Der Flounder

Opening Inaccessible Attachments in Outlook 2011

rtrouton — Fri, 20 Jan 2012 17:13:26 +0000

One of my users ran into an unusual display issue in Outlook 2011, where emails with attachments will sometimes not be displayed in the reading window.

These messages will show up with the paper clip icon that indicates that there’s an attachment (indicated by the red square in the picture below.)

When opened, the message will not show the attachment line

(Note: the recipients have been redacted from the screenshot below.)

I have not found a fix for this issue, but I’ve found a workaround that allows access to the attachment. See below the jump for the procedure

1. Select the message where the attachment is not showing up.

2. Go to the Message menu and select Edit Message.

3. A new window will open up, with the attachment showing in the attachment line.

Attaching Files to Meeting Invitations in Outlook 2011

rtrouton — Thu, 12 Jan 2012 17:51:23 +0000

I was asked by one of our users today how to attach files to a meeting invitation in Outlook 2011. After some research, here’s how you do it:

1. Set up a new meeting invitation in Outlook 2011.

2. Once the meeting invite opens up, drag your file you want to attach into the blank gray area to the right of Duration.

Your attachment will then appear in a newly-appearing attachment line below the start and end time for the meeting.

Interestingly enough, you can’t add files to Outlook 2011 appointments. If you need to add a file attachment to an appointment, click the Invite button in your Appointment window.

The appointment will then turn into a meeting invite and allow you to attach files. Invite your own email address and hit the Send button to add the event to your calendar.

Encrypting 10.7 non-boot volumes without erasing them

rtrouton — Fri, 06 Jan 2012 15:03:31 +0000

In addition to using FileVault 2 to encrypt your boot partition, it’s possible to encrypt your non-boot storage on 10.7 using the same CoreStorage-based encryption. Apple provided a way to do this via Disk Utility, where you would need to erase the drive and have the new volume be set up as an encrypted volume.

It is also possible to encrypt the drive without erasing it first from the command line. This allows your existing data to stay on your drive while the drive is being encrypted. See below the jump for the procedure.

To encrypt a drive, run the following command:

diskutil cs convert /Volumes/your_drive_name_here -passphrase

Note: You can use diskutil corestorage in place of diskutil cs

You’ll then be prompted for the passphrase you want to set and get output similar to what’s shown below:

computer name:~ username$ diskutil cs convert /Volumes/your_drive_name_here -passphrase New passphrase for converted volume: Confirm new passphrase: Started CoreStorage operation on disk2s1 your_drive_name_here Resizing disk to fit Core Storage headers [ - 0%..10%.............................................. ] Creating Core Storage Logical Volume Group Attempting to unmount disk2s1 Switching disk2s1 to Core Storage Waiting for Logical Volume to appear Mounting Logical Volume Core Storage LVG UUID: D1EAB2C3-EC21-41DA-AD60-75E1302E247B Core Storage PV UUID: 991C89E9-A628-408C-AAFF-39A561FCB95C Core Storage LV UUID: 36483526-6C2C-43FA-A4B7-6F503473F1C2 Core Storage disk: disk3 Finished CoreStorage operation on disk2s1 your_drive_name_here Encryption in progress; use `diskutil coreStorage list` for status

You’ll want to leave the Mac up and running while the drive is encrypting, as the encryption process will fail if interrupted. To check on its progress, run the following command:

diskutil corestorage list

Check the list displayed for the name of the drive you’re encrypting. When you find it, look for Size (Converted):, as that will tell you how far along the encryption is.

