Setting Clients Default Distribution Points

dstranathan
Valued Contributor II

I have noticed that some of my external Macs (i.e.; Mac laptops that have been taken outside the LAN to homes, cafes, hotels, etc) fail to mount my DP's SMB/HTTPS volume when attempting to update software.

My internal (LAN) DP uses SMB exclusivley. My DMZ DP uses HTTPS exclusively.

From the looks of the error, I can tell that the Macs are trying to mount my internal (LAN) SMB Distribution Point over the Internet (fail!), rather than the HTTPS DP located in my DMZ.

Executing Policy Microsoft Silverlight Plug-in...
Mounting JSS01 DP (LAN) to /Volumes/jamf...
Error: Could not mount distribution point "JSS01 DP (LAN)".

When I look at my Policy's package payload settings, I have them all set to "Each computer's default distribution point" (See screenshot).

Any thoughts on why this is ocurring?

Im still running 9.81

7600023c680e4e74a9d5daf766fd09c1

5 REPLIES 5

thoule
Valued Contributor II

If you edit your distribution point "JSS01 DP (LAN)", can you set the failover to your HTTP site?

dstranathan
Valued Contributor II

That was my next question. You read my mind.

The failover settings are not configured. I recall my JumpStart engineer saying "ignore those - you wont need them", so I never messed with them.

Ill set the DMZ JSS as failover to my LAN JSS master. Testing later today.

Thank you @thoule

jonnydford
Contributor II

If you haven't already, then set up the network segments in the JSS.

All of your internal VLANs can go to your internal as the default, and then you have an 'all encompassing' network segment which'll point to your external DP.

The most specific wins, so if you're internal just because you're still with 1.1.1.1 to 255.255.255.255 doesn't mean you'll just get external.

affce1764f65461ab8337c59d64ae4c7
2a44f98e54744cb3838c42bafdd79431

dstranathan
Valued Contributor II

Awesome, thanks @jonnydford

I do have all my VLAN segments configured. However, I never could figure out how to create a "catch-all" for external IPs (private IPs at homes etc).

I didnt realize that the most specific segment wins. This should be in the JAMF Admin Guide!

The 2 suggestion are great. After (brief) testing, my issue appears to be resolved.

Millertime
New Contributor III

@jonnydford You're my hero! Thanks!!!