Posted on 05-22-2017 06:50 AM
So to start with we are currently (and still are) at Casper JAMF/JAMF Pro 9.82. We manage around 400 Macs at this point and no iOS devices. So we only upgrade when new OS comes out and it's needed for compatibility or if there is a security concern. Our server is running on a Windows Server 2008 R2 and runs on a virtual machine. This makes it nice and easy to revert back to a snapshot in case there is any issues with updates.
In the past updates were fairly simple. Take a snapshot, stop apache service, run the installer, restart apache...all good. With 9.98 there was some issues with this. After the installer ran, it kind got slow on the restarting the Tomcat server. It eventually said it was up, but looking at services, it was not up. Trying to start it got a failure real quick. So reverted back to snapshot. We have to schedule our updates a couple week in advance, so made sure I had JAMF support online with me for the next attempt.
So last Friday we started the process again. Took a snapshot and with JAMF support watching did the update. Same issue of Tomcat getting stuck. Turns out the fix for that was to comment out "Listener className="org.apache.catalina.core.JasperListener"" in the server.xml file. Since Tomcat gets updated to version 8 from 7, this listener is apparently no longer being used. Tomcat fired up nicely after that....but Casper failed on the initialization. Some troubleshooting showed our plugins table was bad....truncated that and restarted tomcat. We had our one server on 9.98.
The way our system works here is we have a F5 load balancer with SSL handshake taking the traffic and sending it one of two server we have. The servers both have Tomcat servers running on them, and the MYSQL database is handled by one of them. We had both servers updated to 9.98 and working great if you went to the server address. If you went to the actual address all the machines use, it got an error. Well, since Casper was working, I let JAMF support go so they can enjoy their weekend.
So got our telecom guys on the line who are in charge of the F5 load balancer and tried to figure out what is happening. They reported that the health check on the servers is failing. We were able to ping the server and any test we did came back good - but the F5 health check still failed. Since it was Friday, we couldn't get a good answer out what it was doing of the health check...but I'm going to work on that angle this week.
So what I'm looking for is other who have had similar issues. It seems like something in the update from Tomcat 7 to Tomcat 8 killed the ability for our balancer to detect it's up. I'm no load balancer expert, but wanted to see if others have seen this and if they had solutions. Since its going to take a couple more weeks before I can take another crack at it, I want to see if I can find any fix I can before I try it.