Once the encryption is finished, it should report Conversion Status: Complete

In order to kick off the encryption process, the drive needs to unmount and remount. If the drive does not unmount, you may see output like this appear:

Started CoreStorage operation on disk2s2 your_drive_name_here Resizing disk to fit Core Storage headers Creating Core Storage Logical Volume Group Attempting to unmount disk2s2 Switching disk2s2 to Core Storage Couldn't unmount disk2s2; converted volume won't appear until it's unmounted Core Storage LVG UUID: E8855450-E9B1-4DC7-84E3-27FE682A7FAB Core Storage PV UUID: 74610185-5485-44B0-B76A-B5C5E1616D6E Core Storage LV UUID: 3704705E-9645-4628-ABB7-A0E6999697C6 Finished CoreStorage operation on disk2s2 iLoad4 Encryption in progress; use `diskutil coreStorage list` for status

If the drive does not unmount, unmount it and unplug it (to make sure the Mac isn’t seeing it anymore), then replug it in. At that point, you should be prompted for the password you had set and the encryption process should begin.

If you check on its progress and encryption still has not begun, try unmounting, unplugging and replugging again. At that point, it should kick off.

To decrypt a drive from the command line, you would run the following command:

diskutil cs revert /Volumes/your_drive_name_here -passphrase

You’ll be prompted for authentication before it will decrypt, so enter the password you had set when encrypting.

Once entered, the drive will begin to decrypt.

To check on its progress, run the following command:

diskutil corestorage list

Check the list displayed for the name of the drive you’re decrypting. When you find it, look for Size (Converted):, as that will tell you how far along the decryption is. Also, when decrypting, the conversion direction should be reported as Conversion Direction: backward

You can also decrypt your encrypted drive using Disk Utility. To decrypt a drive from Disk Utility, use the following procedure:

1. Open Disk Utility.

2. Select your locked hard drive.

3. Under the File menu, select Turn Off Encryption…

4. When prompted for a password, enter the password you had set when encrypting.

You may need to unplug the drive and replug it in before it begins decryption. When it’s replugged in, the drive should mount normally without requiring your encryption password. At this time, Disk Utility will not show you the decryption progress, so to check on its progress, you’ll need to open Terminal and run the following command:

diskutil corestorage list

Hidden users with hidden home folders not migrated when upgrading to 10.7

rtrouton — Wed, 04 Jan 2012 15:14:12 +0000

In a number of Mac environments, it’s advantageous for Mac admins to hide the IT administrator account so that it can’t be deleted or altered by other users on those Macs. In other cases, like Jamf’s Casper, the system management tool needs an account in order to do its work. In both cases, hiding the affected account and its associated home folder is a good strategy to keep unwanted attention from noticing the account.

One way you can hide the account is to create it using a UID that’s lower than 500. Apple uses UIDs of 501 and higher for its accounts. UIDs of 500 and lower are assumed to be system-only accounts and should not show up at either the login window or in the Accounts or Users & Groups listing in System Preferences.

The downside to this is that these hidden accounts may not be migrated when upgrading your Mac to a new OS, which may leave you without your usual administrator account following the upgrade. I first noticed this with 10.7.x, but I’ve heard that it also affects hidden accounts when migrating from 10.5.x to 10.6.x.

How can you tell if your hidden account will be migrated? Here’s what works and doesn’t as of Mac OS X 10.7.x:

Note: In the description below, Visible refers to a user account that shows up and is editable in the Accounts or Users & Groups listing in System Preferences. Hidden refers to an account with a UID that’s lower than 500.

Successfully migrates:

Visible user account, where the home folder is stored in /Users

Hidden user account, where the home folder is stored in /Users

Visible user account, where the home folder is stored somewhere other than /Users

Does not successfully migrate:

Hidden user account, where the home folder is stored somewhere other than /Users

If you have a hidden user account with a home folder stored outside of /Users, there’s a couple of solutions that you may be able to leverage as part of the upgrade process to get those hidden admin accounts back.

1. If you’re upgrading to 10.7.x, use CreateLionUser to build installer packages that recreate your hidden user accounts following the upgrade. These installer packages should be incorporated into your upgrade workflow and set to run after the main 10.7 upgrade process has finished.

2. If the hidden user is needed by your system management tool, check to see if the needed user is created by the agent installer. If it is, then re-running the agent installer should put back the needed hidden user account.

