Help

Setting Clients Default Distribution Points

dstranathan
Valued Contributor II

Posted on ‎04-04-2016 07:10 AM - last edited on ‎03-04-2025 05:55 AM by Community Manager

I have noticed that some of my external Macs (i.e.; Mac laptops that have been taken outside the LAN to homes, cafes, hotels, etc) fail to mount my DP's SMB/HTTPS volume when attempting to update software.

My internal (LAN) DP uses SMB exclusivley. My DMZ DP uses HTTPS exclusively.

From the looks of the error, I can tell that the Macs are trying to mount my internal (LAN) SMB Distribution Point over the Internet (fail!), rather than the HTTPS DP located in my DMZ.

Executing Policy Microsoft Silverlight Plug-in...
Mounting JSS01 DP (LAN) to /Volumes/jamf...
Error: Could not mount distribution point "JSS01 DP (LAN)".

When I look at my Policy's package payload settings, I have them all set to "Each computer's default distribution point" (See screenshot).

Any thoughts on why this is ocurring?

Im still running 9.81

7600023c680e4e74a9d5daf766fd09c1

0 Kudos
Reply
5 REPLIES 5

thoule
Valued Contributor II

Posted on ‎04-04-2016 07:19 AM

If you edit your distribution point "JSS01 DP (LAN)", can you set the failover to your HTTP site?

0 Kudos
Reply

dstranathan
Valued Contributor II

Posted on ‎04-04-2016 07:23 AM

That was my next question. You read my mind.

The failover settings are not configured. I recall my JumpStart engineer saying "ignore those - you wont need them", so I never messed with them.

Ill set the DMZ JSS as failover to my LAN JSS master. Testing later today.

Thank you @thoule

0 Kudos
Reply

jonnydford
Contributor II

Posted on ‎04-04-2016 07:35 AM

If you haven't already, then set up the network segments in the JSS.

All of your internal VLANs can go to your internal as the default, and then you have an 'all encompassing' network segment which'll point to your external DP.

The most specific wins, so if you're internal just because you're still with 1.1.1.1 to 255.255.255.255 doesn't mean you'll just get external.

affce1764f65461ab8337c59d64ae4c7
2a44f98e54744cb3838c42bafdd79431

0 Kudos
Reply

dstranathan
Valued Contributor II

Posted on ‎04-04-2016 07:50 AM

Awesome, thanks @jonnydford

I do have all my VLAN segments configured. However, I never could figure out how to create a "catch-all" for external IPs (private IPs at homes etc).

I didnt realize that the most specific segment wins. This should be in the JAMF Admin Guide!

The 2 suggestion are great. After (brief) testing, my issue appears to be resolved.

0 Kudos
Reply

Millertime
New Contributor III

Posted on ‎06-21-2017 01:16 PM

@jonnydford You're my hero! Thanks!!!

0 Kudos
Reply