Mavericks Server SUS ?

cjatsbm
New Contributor II

I upgraded a current Version 9 JSS Mac server to Mavericks and Server 3.0 and have not had success performing Software Updates via self service policy, the URL seems ok but the clients cannot reach the SUS to download any updates... Anyone else success? BTW this was a Mavericks client trying to run updates from a Mavericks server.

25 REPLIES 25

martin
Contributor III
Contributor III

What is the output of "sudo softwareupdate -la" in Terminal? Does the sucatalog exists on the server?
http://server/content/catalogs/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog

gibson_lee
New Contributor

I'm still running 10.8.5 server, but with JSS 9.2. All of my 10.9 clients can also access the URL, but get "An error has occurred: Can't load data from the Software Update server (myjsss.domain) when trying the update manually from App Store. Also, the result of the "sudo software update -la" returns the message: "Can't load data from the Software Update server"

martin
Contributor III
Contributor III

OS X 10.8 Server does not know where to get the Mavericks updates from and does not know what to do with 10.9. You can upgrade your server to 10.9 and upgrade Server.app to 3.0 OR you can adjust you swupd.conf. Here is how it's done in Mac OS X 10.6 Server: http://support.apple.com/kb/HT4771

The swupd.conf in 10.7 and 10.8 is located here: /Library/Server/Software Update/Config/swupd.conf
The swupd.plist in 10.7 and 10.8 is located here: /Library/Server/Software Update/Config/swupd.plist

The sucatalog for Mavericks is: index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog

gibson_lee
New Contributor

Thanks for the info Martin, I'm not too sure I'm quite ready to go to Mavericks Server just yet, at least in production. 10.9 is so buggy in our environment. I may even revert back to JSS 9.1 if I have to...

dgreening
Valued Contributor II

I would seriously consider going with a product like Reposado so that you don't run into these SUS headaches every time Apple drops a new OS. I use it, and enabling 10.9 updates was as easy as adding the 10.9 catalog.

Sean_M_Harper
Contributor

We just (sadly) turned the SUS settings on out machines to go back to the Apple SUS and look for updates there. Frankly its ridiculous that a 10.8.5 OS X server SUS won't communicate with a 10.9 os client. I am assuming it will be fixed (you know, "Bug Fixes") soon enough.

easyedc
Valued Contributor II

i got this response from Apple Care Support:

It appears that the /Library/Server/Software Update/Config/swupd.* files are not migrated to the new version on systems which had previously been running Server v2.x to Server v3. This means that the Software Update service won't know what to do with requests coming from Mavericks clients.

I'm just waiting on their workaround and/or update to Server 3.0

Sean_M_Harper
Contributor

Thanks for the update!

dexterrivera
New Contributor III

I'm just now starting to test 10.9 and was wondering if my update server is still 10.8.5 would I have issue not getting updates to my 10.9 machine. I have upgraded my machine from 10.8.5 to 10.9 and my com.apple.SoftwareUpdate.plist still points to http://hostname:8088/index-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog. Any help would be greatly appreciated. Thanks.

hkim
Contributor II

Technically Apple's stance on this is if you want updates to be served to client X, you need server X. It's been that way since 10.6, although you can finagle the server to serve up updates, I've had mixed results trying this. So technically Server 2 cannot serve up 10.9 updates, if you do change the settings to serve up 10.9, you're running an unsupported function of Server so if it breaks, Apple is just going to tell you to upgrade to Server 3 which of course requires 10.9

tkimpton
Valued Contributor II

@martin

no

10.7.5 server its still
/etc/swupd/swupd.conf
/etc/swupd/swupd.plist

hkim
Contributor II

So last thing I've discovered, when you do try to edit the swupd.conf and swupd.plist files, if you restart the service, it'll revert back. In some brief testing putting on a chflags schg swupd.conf and chflags schg swupd.plist seems to keep that from happening. YMMV

bentoms
Release Candidate Programs Tester

FWIW, I've been updating my 10.8 servers inplace to 10.9 & during the update the new catalogURL's we're not written to swupd.conf or swupd.plist.

I followed the below to get to correct values in place: https://gist.github.com/erikng/7140045

May help you guys with pre-10.9 servers.

martin
Contributor III
Contributor III

@tkimpton

Your correct, it's only in 10.8.

bentoms
Release Candidate Programs Tester

Posting for completion's sake.

