from /applications from /users/shared, you need to use copy/paste, rather than drag & drop. I found that OS X was creating an alias instead of moving the file, and when dragging that alias to Casper Admin 9.91, it would crash Casper Admin with a NPE.