Jamf Nation Community

what was your solution? build a secondary DP that was not bound to AD?

For us we moved to HTTPS DP's.

I built up a secondary DP that was not on my domain - same error.
I enabled it to be HTTPS, turned on the Website service in Server and it still errors out - however the error is different for HTTPS - it says,
Could not connect to the HTTP server to download Firefox.dmg

Sorry just read your initial post, do you have multiple DP's? Has this DP been fully replicated from the master?

(Ignore the HTTPS for now).

we have only been running one DP for the past few years.
This secondary one I just built - yea, casperadmin says replication was complete, and it took a few minutes.
My content is less than 50gigs and I was surprised to find replication only made an XML file in that share...unless that is what's wrong.

Yep sounds massively wrong.

You should see a complete replica of the CasperShare as per your Master.

What version of the JSS is this btw? What OS is the DP & Master?

been running 8.71 when I discovered this little nugget problem with my AD bound devices.
I rebuilt my master DP share this morning - that did make it work once on a client, but I have not been able to reproduce it. Upgraded to 9.01 shortly thereafter.
MacOS Server 10.8.4 on both the master DP (that has the JSS installed) and the secondary DP I built today.
I'll go checkout that replication again...see if I can get it to populate with something other than the XML file.

ok, the replication was my goof - it was all there, but in my haste, I pointed my JSS to the wrong folder. Doh. :-)
Fixed that - I see all my cloned contents..and now - I can install Firefox from the failover DP.

hkim is on to something, but I don't understand what he means.
My master DP is bound to my domain, the secondary DP is not.
Running Firefox from either Terminal with a trigger policy or from self service now works thanks to my secondary DP...but it still generates a error since it failed on the Master DP:

Actions from policy log: Executing Policy Install Firefox... [STEP 1 of 3] Mounting 10.99.6.136 to /Volumes/CasperShare... [STEP 2 of 3] Error: The package (Firefox.dmg) could not be found. Retrying using distribution point 10.99.4.2... Mounting 10.99.4.2 to /Volumes/CasperShare2... Installing Firefox.dmg... Filling User Home Directories from /Volumes/Firefox/Users/test... Filling User Templates from /Volumes/Firefox/Users/test... Closing package... [STEP 3 of 3] Running Recon... Retrieving inventory preferences from https://jss.dps61.org:8443/... Locating accounts... Searching path: /Applications Gathering application usage information... Locating printers... Locating software updates...

If I can get my master DP issue resolved...that'd be greaaat.

Give all domain users read access to the Master DP.

^^I did that already, unless I am doing it wrong.

From the Server app on my master Dp, I go to File Sharing and added my share point.
From there, I double-click my share, the Access pane appears and I add permissions to the users/groups I desire.
Domain Users have read access.

I even went as far as going to the share itself, Get Info, and modified the permissions there to include all content of the share just to be sure.

The GUI is lying or Domain Users isn't the group we need here. Check the ACLs, do a ls -le inside of your CasperShare and see what it really is set to.

Try to mount the DP from Go - Connect to Server, and see what the permissions really are from the computer in question that's giving you trouble.

^^ahhh...I did the Connect to Server from the mis-behaving client and I got in, but no permissions to read the contents.
Interesting...now to go poking around and see why Domain Users did not do what it should have done.

We did get HTTP to work on the Master DP btw.
I enabled HTTP for port 80 for my master dp in the JSS.
I turned on Websites in the Server app.
There was a terminal command that once I ran it - made it work.

sudo ln -s /Volumes/MacintoshHD/Shared Items/CasperShare/ /Library/Server/Web/Data/Sites/Default/CasperShare

from there, a test on my mis-behaving client was to do:
http://myjssIP/CasperShare/Packages/yourpackagename.dmg

fixed.
still don't understand why permissions are whacked and not working for Domain Users though.
Least I have a workaround.

Glad you got it sorted.

FWIW, I moved to HTTPS too.

You now get resumable downloads for yours troubles too.

well jeez - it broke already.
Clients can't connect to the HTTP server.

so, discovered as I troubleshoot this that within the Server App on the mac mini, with Websites enabled, I cannot click the link to 'View Server Website'.
When I do, Safari launches and it says it cannot connect to the server.