2011 in review

rtrouton — Sat, 31 Dec 2011 23:38:23 +0000

The WordPress.com stats helper monkeys prepared a 2011 annual report for Der Flounder.

Here’s an excerpt:

The concert hall at the Syndey Opera House holds 2,700 people. This blog was viewed about 50,000 times in 2011. If it were a concert at Sydney Opera House, it would take about 19 sold-out performances for that many people to see it.

Click here to see the complete report.

Clearing the font cache to fix an Outlook 2011 hanging problem

rtrouton — Wed, 28 Dec 2011 21:20:43 +0000

I had an issue today where Outlook 2011 was giving the spinning beachball right after opening. When I looked at the process list in Activity Monitor, I saw that the Microsoft Database Daemon process was using over 50% of CPU and sometimes going as high as 80% while the beachball was spinning. I also noticed that the fontd process was occasionally popping up to the top of the list of active processes, then going back to normal processor usage. After fifteen minutes, the spinning beachball went away and Outlook started behaving normally.

Since the fontd process had caught my attention, I decided to go with a sudden hunch and cleared the font cache system-wide. After that, I logged out of the user’s account and had them log back in. This time, Outlook opened right away. No beachball and no heavy Microsoft Database Daemon CPU usage. Based on that, Outlook was having some issues with something buried in the font cache and forcing a rebuild fixed the issue. In case someone else has a similar issue, here’s the commands I ran:

sudo atsutil databases -remove

(removes all user and system font caches)

sudo atsutil server -shutdown

(stops the Apple Type Services service that manages the font caches)

sudo atsutil server -ping

(restarts the Apple Type Services service)

I’ve also posted a script for automating the font clearing and ATS stop/restart on my GitHub repo. It’s available here.

Checking which accounts on a Mac have administrator rights

rtrouton — Thu, 22 Dec 2011 21:10:36 +0000

Something a number of Mac admins need to know about the Macs in their environment is being able to detect which accounts have admin rights on a particular Mac. This can be particularly important not just in secured networks, but also in schools. Savvy users can be inventive about finding ways to grant themselves admin rights, so admins need to be just as savvy about identifying which accounts have admin rights and shouldn’t.

To help with the task of identifying which accounts have admin rights, I found that Ryan Manly had posted a script-based Extension Attribute for use with Casper to detect which accounts had admin rights on a particular Mac. For those who need it, I’ve posted the Extension Attribute to my own GitHub repo as well as modifying it for use as an Absolute Manage Custom Information Item or as a generic standalone script.

Monitoring the Casper JSS Tomcat on Red Hat Linux

rtrouton — Wed, 14 Dec 2011 14:47:11 +0000

In my Casper setup, Casper’s JSS depends on a Jamf-installed Tomcat 7 installation on both my Casper production and Casper test servers, both of which are hosted on Red Hat Enterprise Linux 6.x VM servers.

To make sure that Tomcat is restarted automatically in case of a problem, a set of scripts has been installed with an accompanying crontab entry to check Tomcat to make sure it’s running. If not, an email with diagnostic information is sent then Tomcat is restarted. See below the jump for the scripts and the root crontab entry I’m using.

Script location:

The scripts are stored in /scripts on both my Casper production and Casper test servers. I created this directory, you can use whatever directory you prefer as long as you update it in the scripts.

Crontab:

The following entry has been added to the root crontab

*/1 * * * * /scripts/tomcat_check.sh 2>&1 >> /dev/null

Scripts:

The scripts are available here on my GitHub repo.

tomcat_check.sh – monitors Tomcat by checking to see if port 8080 on localhost is active. If not, tomcat_check.sh triggers /scripts/tomcat_report.sh to send an report via email. After the email is sent, Tomcat is then stopped and started using the startup scripts for the Casper Tomcat installation.