Apple's guide to getting the right catalog URL post 10.8 - 10.9 upgrade: http://support.apple.com/kb/TS5305

taugust04
Valued Contributor

I've wiped my SUS settings and started from scratch. Here's what I'm getting from my clients when they attempt to connect to the server:

Nov 11 16:15:48 Mac.local installd[2095]: installd: Starting
Nov 11 16:15:48 Mac.local installd[2095]: installd: uid=0, euid=0
Nov 11 16:15:48 Mac.local Software Update[2094]: SoftwareUpdate: Scan for client pid 2094 (/usr/sbin/softwareupdate) parent pid 2093 (/usr/bin/sudo)
Nov 11 16:15:48 Mac.local Software Update[2094]: SoftwareUpdate: Error encountered in scan: Error Domain=NSURLErrorDomain Code=-1011 "The operation couldn’t be completed. (NSURLErrorDomain error -1011.)" UserInfo=0x7f8ae1803330 {NSURL=http://server.domain.edu:8088/index.sucatalog, SUCatalogFetchOverrideURLString=http://server.domain.edu:8088/index.sucatalog, NSErrorFailingURLStringKey=http://server.domain.edu:8088/index.sucatalog}
Nov 11 16:16:08 Mac.local installd[2095]: installd: Exiting.

I went poking around in the /Library/Server/Software Update directory, and there no longer seems to be an index.sucatalog file as there was in the past, though I don't know if that's a problem or not…

Any ideas? I'm thinking of wiping the box and starting from scratch, since its only function is to deliver software updates.

Bendelaat
New Contributor II

this wasn't working for me, not completely anyway. i had to change my clients to directly look at the correct sucatalog file.

so in addition to Martins suggestions that got me on the right track, I made a smartgroup "Mavericks Installed" and used that as a scope for a configuration profile to push the right catalog link "http://server:8088/content/catalogs/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog"

Hope this helps!

dpertschi
Valued Contributor

I follow these SUS threads with interest, but I don't actually run any internal SUS at the moment. Probably due to the fact that it's a major hassle using Apple's server and supporting 3-4 OS's.

For those of you using Reposido/NetSUS-- does all this monkey business go away? Do you simply add another OS specific catalog URL to the 'preferences' and be done with it?

hkim
Contributor II

@dpertschi yes that's exactly how reposado.

So far in my testing using 10.8 server I've modified swupd.plist and swupd.conf but making sure to make them system immutable does indeed serve 10.9 updates properly. So far.

dgreening
Valued Contributor II

+1 for Reposado. All I had to do was add the 10.9 catalog to the configuration file. Well, thats not exactly ALL I had to do - I had to upgrade the drives in my SUS servers, as the 160s I had in there were not large enough for all of the new Voice updates. Once I got that squared, I was off and running! I did have to kick out the new SUS catalog URL to the 10.9 clients, which I did via a config profile, and it works great!

Seriously, kick Apple SUS to the curb! You will thank yourself!

evarona
New Contributor II

FWIW I am in the same boat as a few of you, dealing with SUS until I have the time (yeah, right) to setup and test Reposado. But I was working on a remote office SUS setup on a box that shipped with 10.9. Sync'ing to a 10.8 cascaded SUS failed. But after looking at the link that @bentoms][/url][/url posted, I compared the swupd.conf and swupd.plist from each version. I made the following changes on my 10.8 SUS and it's all working!

ADD the 2 lines below to the end of this section in swupd.conf

<IfModule mod_rewrite.c>
    ...
    RewriteCond %{HTTP_USER_AGENT} Darwin/13
    RewriteRule ^/index.sucatalog$ http://%{HTTP_HOST}/cgi-bin/SoftwareUpdateServerGetCatalog?/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
</IfModule>

Then ADD the following line to the array in swupd.plist

<array>
        <string>index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog</string>
        ...
    </array>

Restart your master SUS and you'll see all of the 10.9 updates start to appear. No need to restart your cascaded SUS boxes. They'll pick up the new catalog on the next sync cycle.

maiksanftenberg
Contributor II

Hi.
I used this and my SUS is picking up the updates for 10.9 fine.
But the clients are not able to see them.
If I open http://x.x.x.x:8088/index.sucatalog I get the message that the URL can not be found on the server. But it's possible to open http://x.x.x.x:8088/content/catalogs/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog

I modified the swupd.conf and the swupd.plist with the informations from https://gist.github.com/erikng/7140045.
All ideas are welcome.

Thanks,
Maik

agerson
New Contributor III

Same problem here...

agerson
New Contributor III

This worked for me:

  1. Turn off the service.
  2. Delete the folder /Library/Server/Software Update.
  3. Turn it back on which recreates some of it.
  4. Reboot.
  5. Turn the service off and on again. This recreates the rest of it.

Pagigostra
New Contributor II

I am having an issue with SUS 3. I have recently moved to having a SUS. I am able to get systems to see that there are updates to do, but when I attempt to do an update I get this error:

softwareupdate -ia
Software Update Tool
Copyright 2002-2012 Apple Inc.

Finding available software

Error downloading Security Update 2014-002: The file couldn’t be saved because you don’t have permission.
Done.

Error downloading updates.

-----It was able to work on other systems, so I restarted the system that was failing to run it. After restarting that system softwareupdate worked without an issue-----