- Jamf Nation Community
- Products
- Jamf Pro
- JSS 8.51 Casper Imaging issues - removes MDM profi...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
JSS 8.51 Casper Imaging issues - removes MDM profile at startup
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-16-2012 09:46 PM
I have installed JSS 8.51 and update the Casper Imaging app to 8.51 on our existing netboot image and found some issues after imaging.
At the first login window we can see the our 802.1X profile has been installed but the MDM profile gets deleted automatically.
Machine is already bound to AD but it gives an error (it seems it is trying to bind to AD again)
see the log attached;
/var/log/jamf
Tue Apr 17 11:47:26 casper-test-7 jamf[7358]: Deleting user adobeinstall...
Tue Apr 17 11:47:26 casper-test-7 jamf[7358]: Deleting home directory for adobeinstall...
Tue Apr 17 11:47:48 casper-test-7 jamf[8451]: Reboot. Immediately.
Tue Apr 17 11:47:48 casper-test-7 jamf[8451]: Rebooting computer immediately...
Tue Apr 17 11:47:55 casper-test-7 jamf[7074]: Bound to Active Directory (ad.mycompany.edu)
Tue Apr 17 11:48:51 casper-test-7 jamf[262]: Checking for policies triggered by "startup"...
Tue Apr 17 11:48:52 casper-test-7 jamf[262]: Upgrading Self Service.app...
Tue Apr 17 11:48:53 casper-test-7 jamf[262]: Executing Policy ToshibaEStudio4520C...
Tue Apr 17 11:48:55 casper-test-7 jamf[322]: Removing previous MDM profile
Tue Apr 17 11:48:55 casper-test-7 jamf[262]: Installing TOSHIBA e-STUDIO 4520C Series 10_4.pkg...
Tue Apr 17 11:48:58 casper-test-7 jamf[398]: Binding casper-test-7 to ad.mycompany.edu...
Tue Apr 17 11:49:01 casper-test-7 jamf[262]: Successfully installed TOSHIBA e-STUDIO 4520C Series 10_4.pkg.
Tue Apr 17 11:49:01 casper-test-7 jamf[262]: Installing TOSHIBA e-STUDIO Extra Features.mpkg...
Tue Apr 17 11:49:04 casper-test-7 jamf[262]: Successfully installed TOSHIBA e-STUDIO Extra Features.mpkg.
Tue Apr 17 11:49:08 casper-test-7 jamf[398]: An error occurred binding to Active Directory: dsconfigad: This computer is already 'bound' to Active Directory. You must 'unbind' with '-remove' first. (Attempt 1)
Tue Apr 17 11:49:18 casper-test-7 jamf[398]: An error occurred binding to Active Directory: dsconfigad: This computer is already 'bound' to Active Directory. You must 'unbind' with '-remove' first. (Attempt 2)
Tue Apr 17 11:49:28 casper-test-7 jamf[1291]: Checking for policies triggered by "login" for user "administrator"...
Tue Apr 17 11:49:29 casper-test-7 jamf[398]: An error occurred binding to Active Directory: dsconfigad: This computer is already 'bound' to Active Directory. You must 'unbind' with '-remove' first. (Attempt 3)
Tue Apr 17 11:49:39 casper-test-7 jamf[398]: An error occurred binding to Active Directory: dsconfigad: This computer is already 'bound' to Active Directory. You must 'unbind' with '-remove' first. (Attempt 4)
Tue Apr 17 11:49:49 casper-test-7 jamf[398]: An error occurred binding to Active Directory: dsconfigad: This computer is already 'bound' to Active Directory. You must 'unbind' with '-remove' first. (Attempt 5)
Tue Apr 17 11:49:49 casper-test-7 jamf[398]: Error: Giving up on Active Directory binding after 5 attempts.
