Casper Suite 9.82

mm2270
Legendary Contributor II

Just saw the email that 9.82 is now out. I took a look at the Release notes and it seems like several good fixes made it into this version. A couple that I noted-

[D-009724] When upgrading to a Casper Suite version that uses the new jamf binary location, launch services no longer fail to automatically use the new binary location if the computer loses its connection to the JSS during the upgrade. [D-009686] When upgrading the JSS to v9.8, the “Log out users after” option is no longer enabled by default in the Login Window payload of an OS X configuration profile.

There's also this one, under Deprecations:

• Policy status determined by checking script output for “error” and “fail”—The JSS no longer determines the status of a policy by checking script output for the words “error” and “fail”. As of v9. 82, the JSS now only uses error codes to determine the status of a policy.

Thank you JAMF for finally removing this functionality! I no longer have to worry about policy scripts causing false failures to be logged (once we upgrade that is)

Anything else in the notes that are important fixes for some of you out there?

51 REPLIES 51

hkabik
Valued Contributor

[D-009726] Fixed an issue that caused QuickAdd package installations to be delayed when a computer with OS X v10.11 is enrolled using a PreStage enrollment.

WOOWOO!

wdpickle
Contributor

I think we are going to jump on it. Have been having some issues this sounds like it will fix. Will let you know

david_yenzer
Contributor II

bump

thoule
Valued Contributor II

I donno about you, but the announcement I got had this text:

Please note: we've added a feature to automatically update App Store apps for iOS and OS X, however we've seen reports of unexpected behavior from some customers. We recommend waiting to use this feature until we post an update in JAMF Nation.

Just make sure you're aware.

tomt
Valued Contributor

The "Log Out Users" bug was the main thing keeping me from updating my JSS. Between this, 10.11.2 and the upcoming fixed Office 2016 volume license installer, January is going to be a good month.

wdpickle
Contributor

We got email telling us to turn that "feature" off until we get an email from the friendly folks at JAMF telling us to turn it back on (because they are working on it)

cwaldrip
Valued Contributor

Does this include an update to the JDS installer so it will work with Server 5 without jumping through hoops editing files?

Edit: JDS installer doesn't appear to have fixed this issue yet, at least in my quick test. This makes my documentation nearly twice as long and open to more potential errors. 😞

mm2270
Legendary Contributor II

Apparently I glossed over the entire What's New in This Release section, which, if you use VPP managed apps, both iOS and Mac App Store, has some nice feature enhancements you should check out. They don't add much for us since we don't use VPP or need to force MAS app updates, but still nice additions.

We're also going to upgrade to this, but next year. We were getting ready to go to 9.8 originally, but once I saw some of the issues of upgraded Macs losing their JSS connection and never coming back into the fold without manual intervention, we put the brakes on it. We've had enough issues of Macs going randomly MIA on us that that was the last thing we needed. It looks like that issue was resolved here.

Edit: OK, looks like maybe one of the new features isn't fully operational yet based on some of the comments above mine? Ah, oh well. No biggie for us though since we wouldn't be using it.

bcourtade
New Contributor III

I'll be happy when the iOS app update bug is fixed. That left me scratching my head for a couple weeks when an app would mysteriously stop working en mass every time an update came out and my users would have to re-install the app.

adamcodega
Valued Contributor

Everyone is failing to freak out about how we can mass update iOS now.

Important bug fixes:
DEP Mandatory enrollment works now on OS X
DEP QuickAdd delay fixed
Spotlight bug fixed in Casper imaging

mhasman
Valued Contributor

Mass deploy iOS updates is great improvement, thank you!
Wonder when we will see that available in Bushel 🙂

adamcodega
Valued Contributor

Trying to determine if it's a new MDM command from Apple or not?

Clean
New Contributor II

A lot of the new features and bug fixes in this update seem useful, but these two in particular will help with some recent headaches I've experienced:

[D-008182] Fixed an issue that caused the JSS to fail to distribute an updated user-level OS X
configuration profile to users that have previously received the profile.

