JSS 9.100.0 Upgrade Problems

PatrickD
Contributor II

Obligatory post for new release upgrade problems/lack there of :)

33 REPLIES 33

apizz
Valued Contributor

I had no issues upgrading our JSS (on a Mac). No issues that I've noticed yet ... knock on wood

mickgrant
Contributor III

no issues upgrading apart from the Re-enrolment settings section not being named correctly
1fe2378bfd14461cbb48e9362c12fff8

HenryOzsoy
New Contributor III

same no issues with upgrade apart from Re-enrolment settings section not being named correctly.

neilmartin83
Contributor II

No issues with the upgrade here on my dev server (that I can see).

Clear your browser cache to fix the dodgy names. ;-)

mwessolo
New Contributor

No errors with the update itself.
But I can not see the point re-enrollment.
The browser cache was cleared, the server was restarted
The point appears / is also called "re-enrollment"?

9074a65e4bcd4b808dd2699c707df629
7059bbb3a14049c9a7b3e033600e7845

whitebeer
Contributor

upgrade works fine on our DEV-sever :)

sprovost
New Contributor III

upgrade was smooooooth!!!
I did notice that the resources folder (which contains the docs) was missing GRRRRRRR!
did this change from pdf docs to web page based docs?????
thanks
stephen

Nick_Gooch
Contributor III

@sprovost Yes it was removed. See Functionality Changes and Other Considerations

The following PDF files have been removed from the JSS Installers: Casper Suite Release Notes Casper Suite Administrator's Guide QuickStart Guide for Managing Computers QuickStart Guide for Managing Mobile Devices Jamf Software Server Installation and Configuration Guide for Mac Jamf Software Server Installation and Configuration Guide for Windows Jamf Software Server Installation and Configuration Guide for Linux Manually Installing the Jamf Software Server Links to this documentation in web-based format are now available on the JSS Installer download page on Jamf Nation. To access this page, log in to Jamf Nation and go to: https://www.jamf.com/jamf-nation/my/products

sprovost
New Contributor III

Nick: thanks.
What drove this action???????
not cool at all!
Now I can't access the docs unless I have a good internet connection.
While some areas, internet access is no issues.
But here, I don't have access to the internet at all times to review a web page.
Is there a web page, where there is as PDF file?

stephen

StoneMagnet
Contributor III

If anybody else is annoyed by the disappearance of the Resources folder with the PDF doc files, please give this feature request some Up Vote love: Provide PDF versions of documentation

sprovost
New Contributor III

with thanks to ryanstayloradobe
he posted a link to get pdf files as shown below

Posted: 21 minutes ago by ryanstayloradobe

PDF documentation is already provided here:

https://www.jamf.com/resources/resources-jamf-pro/product-documentation/

It's too bad it is no longer included in the DMG, but PDFs are still readily available.

mapurcel
Contributor III

just upgraded to 9.100 and everything seemed to go ok except my JDS instances are not working. I get the "(package) is not available on the HTTP server" error each time I try to download a package even though they appear to be enrolled correctly

StoneMagnet
Contributor III

@mapurcel Check the version of jamf binary on your machines and see if they've updated to 9.100. I was seeing a similar problem with errors accessing my SMB DPs immediately after updating, but after doing a sudo jamf policy to force a check-in the error cleared up.

juttmartin
New Contributor II

I'm seeing the same issue @mapurcel . This looks like an issue with the certificate being generated. It's not including the common name in the SAN (Subject Alternative Name) for the JDS server in the certificate. Therefore it's causing an error. For example, my certificate has jds.domain.local common name and for the SAN it has jss.domain.local and *.jss.domain.local but doesn't include jds.domain.local. I think that is whats causing the issue. This is now required for all certificates to include the common name in the SAN. This is known as certificate transparency and I'm seeing it being forced down more on internal applications. I really don't want to have to manage this on the JDS side to make this work since it will involve importing this into the keystores for tomcat and modifying apache.

Could someone at JAMF come up the fix to include the jds servers common name in the SAN part of the certificate?

juttmartin
New Contributor II

I submitted a support case to JAMF for the JDS certificate error.

mapurcel
Contributor III

@juttmartin thanks, which certificate are you referring to? I'm using a Linux JDS

smamdani
New Contributor II

I have some odd display bugs in our upgrade. 37bc8ef8b3134d0ba84c646c5a47c1c6

I saw a number of these. dd47de8d5f6840a0a4bae4d95e9ff9df
4e59f31d30784aa8b63c6a77da19cf6f

Anyone else see this?

cbrewer
Valued Contributor II

@smamdani command Shift R will force your browser to reload the page. That should take care of it.

