Recently we setup a 10.7 Mac Server in our DMZ & clustered this with our main JSS to enable external clients connectivity to our JSS & for them to be able to use Self Service & ASUS when off the network.
However we’ve had some issues getting the distribution point to work over HTTPS, however HTTP & AFP worked fine.
Below are some details on the steps taken to investigate this issue, and resolve.
Contents
Troubleshooting
1st JAMF Support & I thought it could be to do with the servers SSL cert being signed from our Internal CA & that maybe cURL didn’t trust the certificate. A quick curl -vv
of the servers FQDN verified that cURL was actually performing the SSL handshake. (Some blogs point to the fact that since 10.6+ cURL on OSX has used the keychain).
So as that all verified nicely i tried once more, same error..
400 Bad Request
To test further I tried a package with no spaces in the name just in case this was compounding the issue, I then received the following from Casper Remote:
Executing Policy 2012-04-11 at 10:46 AM | me | 1 Computer... Downloading https://my-mac-server.mycompany.com:443/CasperShare/Packages//test.RTF.dmg... Verifying DMG... Error: The package does not appear to be on the server (404).
I then remoted onto the server in was trying to get the package from & opened /private/var/log/apache2/error_log.
This contained:
[Wed Apr 11 10:47:47 2012] [error] [client 10.252.2.245] File does not exist: /var/empty/CasperShare [Wed Apr 11 11:00:37 2012] [error] [client 10.252.2.25] File does not exist: /var/empty/CasperShare
Which is odd as my CasperShare is certainly not located in /var/empty/.
Resolution
JAMF’s documentation on this issue, advises to create a symlink in the web servers root directory. Adapting that to help fix this issue I ran the following on the server (/Shared Items/CasperShare/ is the location of my CasperShare);
sudo ln -s /Shared\ Items/CasperShare /private/var/empty
I relaunched Casper Remote, & tried pushing packages & scripts down from my DMZ server over HTTPS & voila! it worked!