Jamf Nation Community

Base URL in the Appliance is set to http://jsssus.csu.edu.au (It's only available internally).

http://jsssus.csu.edu.au//content/catalogs/index_PROD.sucatalog - Is the branch

Looking at the "com.apple.SoftwareUpdate.plist" on the client machine it's pointing at "http://<ipaddress>:8088/index.sucatalog".

If I point to "http://jsssus.csu.edu.au//content/catalogs/index_PROD.sucatalog" it works. If I point to "http://<ipaddress>:8088/index.sucatalog" it fails.

I've got my client machines in a Network segment which has the jsssus's (IP address:8088) selected and a policy with 'Set Server' ticked also applied.

I don't think you can actually use the built in "Servers" section to set up a SUS to point your client to when talking about the NetSUS appliance. This is because it requires the more specific OS urls in order to properly pull updates. Even though when you point a client to "http://jsssus.csu.edu.au//content/catalogs/index_PROD.sucatalog" it works, I wouldn't be surprised if not all updates were appearing for that client. Trouble is, you may not know that unless you do some before and after testing.

sudo jamf removeSWUSettings <-- points the client back to Apple's servers
then run Software Update and take note of all the updates.

defaults write com.apple.SoftwareUpdate CatalogURL http://jssus.csu.edu.au//content/catalogs/index_PROD.sucatalog
then run it again and see if the updates match up. You may be missing some stuff.

Take a look at the Reposado documentation for the proper URLs to use. Basically, for 10.8 Macs, they should point to something like-
http://jsssus.csu.edu.au/content/catalogs/others/index-mountainlion-lion-snowleopard-leopard.merged-1_PROD.sucatalog

For Lion it would be: http://jsssus.csu.edu.au/content/catalogs/others/index-lion-snowleopard-leopard.merged-1_PROD.sucatalog

and so on. These are not the same as your actual branches in the appliance. You don't need to create each of these, they get created automatically by the appliance. The branch is the "PROD" part and the individual OS URLs are just there as part of how it works.

One good way to test this is to just type in the URLs like above into a browser. If you can't pull up a plist catalog in the browser, its probably the wrong URL.

^This. This is the way you want to go. It's how I roll and it works perfectly.

One good way to test this is to just type in the URLs like above into a browser. If you can't pull up a plist catalog in the browser, its probably the wrong URL.

To add to this, with a machine pointed at Apple for SUS, see what updates are available. Then put your CatalogURL into a browser to pull up your local catalog. Look for the updates that Apple is advertising in the CatalogURL and see if they're there. Particularly, look for OS-specific updates. (e.g. 10.8.2) If so, you've got the right catalog.

Also, hit the Reposado git and have a look at the documentation to get a good idea of what the NetSUS is doing under the hood. https://github.com/wdas/reposado. There is also a Google Groups list for support issues https://groups.google.com/forum/?fromgroups#!forum/reposado

After some more investigation based on the above information.

I've replicated the ssl error when pointing at Apple's SUS site simply by preventing internet access. I'll keep looking into it.

I've encountered another issue though. When I try to Add Safari and iTunes to a Branch they don't appear. However when I add other updates they appear correctly. I thought it may have been the reposado issue with 10.8.2 softwareupdate, but I've incorporated the fix and it hasn't made any difference that I can see.

Has anyone else had this issue?

@aburrow, have you made sure to point your Macs to their specific OS URL as I had mentioned? If some updates that you've turned on are not showing up for clients that you know need the update, it sounds like they are still pointing to the general "index" address. That is one of the symptoms. It doesn't fail to connect or pull up updates, but some of them just don't show up.

I can now successfully pull updates from the NETSUS appliance if I use the "defaults write" command to modify the com.apple.softwareupdate.plist.

If I manually install the Configuration Profile using "exportOSXConfigurationProfile" which contains the same address that I enter using "defaults write" I'm still being pointed at Apple's Ext. SUS site "SSL error". I know the configuration profile is being applied as other settings such as Dock changes are being applied.

The com.apple.SoftwareUpdate.plist file is not being changed.

I'm doing it manually as I cannot seem to get automatic Push Notification to work.