Jamf Nation Community

There are two ways to set the SUS server for your users using the built-in JSS settings (not using scripts): via policy and via network segments. If you are trying to set it via policy, like you are showing, you need to also check the "Set Server" checkbox on the Packages tab under Software Update:

external image link

You can force it thru your Network Segment setup as well. By going to Settings from the JSS, and then Network Segments, you can edit your network segments to point to specific SUS servers:

external image link

I don't have any internal update servers set, but that is where I would set them by segment if I wanted to.

Make sure you are doing one or the other if you want your users to use your internal servers.

Thank you for the swift replies:
- Yes, we do have "Set Server" checked, as well as "Install All Software Updates"
- We also have SUS set per network segment (it is basically the same, of course)

Again, I didn't set this up, but I'm trying to solve it. I find it very peculiar that com.apple.SoftwareUpdate looks OK when read, but still looks at Apple. When written again, it starts to work. No script is involved doing the defaults write, since that is handled by the Do Software Update policy.

Do you think there might be a problem that we're setting the SUS both in the Policy and the Network Segment?

One thing that I noticed on 10.8, using Jamf's option to set the software update server appears (to me) to append a space at the end of the path, which caused it to not work for us. We're using the defaults write command on our 10.8 clients rather than using Jamf's built in option for this reason. The built in Jamf option seems to work fine for 10.7 and 10.6.

Did you also check the box "Set Server System Wide" in the details of your software update server? That would also set /var/root/Library/Preferences/com.apple.SoftwareUpdate, which is used by some processes running as root (i.e. the jamf binary).

Andrew, that might be it! Perhaps it should be ran as a script at first run instead, and by removing the "set server" checkbox. I'd have top look and see if there is a bug report on the extra space.

Christoph, I don't see that option in NetSUS…

You will find it in the JSS at the "Settings" tab, then go to "Servers", then "Software Update Servers" and then click on "Edit Server". Besides the server name and it's IP you will find that option, unless your JSS is very old :-)

Ah yes, Christoph, that is indeed checked. Actually, when I watch the terminal it does look as if there's an extra space when the SUS is set by the JSS, just like Andrew suggested.

I've done a script that does

defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://oursus.foo.bar:80/index.sucatalog
defaults write /var/root/Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://oursus.foo.bar:80/index.sucatalog

on every computer, and at a first glance it seems to look in the right place now. Just like Andrew said, there was an extra space in com.apple.SoftwareUpdate on 10.8 when we had checked Set Server in JSS, easily seen by typing defaults write /Library/Preferences/com.apple.SoftwareUpdate, which would result in
CatalogURL = "http://oursus.foo.bar:80/index.sucatalog "