Packaged installing Self service JSS 9.3

dvasquez
Valued Contributor

Anyone seeing errors creating new packages with Composer 9.3 and using Casper admin 9.3 and deploying packages with Self Service? I created several new updated packages uploaded them to Casper Admin then updated the policy and I am seeing the following in the install logs in the associated policy:

[STEP 2 of 3]
Verifying package integrity...
Installation failed. The package could not be verified.

Verifying package integrity...
Installation failed. The package could not be verified.
[STEP 3 of 3]
Running Recon...

So far this is on three new packages including a new Office 14.4.1 update. I am not using HTTP as deployment method on my DS server shares. I hope this is not another bug.

Thank you.

1 ACCEPTED SOLUTION

were_wulff
Valued Contributor II

Hi @dvasquez ,

This may be related to a new feature in 9.3. In the JSS webapp, please go to the Settings Gear >> Computer Management >> Security >> and set Package Validation to Never.

Save, and give it a try again; if we still get the same error, we may want to remove and re-upload the packages.

Please let us know if that helps!

Amanda Wulff
JAMF Software Support

View solution in original post

12 REPLIES 12

were_wulff
Valued Contributor II

Hi @dvasquez ,

This may be related to a new feature in 9.3. In the JSS webapp, please go to the Settings Gear >> Computer Management >> Security >> and set Package Validation to Never.

Save, and give it a try again; if we still get the same error, we may want to remove and re-upload the packages.

Please let us know if that helps!

Amanda Wulff
JAMF Software Support

dvasquez
Valued Contributor

That did help. Thank you! Justin from support helped me as well.

dvasquez
Valued Contributor

As part of this now I am seeing this error more and more regularly on clients after policy's run and packages install:

Running Recon...
Error running recon: Connection failure: "The host MYJSSSERVER.com is not accessible."
The results of this policy were not logged at the time of execution.

charles_hitch
Contributor II

@dvasquez I have been seeing that a lot ever since upgrading to Casper 9.

dvasquez
Valued Contributor

Thanks @charles.hitch there are many weird things happening. I am thinking of going back to 9.25, maybe.

cstout
Contributor III
Contributor III

@amanda.wulff, I'm experiencing a very similar issue outlined at: https://jamfnation.jamfsoftware.com/discussion.html?id=10295

Even with the security setting changed to not require package validation, it still fails when used as a policy. This is a major problem at this point since I am re-enrolling all managed clients after a push certificate account change.

donmontalvo
Esteemed Contributor III

We ran into this issue too...went from 8.73 > 9.31 over the weekend. Thankfully the temporary fix in this thread worked.

We'll open a ticket with JAMF to make sure this is on their radar, in our environment we need to have things as secure as possible, so turning off Package Validation is a bit of a concern.

PS, we did get the Migrate button in Casper Admin after copying over our Distribution Point (file share) from the old 8.73 server to the new 9.31 server. No errors during the migration. Maybe the packages didn't all validate? :)

Don

--
https://donmontalvo.com

donmontalvo
Esteemed Contributor III

Got a quick response from JAMF....show "Checksum" column in Casper Admin. Create checksum (right click) for any packages that may not have them. Then re-enable Package Validation (security is always a good thing).

You guys rock! :D

Don

--
https://donmontalvo.com

ifbell
Contributor

Okay well I am seeing this similar issue but I only saw it after we changed ports that Casper is running on. Not sure if ti is related but it seems odd that we were fine until that point.

Millertime
New Contributor III

@ifbell, what do you mean you changed which port Casper is running on? Are you referring to 8443? Can that traffic be sent over another port? I'm asking because my security team recently approached me on that topic, and I said I would look into it further.

dvasquez
Valued Contributor

Nice to know Don.. I am not having these issues anymore but this will help in the future.

were_wulff
Valued Contributor II

@Millertime

The port used by the JSS can be changed (most commonly we see it changed from 8443 to 443) by making sure the port you want to use is open and editing the server.xml a bit.

This thread has a little more information on that process.

Amanda Wulff
JAMF Software Support