I have a JSS in the DMZ as a check-in point for when users are not on the internal network. I am 97% sure that if a machine attempted to enroll using https://casper.mydomain.com:8443/enroll they should be able to download the QuickAdd package no problem and install. What we are seeing is that the user will Auth when prompted and then click on the Download Button but they it just sticks there. Nothing ever downloads. If they jump on VPN and do the same steps the package downloads from the internal Master JSS.
Is this how it works or am I crazy thinking the package would download from the external JSS as well?
We've had lots of issues with the QuickAdd not downloading, like you described, but this is just on a standard JSS (9.63 on Win 2008 R2). I find if you go through the enrollment page twice it will usually download after the second time. I can't explain it.
Sorry @ddcdennisb since you never have to upload a quick add package im assuming the JSS itself is generating the quick add.
If you are enrolling through Casper imaging it don't believe it ever uses a quick add rather it copies the JAMF binary and runs commands that would exist in postflight of the quick add (enrollment, etc)
Do you have one JSS or do you have multiple in a cluster or multiple JSS web front ends without a cluster? If you have 2 JSS web front ends that are not clustered maybe the external client is trying to talk to the main JSS and not the secondary.
@kitzy would probably have a better idea. Good luck.
thanks @ssrussell I have 2 JSS's. One that is on a DMZ to allow for check-ins from outside our network. And the other is internal to our network. When someone external connects to the VPN the enrollment works fine when they go to https://jss.mycompany.com:8443/enroll but when they are external and NOT on VPN then the page just hangs after the Download Button is clicked and the download never starts.
If you can log into your JSS externally (which I know is bad practice, but maybe for a test) You can go to:
Settings > Computer Management > Self Service and click the "Download" externally to see if that downloads. Hopefully that'll help rule out if it is something with enrollment or the JSS is not downloading.
You can change whether or not your can access the login for the JSS externally from:
Settings > System Settings > Limited Access