Anyone have any clustering issues after the upgrade? I had to disable clustering directly in the database before I could get my primary JSS to start. After that, I turned clustering back on and then things were fine.4240fc2e81064f24a1c23589f5611758

juttmartin
New Contributor II

@mapurcel I'm seeing this when establishing a connection to JDS to pull a package. It's unable to establish a secure connection since it can't validate the certificate. I'm using CentOS and in this case being a certificate issue it wouldn't matter what OS you are hosting on.

mapurcel
Contributor III

thanks @juttmartin can you post the defect number here if your case results in one? I'll do the same.

juttmartin
New Contributor II

@mapurcel this is looking like a bug to me that wasn't caught for when the JDS pulls a certificate. JAMF told me so far to create another distribution using SMB which I'm not doing. If I don't hear back with a fix from them. I'm going to modify Apache and implement my own internal CA and certificates for JDS to fix the problem by the EOD.

juttmartin
New Contributor II

@mapurcel I fixed the issue on my end. The issue is exactly what I thought. I can't wait for a permanent fix from JAMF. I created a new certificate for JDS from my internal CA. This cert now includes the missing SAN name for the JDS server. I modified my Apache on JDS for this change and I'm now pulling packages just fine. I've relayed all my information troubleshooting the issue to JAMF. I'm new to JAMF products but as long as it's a linux box I can typically figure out whats going on and implement a fix really quick.

Here is the basic output confirmation:

Executing Policy Hype
Downloading Hype-3.6.3.pkg...
Downloading https://JDS_SERVER_HOST_NAME/CasperShare/Hype-3.6.3.pkg...
Verifying package integrity...
Installing Hype...
Successfully installed Hype.
Running Recon...

nigelg
Contributor

Have upgraded and all good so far apart from user error - the JSS didn't like it when I restored a backup of the web.xml from 9.98 but its all working since i restored the 9.100 version.

I do have a strange looking version number - JSS 9.100.0-t1499435238. Is that the new format? Bit of a mouthful.

georgecm12
Contributor III

Our JSS is simple, so upgrading went pretty much by the book.

@nigelg Yes, that has been the version numbering format since 9.99, I believe.

MrP
Contributor III

I saw the same things everyone is reporting with web interface issues. JAMF needs to hire a highly skilled project manager specializing in product development to make sure glaring issues are worked out before release, and new features are thought out and implemented fully.

cbrewer
Valued Contributor II

@MrP Before calling Jamf out, have you tried forcing the page to refresh? Most of the time, these are just page caching issues. It's a little annoying, but not sure I'd call it a glaring issue.

MrP
Contributor III

Yes, clearing my cache resolved the issue. If they had tested and seen that this was going to be a problem, they could have programmatically adjusted their cache expiration parameters, or at least notified us in the update download page that we should expect to clear our caches. None of the log sorting worked properly during this time and I was in the middle of a major issue on my end. Taking my time away from pressing issues to resolve something they should have been on top of is not acceptable to me. Period.

https://www.merriam-webster.com/dictionary/glaring

gachowski
Valued Contributor II

Jamf, please do not hire any additional program mangers, please continue your hiring as you see fit.

There is a reason Jamf is the industry leader and while this might meet the dictionary definition "glaring" I don't care about superficial issues like this, and I am almost 100% sure that most Jamf customers agree. I would also go as far as most Jamf customers would prioritize issues like this as the very last thing on the list of issue to get fix.

IMO

C

PS This is also not the correct place to post issues like this, the JSS has had this behavior after most updates. You are asking for a Feature Request to change a known behavior.

nigelg
Contributor

Its a web site. You are creating a new web site at the same address. Your browser might be cached with the old site settings. You could be upgrading from any version to this version and hit different issues for the same reason. Clearing the cache or trying a different browser would be standard troubleshooting steps for most technicians.

Upgrade to 9.100.0 working fine 24 hours later. All clustered servers upgraded successfully and were immediately aware.

vp18
New Contributor

We are trying to upgrade but receiving this error:

Updating init.d script...
Copying backup of Tomcat (/usr/local/jss/tomcat) to /usr/local/jss/backups/tomcat/2017-08-08_10-36-56...
Upgrading Tomcat...
Copying Tomcat files...
Setting permissions...
Restoring /usr/local/jss/tomcat/tomcat/conf/*.xml...
[Fatal Error] server.xml:74:2: XML document structures must start and end within the same entity.
Detected previously installed Tomcat version: 8
Skipping PermGen check because Java 8 was found...
Restoring /usr/local/jss/tomcat/tomcat/bin/setenv.sh to /usr/local/jss/tomcat/bin/setenv.sh...
Applying server.xslt to server.xml...
Error: Could not apply server.xslt transforms to server.xml

Any ideas?

mapurcel
Contributor III

the product issue for Linux upgraded JDS not working is PI-004248. If you are on Linux and upgrade the JSS to 9.100 the recommendation is to not upgrade the JDS

michaelhusar
Contributor II

@vp18 I saw "Error: Could not apply server.xslt transforms to server.xml"
when I had a broken server.xml

The jssinstaller.run needs a correct /usr/local/jss/tomcat/, because it makes a backup and after upgrading wants to restore the settings from the backuped server.xml

So check your /usr/local/jss/tomcat/tomcat/conf/*.xml
if they are brocken manually restore a good backup from /usr/local/jss/backups/tomcat/2017-xxxxxxx/tomcat/conf
and check permissions.

That helped me getting jssinstaller.run to work again.
Best
Michael

PS: Check your disk usage - running out of disk during upgrade broke my system once...

martin
Contributor III
Contributor III

Jamf decided to just completely remove JDS from the Assets page without any statement. I'm not happy with how they take care of this issue and how they communicate.

Read more here: JDS Installer 9.101.0 Not Available for Download