IT Management Suite

Okay, here's the background... we are aPC/Microsoft shop, but we are being asked to get our Macintosh skills up in preparation for a few possible computer labs coming online using Macs. As the Altiris/deployment guy, and the guy with the most OSX experience (which still isn't a lot), I got the task of making things work - but I am having a terrible time.

So we borrowed a Mac Mini with a copy of OSX Server (Leopard), and a MacBook with OSX (Leopard). I have played around with both computers and have;

a) The server configured with AFP, Netboot and OpenDirectory, bound to our AD.

b) Had a fully configured MacBook image (carbon copy cloner) with all the "iSoftware" we could possibly use/find, Parallels Desktop, an XP virtual pre-loaded with our core Windows-only application. This will be our test image to capture once we get the solution working.

c) And a fresh MacBook image with the Mac ADLAgent, slimmed down, and "prepped" as much as I can using the DS 6.9 Admin Guide and the knowledgebase articles like AKB#40410.

Here are my issues... hope someone can help;

a) After configuring the ADLAgent to "automation", as soon as the computer get's a network connection, it reboots. I have restored the computer and deleted the DS account as a test, and the same thing. As soon as you reboot (for any reason) with "automation" set instead of "darwin", my MacBook just constantly reboots. Any ideas? It makes it hard to finish the configuration with no network access ;p

b) What am I meant to be providing in the step that uses the "AddCredentialsToKeychain" script? I thought "afp://myuser:mypassword@MacServerName/NetBootSP0" would be the answer here, but no go. In fact, when I browse to "afp://serverIP" I don't see the required "NetBootSP0" share at all. Only the "NetBootClients0" folder. What's required here?

... I have more, but this post is getting long. These two things will at least get me started. Ideas?

By the way, if I edit the "agent-install.conf" and change the setting back to "darwin", then reboot, the rebooting issue goes away. But why is it happening anyway?

Also, I have disabled the "NetBootSP0" share on the OSX Server, shared it again, and restarted AFP... I can now see this share remotely and connect to it, but when I try to use the "AddCredentialsToKeychain" script I get the following;

---------------------------------------------------------------
There was an error mounting your drive
(credential or share problem). Click OK to try
again.

( Cancel ) ( OK )
---------------------------------------------------------------

I checked my mounts and removed/ejected the NetBootSP0, then tried the script again and it still failed. What am I doing wrong?

a) Is this the right share to be mapping to as part of the script? i.e. the NetBoot share?

b) Can the images be stored on my Deployment Server, or do they need to stay on the Mac?

c) I am using the credentials (for testing purposes) of the admin user I created as part of the server setup, this should still work shouldn't it?

d) Do I need to add these details into the keychain? Apparently you can specify the user/pass in the create/distribute type jobs anyway.

e) What would be the syntax required if I wanted to use my standard "deployment" user like in DS automation? It's an AD account, so I would need to somehow use "username@domain" or "domain\username"... but will those work with the "AddCredentials" script?

Any assistance appreciated.

Okay, after more playing...

a) Rebooting - I guess this is by design. The only thing that will stop this rebooting is a task actually being sent from the DS. I guess I shouldn't have rebooted because then the agent thought it was running as automation, obviously found there to be no jobs queued up and rebooted the client. I worked around this, and will remember to do this step last in future attempts.

b) Credentials script - I could not get, under any circumstances, the "addCredentialsToKeychain" script to complete. But as the example "Distribute image" job in the documentation actually specifies the username and password for the image path, I fail to see why this step is needed at all. I have simply ignored this step.

Further, I realised that this whole process wanted to use AFP (and therefore a Mac only image store) so I decided I would just follow the Apple NetBoot recommendations and create a limited user for the deployment jobs on the Xserv itself. Done - didn't need to use the Altiris user like I queried.

I still have heaps of issues in getting this working - but at least this part is sorted now.

Okay, so I finished the automation configuration and created the NetBoot configuration. I was also able to create a test client image and run a "Create Image" job on it - and it booted into automation... all was looking good until I received an error "-99".

I went back to the client and created the image by hand (using similar hdiutil commands), and then I tried following the example in the documentation and deploying the image back to the client. I had the image called the same thing, in the same location as the documentation, and I configured the job exactly like in the documentation. When started the client rebooted into automation, and even displayed a new Altiris dialog for me... it looked like this;

-----------------------------------------------
Imaging status
-----------------------------------------------
Current Status:
OverAltiris: Attaching...
( Cancel )
-----------------------------------------------

... unfortunately after a minute or two, it failed to "attach" and rebooted back to production (via another NetBoot). I ended up with a "Distribute image" task error "-99" as well. I tried several things and even used the admin user credentials in the job, but I couldn't get it to work.

In the end I converted my client image into a NetInstall image and was able to some-what manually deploy my client computer. Is this error "-99" a known issue? I've seen a few people attempt what I am doing and they all are saying they get the same error.

For now it looks like, if we go Macs, I will be either using "NetInstall", or configuring a "NetRestore" using the documentation from Bombich (with the exception of computer name changing and adding the client to AD, I already have this working). Does anyone know if I can use DS to trigger the automation reboot so that NetRestore can do it's thing? This definately seems like a better and more "stable" solution than the current Altiris method.

I used netinstall and netrestore to handle mac imaging, its a much better solution in my opinion than pulling your hair out messing with everything else.

how can download mac os on net??

I did get further along with this... to the point where I;

a) had created the Macintosh NetBoot image.

b) could see the thing "trying" it's little heart out do connect to the server.