Tue Apr 17 11:49:50 casper-test-7 jamf[1552]: Checking for policies triggered by "startup"...Also found FirstRun scripts are now located in;
/Volumes/<destination drive>/Library/Application Support/JAMF/FirstRun/
everything works fine with 8.43 Casper Imaging app.
Our image is a compiled InstallESD OS image.
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-16-2012 11:00 PM
The new 1st run has a reboot & recon as part of it.
So, could it be you're triggering a reboot before the firstrun completes?
I was, which effectively meant that the mac's would keep restarting & keep
Rerunning the first boot.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2012 05:17 PM
Yes. I had my PostInstall script to trigger a reboot.
I'll test it without the reboot trigger.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-20-2012 01:01 AM
Even without reboot trigger it fails. So something wrong going with 8.51 Casper Imaging app.
It seems like the tasks after reboot order has been changed so the scripts to run "At Reboot" experience issues.
Apart from MDM profile gets deleted and trying to rebind to AD there are some other issues.
I have a FirstBoot script setup to run "At Reboot" and with v8.43 it runs after the Management account created.
Now with 8.51 it seems that FirstBoot script runs before the management account gets created.
This is causing a lot of problems during imaging time.
For the workaround we use Casper Imaging 8.43 in our netboot image.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-20-2012 09:27 AM
Thusitha,
To help assist our development team in reproducing this behavior and investigate this more, can I have you take a snapshot of your imaging plan (This can be obtained by launching Casper Imaging and it's the view in the left window pane). With this snapshot, we hope it will help give us a better understanding of the workflow Casper Imaging is trying to do.
Thanks for your continuous use of the Casper Suite
Chuo Lee
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-20-2012 11:59 PM
Thanks Chuo.
I have emailed you the exact steps to reproduce the issue including the snapshot and post install script.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-26-2012 11:19 PM
Still having issues even with the 8.52 update.
2012-4-26 9:44:21 Formatted Macintosh HD
Thu Apr 26 09:44:22 NetBoot001 jamf[420]: Set Computer Name to casper-test-7
Thu Apr 26 09:44:22 NetBoot001 jamf[446]: The SSL certificate for https://jss.mycompany.edu:8443/ must be trusted or the jamf binary will not connect to it.
Thu Apr 26 09:44:22 NetBoot001 jamf[520]: Creating .AppleSetupDone...
Wed Apr 25 16:46:25 casper-test-7 jamf[5797]: Checking for policies triggered by "login" for user "adobeinstall"...
Wed Apr 25 16:46:27 casper-test-7 jamf[6044]: Enforcing Management Framework...
Wed Apr 25 16:46:27 casper-test-7 jamf[5556]: Creating user administrator...
Wed Apr 25 16:46:33 casper-test-7 jamf[6044]: Enrolling machine...
Wed Apr 25 16:46:45 casper-test-7 jamf[6044]: Creating Usage Monitoring Task...
Wed Apr 25 16:46:49 casper-test-7 jamf[5556]: Removing previous MDM profile
Wed Apr 25 16:46:56 casper-test-7 jamf[6917]: Setting home page to 'www.mycompany.edu' for Existing Users and User Templates
Wed Apr 25 16:47:01 casper-test-7 jamf[7429]: Installing mycompany_Desktop_Pictures_v1.pkg...
Wed Apr 25 16:47:04 casper-test-7 jamf[7429]: Successfully installed mycompany_Desktop_Pictures_v1.pkg.
Wed Apr 25 16:47:04 casper-test-7 jamf[7622]: Running Script PostImageScript.sh...
Thu Apr 26 09:47:14 casper-test-7 jamf[5556]: Enforcing Management Framework...
Thu Apr 26 09:47:14 casper-test-7 jamf[5556]: Enrolling machine...
Thu Apr 26 09:47:15 casper-test-7 jamf[5556]: Creating Usage Monitoring Task...
Thu Apr 26 09:47:15 casper-test-7 jamf[8443]: Binding casper-test-7 to ad.mycompany.edu...
