Error: The package does not appear to be on the server (400). / line 1: syntax error


Recently we setup a 10.7 Mac Server in our DMZ & clustered this with our main JSS to enable external clients connectivity to our JSS & for them to be able to use Self Service & ASUS when off the network.

However we’ve had some issues getting the distribution point to work over HTTPS, however HTTP & AFP worked fine.

Below are some details on the steps taken to investigate this issue, and resolve.


1st JAMF Support & I thought it could be to do with the servers SSL cert being signed from our Internal CA & that maybe cURL didn’t trust the certificate. A quick curl -vv of the servers FQDN verified that cURL was actually performing the SSL handshake. (Some blogs point to the fact that since 10.6+ cURL on OSX has used the keychain).

So as that all verified nicely i tried once more, same error..

400 Bad Request

To test further I tried a package with no spaces in the name just in case this was compounding the issue, I then received the following from Casper Remote:

Executing Policy 2012-04-11 at 10:46 AM | me | 1 Computer...
Verifying DMG...
Error: The package does not appear to be on the server (404).

I then remoted onto the server in was trying to get the package from & opened /private/var/log/apache2/error_log.

This contained:

[Wed Apr 11 10:47:47 2012] [error] [client] File does not exist: /var/empty/CasperShare
[Wed Apr 11 11:00:37 2012] [error] [client] File does not exist: /var/empty/CasperShare

Which is odd as my CasperShare is certainly not located in /var/empty/.


JAMF’s documentation on this issue, advises to create a symlink in the web servers root directory. Adapting that to help fix this issue I ran the following on the server (/Shared Items/CasperShare/ is the location of my CasperShare);

sudo ln -s /Shared\ Items/CasperShare /private/var/empty

I relaunched Casper Remote, & tried pushing packages & scripts down from my DMZ server over HTTPS & voila! it worked!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.