... but in the end it still didn't work, and as a previous member suggested, found I could deploy (ish) using the NetRestore process instead.

Oh, and I never did figure out what I was meant to do with the "AddCredentialsToKeychain" thing. My experience here tells me that either this project (Altiris & Mac) isn't being given the time it needs to create a better/workable solution, or I was just not "getting it". I can script the pants of a Windows computer, but this Mac and Altiris stuff just doesn't seem to work.

Hi,

Sorry for the delay. If you are working with Mac OS X 10.5, please see the following kb article: https://kb.altiris.com/article.asp?article=45086&p=1.

If you're not working with 10.5, please let us know.

Thanks,
doug

 dougj, I still see the -99 error output in the console when I try to have the agent create an image of the Macintosh client and I did what you suggest (long time ago) in https://kb.altiris.com/article.asp?article=45086&p=1.

I get the error -99 code too. The Powerpoint Presentation is nice, but the failure is IMHO anywhere else...

It would be interesting, if somebody HAS EVER BEEN ABLE TO image some  Mac's. I don't like to spend days or weeks if this is a pointless intention anyway...

I don't like to do this with a 3rd party tool like Netrestore.


greetz
r.

I see the clients in altiris. When I boot the Mac into the local volume, where the altiris agent ist installed too and then assign an "Image restore Job", the agent pops up and says something like "attaching" and then breaks up. OK, this looks not bad, I'm aware about that, that the client can't destroy itself - but it seems to work.

I tried to make an Netboot-Image of THIS machine, where the agent pops up. The netboot works, but when I try to assign the same Job like before, nothing happens (only the mount script appears shortly). No altiris agent appears, nothing.

What could be the failure? The netboot image is exactly the same image like this on the local machine. Is there a R/W problem?

Any suggestions?


greetz
r.

Did you ever get this working? 

I need to deploy Macs as well.  Do you need to deploy a Netboot server to each site?

Wallo, I will speak from my own experience trying to get DS 6.x imaging working for the Macs, and basically say don't waste your time right now. DS 6.x didn't really bring much of anything to the table, and it was just a mess to set up, and the DS client caused kernel panics on my test machines.
Now there's DeployStudio (www.deploystudio.com) which just does a bang up job. I highly recommend using that as your Mac imaging solution for now.
I did talk with a current DS 7 product manager recently and conveyed some ideas for getting DS 7 working for Macs without requiring any additional infrastructure, but where that conversation will go, or IF it will go, I don't know, and if there were changes made I wouldn't expect them to come into play for at least a year.

required a Netboot server to work (DS6.9.x). I haven't had access to a Mac to try on DS7.1.

Thanks for the tips Joseph and Jim,

My dilemma is that I have to make it work - implementing for a large customer site and the tender response that I'm working to said "Yes" to the Mac imaging question.  And according to the documentation, technically speaking they are supported.

It's disappointing that it's one of those features that "yes" it works (according to the vendor), but nobody has made it work before.

As well as actually making it work, it means that my enterprise design requires a Netboot server at every location that has a PXE server.  So if a site of say 100 computers requires a package/task/pxe server, it will also need a mac server with Netboot installed.  Not very practical at all really.

I'm not sure if we can go back and ask the client if we can implement DeployStudio, but I will look into this... Thanks guys!

Any other comments are appreciated.

Hey Wallo,

Did you ever see the powerpoint from Symantec which talks about how to make it work?  We got ours to talk to the netboot server and boot the automation image using the guide about a year ago, but the Mac group has removed rights from my Windows group to be able to modify the netboot servers or update the AFP shares.

Article:  https://kb.altiris.com/display/1n/kb/article.asp?aid=40410&link=

Powerpoint:   https://kb.altiris.com/utility/getfile.asp?rid=5699&aid=40410

I have the same problems as mentioned above....

I’ve been following Symantec’s recommendations on how to image a Mac via deployment server.
I have followed the “Mac OS X Imaging Training for Deployment Server 6.9 “ Guide, that is the same as in DS 6.9 SP3 user guide. Suggested to us and I’m having some problems where the Mac continually reboots, the only way I can stop this is delete the DS Job and delete the computer object in DS.
 
I have turned on full alert / reporting on the Mac server for AFP & Netboot, and can’t see any activity coming back to the Mac server from the deployment server.

• 
  If I boot into the client OS on the Mac I can connect to AFP share / a share that was setup with guest access.
• I can ping the client & server from the deployment server.
• I have looked at the logs on the mac there are two files , one has the hardware inventory information that reports back to the server , IE HDD size CPU serial number etc, the other hasn’t been edited since I installed the agent.

 
Errors “status code”  I’m getting on the deployment server task , error 1 & -99
 
Deployment server has no problems deploying normal tasks I.E Software to the Mac.
 
 
Our Environment.
Deployment server 6.9 SP4
Mac Mini OS X Server 10.6 Latest Patches Snow Leopard - Intel CPU style.
Imac  as the client OSX 10.6.3 latest Patches Snow Leopard. – Intel CPU style.
 
Would you have any thoughts as to where I may be going wrong ?

Problems following the instructions from the power point presentation. “Mac OS X Imaging Training for Deployment Server 6.9 “

• 
  In the start net boot service section – Enable the diskless option , this is grayed out.
• In the deployment server image job where it says type AFP twice there is only room for one ??
• Same section drag the job on the PC and it continues to reboot and doesn’t netboot ??

Many thanks
Anthony Williamson
E : Anthony_williamson@hotmail.com