Thu Apr 26 09:47:21 casper-test-7 jamf[8545]: Deleting user adobeinstall...
Thu Apr 26 09:47:22 casper-test-7 jamf[8545]: Deleting home directory for adobeinstall...
Thu Apr 26 09:47:44 casper-test-7 jamf[9649]: Reboot. Immediately.
Thu Apr 26 09:47:44 casper-test-7 jamf[9649]: Rebooting computer immediately...
Thu Apr 26 09:48:48 casper-test-7 jamf[288]: Checking for policies triggered by "startup"...
Thu Apr 26 09:48:49 casper-test-7 jamf[288]: Upgrading jamf binary...
Thu Apr 26 09:48:50 casper-test-7 jamf[288]: Upgrading jamfHelper.app...
Thu Apr 26 09:48:50 casper-test-7 jamf[229]: Removing previous MDM profile
Thu Apr 26 09:48:51 casper-test-7 jamf[288]: Upgrading Self Service.app...
Thu Apr 26 09:48:51 casper-test-7 jamf[427]: Binding casper-test-7 to ad.mycompany.edu...
Thu Apr 26 09:48:52 casper-test-7 jamf[471]: Enforcing Management Framework...
Thu Apr 26 09:48:52 casper-test-7 jamf[471]: Enrolling machine...
Thu Apr 26 09:48:53 casper-test-7 jamf[471]: Creating Usage Monitoring Task...
Thu Apr 26 09:49:01 casper-test-7 jamf[427]: An error occurred binding to Active Directory: dsconfigad: This computer is already 'bound' to Active Directory. You must 'unbind' with '-remove' first. (Attempt 1)
Thu Apr 26 09:49:11 casper-test-7 jamf[427]: An error occurred binding to Active Directory: dsconfigad: This computer is already 'bound' to Active Directory. You must 'unbind' with '-remove' first. (Attempt 2)
Thu Apr 26 09:49:21 casper-test-7 jamf[427]: An error occurred binding to Active Directory: dsconfigad: This computer is already 'bound' to Active Directory. You must 'unbind' with '-remove' first. (Attempt 3)
Thu Apr 26 09:49:31 casper-test-7 jamf[427]: An error occurred binding to Active Directory: dsconfigad: This computer is already 'bound' to Active Directory. You must 'unbind' with '-remove' first. (Attempt 4)
Thu Apr 26 09:49:41 casper-test-7 jamf[427]: An error occurred binding to Active Directory: dsconfigad: This computer is already 'bound' to Active Directory. You must 'unbind' with '-remove' first. (Attempt 5)
Thu Apr 26 09:49:41 casper-test-7 jamf[427]: Error: Giving up on Active Directory binding after 5 attempts.
Thu Apr 26 09:49:44 casper-test-7 jamf[745]: Checking for policies triggered by "startup"...
Thu Apr 26 09:49:54 casper-test-7 jamf[927]: Checking for policies triggered by "login" for user "administrator"...Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-26-2012 11:24 PM
Looks like your macs are repeating the enroll steps.
Is the post install script something you added?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-27-2012 12:31 AM
It is a custom post install script and working fine with 8.43 without any issues.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-27-2012 12:34 AM
There was some changes to the first boot with 8.5.
If you image a mac, then kill the jamfhelper process & go to /Library/Application Support/JAMF/FirstRun/ (i think).. you'll be able to grab the new script.
I'm guessing both your post install & the 1st run are running something like:
sudo jamf enrollWhich is unenrolling.. or something along those lines.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-27-2012 12:47 AM
No.
This is the last bit of the policy.
Same outcome even if I disable both commands.
# reset policies that need to run again
/usr/sbin/jamf flushPolicyHistory
# rebooting system one more time so all mcx and updates and first run boot polices run through
/sbin/shutdown -r +1 &
exit 0Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-27-2012 06:18 AM
ok.. how about if you image without your script?
