- Jamf Nation Community
- Products
- Jamf Pro
- Symantec Management not installing during ZTP
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
I have been having problems getting Symantec Management deployed during my enrollment process. Like a lot of Apple admins, I use a script that runs the whole ZTP process. All other apps deploy reliably with no issues. What makes this even harder to figure out is that if I use Terminal to run the SAME POLICY that is being ran during ZTP, it works. Every time. The ZTP script is running "jamf policy -event install-symantecmanagement". The only difference between this and me using Terminal is that in Terminal, I need to use "sudo" before the Jamf policy command. Also, a Symantec Management install policy that we have setup to run at check-in for Macs that don't have it installed for some reason works. There is only one Symantec Management install policy. It works when we use Terminal. It works with a check-in policy, but it won't work when the ZTP script runs the policy. Here's the breakdown of the install policy. I get a "Cloud-enabled Agent Installation Package" from the app owner at my company in a zip file. The zip file contains a package called "Symantec_Management_Agent_Installer.pkg" and a "Resources" folder. Inside Resources is a script called "cem_package.sh". I can run this script manually in Terminal using the "-pwd" option to include the decryption password. It will install Symantec Management with no issues. I use Jamf Composer to create a package to deploy the install files to /private/tmp/Altiris. I put the package into a Jamf install policy with this command to run after the package is installed "sh /private/tmp/Altiris/CEM/Resources/cem_package.sh -pwd XXXXXX -reinstall; rm -rf /private/tmp/Altiris; aex-helper agent -s "MachineID" ignore_resource_keys fqdn,uniqueid,macaddress. The final part of the command is meant to fix an issue with computer name duplication. The last part of the policy is to run inventory. As I said before, this policy works perfectly when ran on demand in Terminal with a custom trigger or using the policy ID. It also works if we allow the Mac to get the install at check-in. What am I doing wrong? I didn't know this was happening until I created an extension attribute in Jamf Pro to help track successful or unsuccessful ZTP experiences. Symantec Management is the only app that fails to install as part of ZTP. The Jamf policy log shows that the package install completed and then nothing. There is no mention of the command that is supposed to run as part of the policy. The policy log of a successful install shows the command being run. I have other policies that have a similar workflow and they always work when deployed through ZTP.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
As luck would have it, someone from Broadcom, the company who owns Symantec Management, was in my office yesterday. He suggested that I create an installer package that includes a post install script to run the install after the installer files are staged by a package at /private/tmp/Altiris. I already had this script written to do the install. I used Composer to add this script as a post install script to my deployment package. For the "-pwd" option, you would fill in your own decryption password. I hope this helps others who may find themselves in the same situation.
#!/bin/zsh
###########################
# Installs Altiris from staged installer files at /private/tmp/Altiris.
# Checks for successful install.
# 4/23/24 | Howie Isaacks
###########################
altirisInstalled="/opt/altiris"
# Install Altiris from staged install files
echo "Running Altiris install..."
sh /private/tmp/Altiris/CEM/Resources/cem_package.sh -pwd XXXXX -reinstall
echo "Install process complete.. Checking if Altiris installed."
# Is Symantec Management installed?
if [ -d "$altirisInstalled" ]; then
echo "Altiris installed successfully. Running GUID fix."
aex-helper agent -s "MachineID" ignore_resource_keys fqdn,uniqueid,macaddress
echo "Removing installer files."
rm -rf /private/tmp/Altiris
else
echo "Altiris did not install successfully."
fi
# Set the appropriate exit code
if [ -d "$altirisInstalled" ]; then
exit 0
else
exit 1
fi
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
As luck would have it, someone from Broadcom, the company who owns Symantec Management, was in my office yesterday. He suggested that I create an installer package that includes a post install script to run the install after the installer files are staged by a package at /private/tmp/Altiris. I already had this script written to do the install. I used Composer to add this script as a post install script to my deployment package. For the "-pwd" option, you would fill in your own decryption password. I hope this helps others who may find themselves in the same situation.
#!/bin/zsh
###########################
# Installs Altiris from staged installer files at /private/tmp/Altiris.
# Checks for successful install.
# 4/23/24 | Howie Isaacks
###########################
altirisInstalled="/opt/altiris"
# Install Altiris from staged install files
echo "Running Altiris install..."
sh /private/tmp/Altiris/CEM/Resources/cem_package.sh -pwd XXXXX -reinstall
echo "Install process complete.. Checking if Altiris installed."
# Is Symantec Management installed?
if [ -d "$altirisInstalled" ]; then
echo "Altiris installed successfully. Running GUID fix."
aex-helper agent -s "MachineID" ignore_resource_keys fqdn,uniqueid,macaddress
echo "Removing installer files."
rm -rf /private/tmp/Altiris
else
echo "Altiris did not install successfully."
fi
# Set the appropriate exit code
if [ -d "$altirisInstalled" ]; then
exit 0
else
exit 1
fi