Skip to main content
Question

Setting Clients Default Distribution Points


Forum|alt.badge.img+19

I have noticed that some of my external Macs (i.e.; Mac laptops that have been taken outside the LAN to homes, cafes, hotels, etc) fail to mount my DP's SMB/HTTPS volume when attempting to update software.

My internal (LAN) DP uses SMB exclusivley. My DMZ DP uses HTTPS exclusively.

From the looks of the error, I can tell that the Macs are trying to mount my internal (LAN) SMB Distribution Point over the Internet (fail!), rather than the HTTPS DP located in my DMZ.

Executing Policy Microsoft Silverlight Plug-in...
Mounting JSS01 DP (LAN) to /Volumes/jamf...
Error: Could not mount distribution point "JSS01 DP (LAN)".

When I look at my Policy's package payload settings, I have them all set to "Each computer's default distribution point" (See screenshot).

Any thoughts on why this is ocurring?

Im still running 9.81

5 replies

Forum|alt.badge.img+15
  • Contributor
  • 589 replies
  • April 4, 2016

If you edit your distribution point "JSS01 DP (LAN)", can you set the failover to your HTTP site?


Forum|alt.badge.img+19
  • Author
  • Valued Contributor
  • 567 replies
  • April 4, 2016

That was my next question. You read my mind.

The failover settings are not configured. I recall my JumpStart engineer saying "ignore those - you wont need them", so I never messed with them.

Ill set the DMZ JSS as failover to my LAN JSS master. Testing later today.

Thank you @thoule


Forum|alt.badge.img+7
  • Contributor
  • 76 replies
  • April 4, 2016

If you haven't already, then set up the network segments in the JSS.

All of your internal VLANs can go to your internal as the default, and then you have an 'all encompassing' network segment which'll point to your external DP.

The most specific wins, so if you're internal just because you're still with 1.1.1.1 to 255.255.255.255 doesn't mean you'll just get external.



Forum|alt.badge.img+19
  • Author
  • Valued Contributor
  • 567 replies
  • April 4, 2016

Awesome, thanks @jonnydford

I do have all my VLAN segments configured. However, I never could figure out how to create a "catch-all" for external IPs (private IPs at homes etc).

I didnt realize that the most specific segment wins. This should be in the JAMF Admin Guide!

The 2 suggestion are great. After (brief) testing, my issue appears to be resolved.


Forum|alt.badge.img+7
  • Contributor
  • 46 replies
  • June 21, 2017

@jonnydford You're my hero! Thanks!!!


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings