- Jamf Nation Community
- Products
- Jamf Pro
- Re: Random Policy Failure
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Random Policy Failure
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-27-2012 11:27 AM
We're getting policy failures completely at random from what we can see. The general error log from the JSS always looks something like this:
/usr/sbin/jamf is version 8.62 Executing Policy *name here* ... Mounting afp://xx.xx.xx.xx/CasperShare to /Volumes/CasperShare... Mounting afp://xx.xx.xx.xx/CasperShare to /Volumes/CasperShare... (failover share) Error: Could not mount a distribution point.
We also get logs where it mounts the DP share correctly but then cannot see some/any/all of the package files. We've tried building a test NetSUS appliance and using the AFP shares from that. Our normal DP's are five ish year old Xserves running OS 10.5.8 ... except for one, which is on an iMac running 10.8.2 server. All the shares are AFP, so no SMB or HTTP are in use.
Could this potentially be a DNS issue? Our current DNS is more than a little flaky and we're in a project to migrate away from the current Novell one to a Microsoft one.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-27-2012 04:30 PM
I've seen this same issue randomly. It seems to be worse when the load is high. My shares are SMB though.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-27-2012 04:34 PM
I wish I could use load as an excuse but three macs on our test appliance shouldn't make it fail.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-27-2012 05:36 PM
We have seen a lot of these, and figured it was two policies stepping on each other: the second policy could not mount the distribution point because it was already mounted from the first policy.
Eric 'Bucky' Chappell
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-28-2012 05:44 AM
So casper is basically continually mounting and dismounting the DP share and it's getting hung up on itself? Oh jeez, that means completely redoing our JSS architecture.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-28-2012 06:05 AM
I came to the same conclusion.
We have a few policies that run @ login & every15.
These are often scoped to smart groups, so I'm thinking of having one script @ login & one every15 with logic in the scripts akin to the smart groups.
Haven't got around to doing it yet so cannot advise of that's the case.
The other option would be to move from AFP to HTTP distribution points.
This would also stop shares from being shown on the desktop.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-28-2012 06:34 AM
That's exactly what we have. I'm going to refer this whole thread onto my boss/casper architect and see what they think about testing an IIS http DP.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-28-2012 06:55 AM
AFAIK, HTTP distribution used to be much slower than AFP/SMB... But I'll test & will reply once tested.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-28-2012 06:56 AM
Opps... Dupe.
