- Jamf Nation Community
- Products
- Jamf Pro
- Re: Self Service from the Internet
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 11:03 AM
Hello,
We have a JSS in our DMZ providing remote access for checkins/ Policies / ect. When users attempt to use Self Service they are getting the error "Could Not Connect to HTTP server to download x.pkg" From the DMZ JSS i am able to ping the JDS. Traffic for 80 & 443 are open between. Are there more ports i need to open between the DMZ and the JDS to ensure it works? Would putting a JDS on the DMZ JSS box be more efficient? All servers are running Ubuntu 12
Solved! Go to Solution.
2 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 03:35 PM
@linde_brad, what if you give everyone read access to the folder?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 04:32 PM
@bentoms Fixed! Apparently rebooting Apache and Tomcat made it work. Thank you SO MUCH for the help!!
22 REPLIES 22
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 11:48 AM
Are there any spaces in the package names? i.e... "Google Chrome.dmg" or are you using "GoogleChrome.dmg" We had this issue a while back as our internal casper share was over AFP and could handle the space character and the DMZ shared over http could not as it cannot find the package due to the space being replaced with the %20 and no longer being the same file name.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 12:31 PM
Hmm very interesting. Ill have to check the naming.
*edit* checked the naming convention and it still is a no go. I changed the file to be firefox27.dmg no spaces or extra chars and it still fails with the Unable to connect to HTTP server.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 02:16 PM
@linde_brad, I think what @mojo21221 has mentions is something I saw in 9.22, I think it's fixed with 9.3.
Anyways, do you have an external network segment? Something like 1.1.1.1 - 255.255.255.255. Which then has the external server set as the DP?
That is what is needed to tell the clients to use the external DP & not the internal one.
Unless, your internal DP is internally accessible.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 02:21 PM
hey @bentoms i do have a network segment set to 1.1.1.1 - 255.255.255.255 as "internet" with a specified JDS pointing at the external JDS instance.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 02:27 PM
@linde_brad, cool. Can you post the redacted policy failure?
Is it really trying the external DP or the internal one?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 02:32 PM
Hey @bentoms It is trying to hit my secondary JDS (jds2.xxx.com):
Executing Policy Google Chrome...
[STEP 1 of 2]
Downloading https://jds2.**.com/CasperShare/chrome33.dmg...
Error: Could not connect to the HTTP server to download chrome33.dmg
[STEP 2 of 2]
Relaunching dock(s)...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 02:52 PM
@linde_brad, looks good.
What if you copy & paste that URL into the Safari when on an external nw? Does it download the dmg?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 02:57 PM
@bentoms Interestingly enough, I'm actually getting a permissions error when i try that.
"You do not have permission to access /CasperShare/chrome33.dmg"
So possibly the permissions on that directory are incorrect? The perms on the directory read: drwxr-xr-x 2 www-data root 4096 Apr 15 13:23 CasperShare
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 03:11 PM
@linde_brad, what web server are you using? OSX?
Have a look @ the permissions to access the site itself.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 03:13 PM
@bentoms Ubuntu 12 server running Apache/Tomcat based on the JDS/JSS installers
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 03:18 PM
@linde_brad, ah.. Not something I use. But what if you try the base URL, can you access the site?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 03:23 PM
If i hit just https://Jds2.**.com/ i get the apache launch screen saying "it works!" this is the default website ect
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 03:27 PM
@linde_brad, right so it's the Casper folder.
I guess access to it is limited to the Casper accounts.. So, in the JSS.. Where you set the Distribution Point, make sure there is an account specified that has at least read access to the CasperShare.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 03:33 PM
@bentoms I tried that but still unable to download the pkg.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 03:35 PM
@linde_brad, what if you give everyone read access to the folder?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 03:45 PM
@bentoms Same result. Very strange..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 03:46 PM
@linde_brad, try another DMG.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 03:48 PM
@bentoms Tried multiple :(
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 03:50 PM
@linde_brad, last thing would be the SSL cert as you're using HTTPS.. Can you try HTTP?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 04:02 PM
@bentoms No response from HTTP unfortunately. "Cant open the page"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 04:32 PM
@bentoms Fixed! Apparently rebooting Apache and Tomcat made it work. Thank you SO MUCH for the help!!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-15-2014 11:16 PM
@linde_brad, glad we got there.
Please verify that all is still setup correct, & Mark the posts that helped to resolve as answered. (Even if it's just your restart post).