#!/bin/bash

# Services Restarter - Automatically restart tomcat if it dies

/bin/netstat -ln | /bin/grep ":8080 " | /usr/bin/wc -l | /bin/awk '{if ($1 == 0) system("/scripts/tomcat_report.sh; /etc/rc.d/init.d/jamf.tomcat7 stop; /etc/rc.d/init.d/jamf.tomcat7 start") }'

tomcat_report.sh – Sends an report via email. The emailed report includes the last 60 lines of JAMFSoftwareServer.log, a vmstat sample and load infomation.

#!/bin/sh PATH=/bin:/usr/bin:/sbin:/usr/sbin export PATH


# Define the recipient.

RECIP="email@address.here"
# That should be it for the necessary configuration part. The rest can be pretty much as-is.

NAME=`hostname`

LOGS="/tmp/tomcat-restart.txt"

HWLOGDATE=$(printf "`date "+%a %h %e"` \n")

SEND="tomcat_restart@`hostname`"
# Now begin writing the daily report.

echo "From: Tomcat Restart Report " > $LOGS

echo "To: $RECIP" >> $LOGS

echo "Subject: $NAME Tomcat Restart Report" - `date` >> $LOGS 
ADDY=`ifconfig eth1 |grep "inet addr" |awk '{print $2}' |awk -F: '{print $2}'`
# Give an introduction.

echo "***********************************************************************" >> $LOGS

echo "***** Hi. You're receiving this because Tomcat restarted"  >> $LOGS

echo "***** This is the report for `date "+%a %h %e"`. " >> $LOGS

echo "***** Report is for `hostname` ($ADDY). " >> $LOGS

echo "***********************************************************************" >> $LOGS

echo " " >> $LOGS

echo " " >> $LOGS
# Check the uptime, so we can notice any unexpected and automatic reboots.

echo "Uptime" >> $LOGS

echo "------" >> $LOGS

echo `uptime` >> $LOGS

echo " " >> $LOGS

echo " " >> $LOGS  
# Check to see how much space we have left on the volumes.

echo "FREE SPACE" >> $LOGS

echo "----------" >> $LOGS

df -khl >> $LOGS

echo " " >> $LOGS

echo " " >> $LOGS 
# This looks at who's connected at the time of this report's generation.

# It's probably not too interesting. We have to filter for this host's IP

# address because it might be a syslog server and the logs would be cluttered.

echo "CURRENTLY ESTABLISHED CONNECTIONS" >> $LOGS

echo "---------------------------------" >> $LOGS

netstat -an | grep -i "established" | grep $ADDY >> $LOGS

echo " " >> $LOGS

echo " " >> $LOGS 
# This looks at who's connected via SSH or at the console at the time of this report's generation.

echo "CURRENTLY ESTABLISHED SSH AND CONSOLE CONNECTIONS" >> $LOGS

echo "-------------------------------------------------" >> $LOGS

who >> $LOGS

echo " " >> $LOGS

echo " " >> $LOGS
# This reports on the virtual memory stats at the time of the stoppage

echo "REPORT VIRTUAL MEMORY STATISTICS" >> $LOGS

echo "--------------------------------" >> $LOGS

vmstat 1 10 >> $LOGS

echo " " >> $LOGS

echo " " >> $LOGS
# This tails /usr/local/jss/logs/JAMFSoftwareServer.log and hopefully catches the error

echo "LAST 60 LINES OF THE JSS SERVER LOG" >> $LOGS

echo "--------------------------------" >> $LOGS

tail -60 /usr/local/jss/logs/JAMFSoftwareServer.log  >> $LOGS

echo " " >> $LOGS

echo " " >> $LOGS
# Read LOGS, pipe it to sendmail and fire off an email.

cat $LOGS | sendmail -f $RECIP -t
# Get rid of the files.

rm $LOGS

Sample email report output:

*********************************************************************** ***** Hi. You're receiving this because Tomcat restarted ***** This is the report for Tue Dec 13. ***** Report is for jss.server.name (ip.address.here). ***********************************************************************


