With the death of the Xserve & subsequent killing off of the MacMini server many Mac Admins have either sought to remove all Apple branded hardware from the server room or have been forced to.
Myself? I now look after a total of 25 Mac Servers, 21 of which are dedicated to our JSS & are installed across 8 different sites globally, some of the challenges of which are touched upon in the JNUC2014 Panel I was on, titled Thinking Big: Scaling JSS Infrastructures for the Mobile Workforce.
The focus of the post below is the Mac Mini’s which are used onsite for Casper Suite Distribution Points, NetBoot Servers & Caching Servers.
After upgrading my Mac servers to 10.9, I found that my 10.9 clients still were not seeing updates served via Apple Software Update Server (read:ASUS), this was due to the servers only having the catalog URLs for 10.6 – 10.8.
As we cascade our ASUS, I thought this was just an issue due to the fact that I hadn’t updated my Master ASUS to 10.9 from 10.8 (with 10.8 hosting 10.6 – 10.8 updates & 10.9 needed to add 10.9 updates).
However, once I updated the Master ASUS the Replica’s still did not have the Catalog URL. But a bit of Google-Foo & I was presented the answer by someone trying to offer 10.9 updates from a 10.8 ASUS.
We had an issue where our Macs stopped NetBooting, they would attempt to NetBoot but forever stay at the spinning gear.
On Verbose booting the Macs we saw multiple errors like the below;
By default Apple Software Update Server’s (READ: ASUS) sync daily with Apple at 3am.
But this can be changed, & the below script can be ran to change the interval. You can change either the time of day the sync runs or change it to once a week.
NOTE: As the LaunchDaemon is located within the Server.app, you’ll need to run this after every update to Server.app.
Way back in 2011 I wrote the post: Managing Apple Software Update Server Across Multiple Servers 10.5/10.6/10.7. This itself was based off of an Apple KB article that seems to have disappeared, but the method outlined in the post above is alive & well, just needs some tweaking for 10.8+.
Most of the Macs I support are mobile & it seems that around the with the release of the “Unibody MacBook Pro” Apple stopped shipping Macs with a battery that would keep the Macs time even when the Macs main battery had died.
This means that if a Macs battery dies during travelling to another office, they’d not be able to login once there as the time would be more than 5 minutes out. Also, we heavily use SSL to secure things like our Wireless & many websites (JSS distribution points included).
So the solution was for me to setup my own NTP, that would both sync with my domains NTP & be externally accessible for those mobile users on the road.
When trying to setup a clustered DMZ server as a computer only JSS I get the
Could not write to /Library/JSS/Tomcat/webapps/ROOT/WEB-INF/web.xml
Recently we setup a 10.7 Mac Server in our DMZ & clustered this with our main JSS to enable external clients connectivity to our JSS & for them to be able to use Self Service & ASUS when off the network.
However we’ve had some issues getting the distribution point to work over HTTPS, however HTTP & AFP worked fine.
This morning one of my Apple Software Servers (ASUS) was not supplying updates. When checking the swupd_err.log in Server Admin I saw the following repeated hundreds of times:
Syntax error on line 241 of /etc/swupd/swupd.conf:
Port must be specified
After upgrading my servers to 10.7.3, I received the error message “Error Reading Settings” when clicking the “Web Service” in “Server.app”.
With the release of 10.7.3 Server you can now perform port redirects via the “Server.app.” With that in mind & the fact that I had manually added a redirect as mentioned here, i decided to revert my web service back to the default settings & then apply the redirect using “Server.app”
To reset the web service back to default settings i ran the below with Server.app not running:
I then relaunched “Server.app” clicked web service & we were back in business!