Trouble Packaging Cisco Anyconnect, McAfee Security, and Bomgar

rcurran
Contributor

Any ideas/suggestions are greatly appreciated. I have tried dragging the packages (when applicable) directly to casper admin, running the packages through composer then into casper admin, as well as trying the first snapshot option in Composer.

AnyConnect is version 3.0.3054 and McAfee is v 1.2

Thank you in advance!

11 REPLIES 11

nkalister
Valued Contributor

I'm deploying anyconnect and mcafee with no problems.
First, about Anyconnect . . . .I've got the dart.pkg and vpn.pkg going out to my machines. I used the packages from Cisco, just dragged-and-dropped into Casper Admin. I use a separate package to drop our default XML profile into the /opt/cisco/anyconnect/profile directory after dart.pkg and vpn.pkg have executed. For McAfee, are you trying to get your machines to talk to an epo server? If so you'll need to get the mcafee agent installation script from your epo administrator. I deploy the agent script using a package that places the installation script in a temporary directory, and then uses a postflight script in the package to execute the agent installation script. The GUI component installer- the one I have is named VSM920-RTW-1444.pkg- was just dragged-and-dropped into casper admin. Make sure you set the priorities so that the agent installer executes before the GUI installer.

Finally, for all packages I've mentioned here, I checked the 'This package must be installed to the boot volume at imaging time' box in Casper Admin to force them to execute after the first reboot.

Kumarasinghe
Valued Contributor

Please don't rename the Cisco app packages. if it is vpn.pkg just drag the pkg files as is.

rcurran
Contributor

Looks like I was making the Cisco Anyconnect install much harder than it needed to be!

For McAfee, usually I have a standalone installer that I use for my remote users, and I use the EPO server script for my local users, which eventually pulls down the software. I'll take a look at your suggestion and report back.

Thanks again everyone

rcurran
Contributor

When I try dumping my standalone mcafee installer MSM120-RTW-144.pkg into casper admin, and setting up a policy to deploy with self service, I get the following error when trying to install.

/usr/sbin/jamf is version 8.62
Executing Policy McAfee Security for Mac...
[STEP 1 of 1]
Downloading BOM for MSM120-RTW-1444.pkg...
This Apple Package did not have a valid index.bom file. Assuming it is a flat file package.
Downloading http://casper.coderyte.net:80/CasperShare/Packages//MSM120-RTW-1444.pkg...
Installing MSM120-RTW-1444.pkg...
Installation failed. The installer reported: installer: Error the package path specified was invalid: '/Library/Application Support/JAMF/Downloads/MSM120-RTW-1444.pkg'.

Thanks

rcurran
Contributor

If I try sending the MSM120-RTW-144.pkg through composer, then casper admin, Self Service will report that it gets installed correctly, but I see no trace.

Thanks again

nkalister
Valued Contributor

http downloads are enabled, I see . . . . and you're getting a download error. So, I'd concentrate on troubleshooting the download from the DP. This isn't a packaging problem.
Can you manually download the package successfully if you use that url in your web browser? Also, what OS is your distribution point server running? If it's windows, have you set up your mime types in IIS? There's a KB article that covers setting them up:
https://jamfnation.jamfsoftware.com/article.html?id=309

rcurran
Contributor

I get a 403 forbidden error when trying to access the package via the URL. Our JSS is setup across two Ubuntu Server VM's.

Best

rcurran
Contributor

Also regarding Anyconnect, the policy now works in self service, however when I go to image the machine the anyconnect client doesn't make it for some reason. The VPN profile does, though. Here is what my casper admin looks like

http://cl.ly/image/3r2L1Z3i0u1U

I set the priority level for the vpn.pkg as 9 and the profile as 10 in order to install in the correct order.

Here's the imaging log from the JSS

http://cl.ly/image/1K2x0w22442c

I must be missing something. Thanks in advance

Finally, the log from the imaged machine

http://cl.ly/image/243e1G3k1o12

nkalister
Valued Contributor

try turning off HTTP downloads for that DP in the JSS temporarily. if it can download with http off, then you know there's a problem with the setup of your webserver on the ubuntu boxes, and your JAMF rep can help you troubleshoot that.

not sure what to tell you about any connect- it looks like you've got that set correctly . . . .i'd ask your JAMF rep for more in depth assistance with that one as well.

rcurran
Contributor

No problem man thanks for all the help!!

fpoulsen
New Contributor

Did you ever figure out the secret to make Bomgar work?