Jamf Nation Community

Nearly forgot:

JSS Version 8.6
Distribution Point is Windows Server 2008 R2 Enterprise using accounts local to that machine only, not a domain account.

And that's my issue as well, Greg. Then I get a bunch of lovely caspershare folders in Volumes with numbers after them.

I've had issues but only with deploying any mpkg's.

When I see a machine failing policies due to this I send a Unix Command via remote to unmount the volume. After that things work again.
diskutil unmount force /Volumes/CasperRemote

It's happening all over the place though, not just one machine.

We are seeing it sporadically. I'm just using that command as a temporary workaround until I get some time to dig into it further. Hopefully I will get a chance to log a call with JAMF later today.

Just to throw this up as well.

The could not mount distribution point error is also seen here with problems to do with deploying certificates - still working through this one.

Prior to installing the certificates policies are fine and distribution points mount.

The macs require a machine certificate issued by a windows CA. The machine certificate if installed manually there is no problem mounting the casper distribution point.

However if installing the machine certificate via a .mobileconfig file (either manually double clicking or via Casper configuration profiles) The host will no longer be able to mount the distribution point and all policies fail.

A sudo jamf enroll when the client is in this state will then allow the client to mount the distribution point and run policies.

Currently are not enforcing certificate based communications and this is still happening. Will be moving to certificate based though shortly.

Could the Windows server be opportunisticly locking (http://www.superbase.com/services_tech_support_oplocks.htm) the files of the share when a Mac attempts to access them? While one Mac is active on the share with read/write privileges it may be locking out other Macs.

That's just my random, off-the-cuff stab at the matter, so take it for what it's worth.

Christoph - Do you happen to know the bug ID on that?

@Greg, thus far there have not been many computers hitting the servers, classes aren't in session right now, so all of the hits to the share are fairly isolated. We have lots of shares hit with multiple machines all the time without issue.

Guess I'll be stepping up my move to HTTP DP here...was planning on it anyway.

We are in a similar situation here. With school starting i'm concerned that this will become a bigger issue.

I haven't looked into the HTTP option at all so if that is what is required to resolve this, I'll need to start down that path soon.

If this is a known bug is JAMF suggesting that folks enable HTTP? Is that a big deal? (i'm off to do research now. Just wondering how major of switch this will be)

Greg, I enabled HTTP on our distribution points today, it's fairly easy. Went as far as doing it over HTTPS and requiring authentication. Works well thus far, the errors have gone away. You also get the benefit of resumable downloads.

The only things I'd note for IIS On Windows is that I disabled anonymous access, enabled basic authentication, required SSL and installed the necessary certificate into IIS for the site I'm using (your clients must trust this, too), and then I added/modified MIME types for .pkg, .mpkg, .dmg, .bom, .pl, and .sh to be 'application/octet-stream' so they download properly. If you have other types in there for some reason (I've seen a few JSS' with other "stuff", quite odd) you'll likely need to add those, too.

I figure this was the quickest way to resolve the issue as I have a feeling the SMB share mounting issue will persist for some time before getting corrected.

Hmmmm, having issues with PKGs, which I'll assume MPKGs as well, with using HTTPS from IIS7, with authentication. The package downloads to /Library/Application Support/JAMF/Downloads/, but once installer tries to install it I get invalid path. Same thing happens if I try to cache it then install it. If I even try to double-click what it downloaded it's corrupt somehow. Happened to multiple PKGs. If I force back to SMB, works fine. Someone know something simple I'm missing with IIS settings or something else? DMGs and scripts work great, trading one solution for another problem it seems.

So along with my issues getting PKGs and MPKGs to come over HTTPS, I'm now seeing that 10.7 clients don't want to get SH files over HTTPS either, while the older OSes do just fine. I haven't tried 10.8 yet. Time to fire back up my old XServe just to be an AFP DP?

@ernstcs

Have a look in the post here to setup IIS correctly.
https://jamfnation.jamfsoftware.com/discussion.html?id=4266#responseChild23559

I realized what my mistake was, I started this thread with one particular topic, but once it came around to issues with IIS I never went back into search discussions for IIS, and that thread above of course was the top one. I'll give these settings a whirl later today. I'm sure switching my MIME type settings will correct the issues.

I fired up my old XServe and did an easy replication in Casper Admin and put an AFP DP in place. Naturally that works great, but those servers have gotta go unfortunately.

Thanks, Kumarasinghe