Jamf Nation Community

We have a primary node that is used for manipulating the jamf pro GUI and several children nodes behind a load balancer with the GUI disabled. I enabled the GUI and went and looked at the policy on each node and most of them showed an "Unknown" Package. 2 of the Nodes actually showed the package. Interesting, the package exists in the Settings > Packages menu.

Also note that https is the preferred method of distribution for on premise file share distribution, and that is what we are using. 

-Matt-

Are you fully on-prem or hybrid? In Settings > Packages I don't have the option to upload a package. I thought this was because we are on-prem only.

In my training classes we could upload using the GUI, but  I thought that was because a Cloud DP was accessible. We don't have a cloud distribution server.

I can manually upload the package to the SMB share and specify the name of the package in Settings > Packages, but in my testing it's been just as inconsistent as using Jamf Sync to do the initial upload and DP sync. 

We are fully on premise with our JSS and file share distribution point (running on local file server) but we have an AWS bucket setup as as a cloud distribution point as well. That allows install of items from Self Service for devices off network.  The cloud distribution point is authoritative in our setup.  

The lack of a cloud distribution point is why you are missing the upload button. Your workflow is correct. I would suggest changing to HTTPS distribution instead of SMB and see if the issue clears up. 

If you want to be able to upload directly from JAMF you can spin up an AWS cloud distribution point, set it as authoritative, and then use JAMF Sync to keep them in sync. I'd sort out the local file share distribution first though. 

-Matt-

The distribution of packages to MacOS Endpoints is via HTTPS already. However it was my understanding that the Distribution points themselves sync to each other and the web nodes using SMB. 

and regarding uploading files to the On-prem DPs from my admin computer, is your suggestion not to upload to them via mounting the SMB share? IT doesn't look like there is anyway to disable SMB sharing in JP settings. Does uploading to the DP's via something like scp make a difference in how tomcat nodes process the package? It's still the same share volume right?

I doubt my org is going to go for an AWS bucket or another cloud DP, although that would be swell.  

Your understanding is correct. I did not note https in your original screenshot but now I see it. You won't need to disable SMB in the JSS settings if you have HTTPS setup and the box checked to "Use HTTPS Downloads"  under the settings for the distribution point. 

Is one of your file share distribution points selected as the principal distribution point?  If so, is that the share that you are manually uploading to? Any errors in the policy log when it fails to download?

-Matt-

1. Yes we do have a primary Distribution point that we are uploading to first. I've even tried manually uploaded to both distrbution points (without Jamf Sync) to about the same results.

2. No Errors in the Policy. It just completes and doesn't pull any package. I'm guessing it's because over half of the children nodes show an unknown package in the policy. 

Also big thank you for taking your time to chat with me and try to help me. I really appreciate it. 

I'm running out of ideas 😂. If the distribution points are working fine with JAMF Admin I think you can rule those out.  If the file was actually failing to download you'd have an error in the policy log. It's just missing the .pkg in the policy on the child nodes. Can you post a picture of your clustering settings with any private info masked?

My guess is the deprecation of Jamf Admin wasn't taken into account for instances without any Jamf Cloud services. Whatever API endpoint that was deprecated in 11.6 probably forced all of the children nodes to sync with each other... othewise... *shrug*.

I do have a jamf support ticket open, otherwise this is a pretty gnarly work around when uploading new packages. 

For what it's worth, it doesn't seem to be an issue with overwriting an existing package (upload GoogleChrome.pkg with a newer version with the same file name). 

Thanks for helping me look at this. 

Let us know what you find out with support. I'm curious what the problem is. 

-Matt-

this may not be possible with an on-premise setup as I have never had to deal with that, that being said for my larger packages; I've taken to uploading them to the jamf cloud once, and then using Jamf Sync to bring them down to the local lan distribution points. The policies can then be modified to use the cloud or local DPs as necessary.

that was an interesting read. the only detail i noticed that may be overlooked if you were in a hurry, the packages must be in a .../Packages folder when copied to the share.

So in the form of /Volumes/<share>/Packages when mounted. Maybe double check that the packages are in a /Package subfolder.