Software Update Servers - NetSUS vs. Apple vs. Policies....FIGHT!


We've got a NetSUS setup - thanks to it, we're able to point the root account on our boxes to the internal NetSUS and get accurate reporting. I'm seeing a few odd things that I can't seem to account for though. More on that in a minute.

What I'm tying to accomplish:
1) Manage the SUS address used by our clients to connect to our internal SUS, to ensure that I'm able to report on available updates to the JSS (we're behind a proxy, so I've setup a SUS to ensure we can get reporting in the JSS)

2) Be able to manage the availability of those updates via the SUS, and ensure that that's all the clients will see

3) Have clients pull those updates down from Apple directly if need be

But I still seem to have 3 issues:
1) Client machines still appear to be hitting for their updates (no sign of our SUS name in the Software Update box's title bar)

2) When I manually set the /var/root/Library/ preference to the internal NetSUS - now I see the title, but only 1/2 of the updates (even though the inventory JSS reports ALL of them correctly!?)

3) Setting the /var/root/ preference via the JSS (I'm being lazy and using the Advanced>Run Command portion in a policy), results in update availability being reported to the JSS, but not in the client actually using our SUS. Running the same command as root on the box - the exact same command, results in the SUS preference being set, and the Software Update window's title bar to reflect that it's connecting to our internal NetSUS.

I'm open to suggestions here - and a little baffeled why the same command issued directly on a client machine has a different result then the same command issued on via the JSS.


Valued Contributor

Do you see different behavior if you set the CatalogURL in /Library/Preferences/ instead of /var/root/Library/Preferences/ ?

The launchd job, which checks for available updates, runs as the "_softwareupdate" user, and so would not see changes to root's Apple's recommendation has always been to set this value either via MCX or in /Library/Preferences/



Greg - I've set the root user .plist but not the /Library one.

I was using the override section in the JSS to push down a SUS config - but to be honest I'm not sure exactly WHAT that was setting - /Library, something else? Unsure.

I'll change this on a single machine and see how I get along.

Thanks for the info!