[D-009880] Fixed an issue that prevented the scope of an app from being respected if there are
multiple apps with the same bundle identifier in the scope of multiple sites and one instance of the
app is updated.

Of course, the launch services fix is huge but I have already crossed that bridge (and, of course, set it on fire).

donmontalvo
Esteemed Contributor II

@thoule wrote:

Please note: we've added a feature to automatically update App Store apps for iOS and OS X, however we've seen reports of unexpected behavior from some customers. We recommend waiting to use this feature until we post an update in JAMF Nation.

Yep, this is where folks who did not properly package App Store apps are getting bitten in the bootie. 😉

ooshnoo
Valued Contributor

One bug I've already seen after updating is that our "update inventory" policy fails for every computer. Doing recon works fine though. Anyone else see this?

Aziz
Valued Contributor

@ooshnoo

Works fine for me. I just get this message during recon.

"2015-12-18 10:29:46.118 jamf[13968:1278352] CFNetwork SSLHandshake failed (-9807)"

Starting happening with OS X 10.11.2. I haven't done much research though, but it's probably unrelated.

donmontalvo
Esteemed Contributor II

Example of what happens when you strip out _MASReceipt folder. App Store doesn't know the app is installed. So it can't update it.

Keynote.app 6.6.1 is installed, but no _MASReceipt folder. So App Store offers to install it.

Guessing this is why the new feature isn't working for some 9.82 folks.

49d05e161aa8445ca18b8fae123912ff

mm2270
Legendary Contributor II

@donmontalvo If this is the case, and it may in fact be, then this isn't a bug in 9.82, so anyone not using the method of stripping the _MASReceipt folder should be OK. I guess it will be interesting to see what JAMF has to say. The email did specifically mention to wait on a "posting" from JAMF on the issue, so I suspect you're correct on your guess. I don't think they need to issue any kind of fix for this, since it may not be possible to even do so.

boberito
Valued Contributor

Great timing...this gets released while I'm sitting here at my school updating 60 iPads by hand haha....oye.

TJ_Edgerly
New Contributor III

@donmontalvo Have you tested using a "dummy receipt" in the _MASReceipt Folder? I know that was a popular method to use for iWork/iLife. We still haven't updated to 9.82 so I can't test.

donmontalvo
Esteemed Contributor II

@TJ.Edgerly I don't normally implement hacks that might break down the road. We haven't seen the problem.

TJ_Edgerly
New Contributor III

@donmontalvo Same here. Not a fan of a band-aid if a problem can be solved. I was just wondering if anyone had tested and if there were any results. I don't know if people are still using dummy receipts or not...but i just remember that is used to be very popular. Luckily i'm at an educational institution...so VPP is much cheaper (Also i have convinced departments to always purchase "a few extra")for us to implement than corporate environments. I am just curious to see what would happen if you had an app with a dummy receipt and then used the JSS to update.

Since school is out for the break...i may take a little time to set up a test environment and tinker. I need something else to do besides FallOut 4. 😉

Dalmatian
Contributor

@ooshnoo @Abdiaziz is the recon error still existing with 10.11.2? I'm still running on 9.81right now and plan to upgrade soon. any other issues?

apizz
Valued Contributor

I could have sworn I read somewhere that this update also allowed you to PREVENT iOS upgrades ... but after some looking I can't find anything to confirm this. Can anyone confirm or deny this functionality?

cbrewer
Valued Contributor II

9.82 allows you to force an iOS update, but not restrict one.

apizz
Valued Contributor

Damn. Thanks @cbrewer

Chris_Hafner
Valued Contributor II

I have to jump in regarding the MAS blank receipt 'hack' as @donmontalvo calls it. First, Don, I agree with you. However, this is a method I still use and for the following reason that I haven't yet thought of the best way around. We use the blank receipt method to capture, package and distribute iWork/iLife apps. Primarily because it allows the app to function from first boot and offers to update/authenticate the app based on the users own AppleID in the MAS. Once the user does this they are 100% golden. It also get's the user to enter their AppleID so I can skip the AppleID setup on firstboot. (our users computers are NOT bound to AD and are offline until they are booted and authenticated to our wireless network.

I get that this isn't a viable solution for most environments but we've got it working here. Mostly because we make a big deal of a campus wide "tech refresh" every 1st of the month. This is a monthly reminder that each user is supposed to run any available 'featured' Self-Service polices, check for Apple updates and restart their computers. So, at the moment I feel generally ethical AND successful. Heck, we're an educational institution so teaching people to do things is kind of in the job description.

The big issue I have with VPP (for free apps), from a BYOD standpoint, has to do with the fact that our student users already own these apps. If I were to use VPP versions of the apps after our initial imaging, I would need to remove our VPP licenses so as to replace said apps with the users properly authenticated versions of the iLife/iWork when the students leave at the end of the year. This takes far more time than having the properly authenticated version there in the first place. That' or leave them to figure it out on their own, which isn't very nice. That said, I'm sure that I'll have to stop doing that shortly and rethink around this particular box when I no longer have the option.

donmontalvo
Esteemed Contributor II

@Chris_Hafner sorry for using the word "hack", maybe "workaround" would have been better. The point I was making is when doing stuff like that, there is some risk. In this case not only does/did it break a new JSS feature (I guess we should wait for JAMF to confirm), it is also illegal in some countries to tamper with stuff like that. If it works and is legal and no kittens are hurt, go for it. 🙂

Josh_Smith
Contributor III

Has anyone found any showstoppers for 9.82? I haven't heard much, which is usually a good sign.

mm2270
Legendary Contributor II

Yeah, we haven't heard of anything negative really so far, which is good. I'm not sure if the timing of the release being so close to EOY had something to do with that though. A lot of organizations have end of year moratorium on changes, like upgrading Casper (I know ours does) so we may wait another week just to see if any more reports start to come in.
So far so good though. Unless something major surfaces, this is probably the 9.8x release we'll make the jump to.

emily
Valued Contributor III

No showstoppers, but I've noticed issues with enforced screenlocks on screensaver and screensaver after X minutes of inactivity. On some computers screenlock works, on some it doesn't. On some computers the screensaver after inactivity works, but then doesn't prompt for a password even though password lock is enabled. I only started noticing it after 9.82. So yeah, not really a showstopper, but definitely annoying.

scottb
Valued Contributor III

@emilykausalik - are those screen lock/saver issues based upon Profiles delivered in the JSS or another means? I assume the former?

Aziz
Valued Contributor

@emilykausalik @scottb

"Require password immediately" doesn't seem to be working for us on 9.82

optional image ALT text

optional image ALT text

emily
Valued Contributor III

@Abdiaziz Yep, looks like that's it. I wonder if it's a known issue in this version?

dgreening
Valued Contributor II

Bummer... We definitely manage those settings via config profile, and its working well on 9.81...

emily
Valued Contributor III

I just opened a case with my TAM. We'll see what happens.

mm2270
Legendary Contributor II

That is rather unfortunate, since we also manage that setting via Config Profile, and its a requirement to make sure its applying, per company security requirements. I'll have to poke around and see if we are using a locally created Config Profile uploaded into Casper or one created directly in the JSS UI. Can't seem to recall right now.
FWIW, I would consider not applying a security based setting properly to be a 'show stopper' for us, but I know not every environment has strict requirements around this stuff.

lindell
New Contributor

@Abdiaziz

Isn't this a known issue with prior versions as well?? I thought to "Require password immediately" you had to set a payload under the Passcode section.

ec715b45c4374012a797b6825d82e1e2

emily
Valued Contributor III

Isn't passcode an iOS setting? I didn't think OS X had passcode enforcement, but has password enforcement.