Uptime

------

22:01:01 up 4:31, 2 users, load average: 0.03, 0.02, 0.00
FREE SPACE

----------

Filesystem            Size  Used Avail Use% Mounted on

/dev/sda2              20G  4.7G   15G  25% /

tmpfs                 3.9G     0  3.9G   0% /dev/shm

/dev/sda1              97M   43M   50M  46% /boot

/dev/sda4             4.0G  271M  3.5G   8% /opt

/dev/mapper/vg_data-lvol0

                    504G   39G  441G   9% /data
CURRENTLY ESTABLISHED CONNECTIONS

---------------------------------

tcp        0      0 ip.address.here:22               ip.address.here:60654          ESTABLISHED

tcp        0      0 ip.address.here:49254            ip.address.here:389              ESTABLISHED

tcp        0      0 ip.address.here:49251            ip.address.here:389              ESTABLISHED

tcp        0      0 ip.address.here:49250            ip.address.here:389              ESTABLISHED

tcp        0      0 ip.address.here:22               ip.address.here:57903            ESTABLISHED

tcp        0      0 ip.address.here:49253            ip.address.here:389              ESTABLISHED

tcp        0      0 ip.address.here:22               ip.address.here:57906            ESTABLISHED

tcp        0      0 ip.address.here:49252            ip.address.here:389              ESTABLISHED
CURRENTLY ESTABLISHED SSH AND CONSOLE CONNECTIONS

-------------------------------------------------

root     pts/0        Dec 13 21:57 (ip.address.here)
REPORT VIRTUAL MEMORY STATISTICS

--------------------------------

procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----

r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st

0  0      0 4578176  34628 3060384    0    0    94    12   79   94  1  0 99  0  0

0  0      0 4578100  34628 3060388    0    0     0     0   57   41  0  0 100  0  0

0  0      0 4578100  34628 3060388    0    0     0     0   57   66  0  0 100  0  0

0  0      0 4578100  34628 3060388    0    0     0     0   27   35  0  0 100  0  0

0  0      0 4578100  34628 3060388    0    0     0     0   34   35  0  0 100  0  0

0  0      0 4578100  34628 3060388    0    0     0     0   49   45  0  0 100  0  0

0  0      0 4578092  34636 3060388    0    0     0    52   51   60  0  0 100  0  0

0  0      0 4578100  34636 3060388    0    0     0     0   60   49  0  0 100  0  0

0  0      0 4578092  34636 3060388    0    0     0     0   42   43  0  0 100  0  0

0  0      0 4578100  34636 3060388    0    0     0     0   50   58  0  1 100  0  0

LAST 60 LINES OF THE JSS SERVER LOG -------------------------------- 2011-12-13 19:31:13,650 [WARN ] [DataSource 2011-12-13 19:31:13,651 [WARN ] [DataSource 2011-12-13 19:31:13,652 [WARN ] [DataSource 2011-12-13 19:31:13,652 [WARN ] [DataSource 2011-12-13 19:31:13,653 [WARN ] [DataSource 2011-12-13 19:31:13,654 [WARN ] [DataSource 2011-12-13 19:31:13,655 [WARN ] [DataSource 2011-12-13 19:31:13,657 [WARN ] [DataSource 2011-12-13 19:31:13,659 [WARN ] [DataSource 2011-12-13 19:31:13,661 [WARN ] [DataSource 2011-12-13 19:31:13,662 [WARN ] [DataSource 2011-12-13 19:31:13,671 [WARN ] [DataSource 2011-12-13 19:31:13,686 [WARN ] [DataSource 2011-12-13 19:31:13,687 [WARN ] [DataSource 2011-12-13 19:31:13,727 [WARN ] [DataSource 2011-12-13 19:31:13,728 [WARN ] [DataSource 2011-12-13 19:31:13,730 [WARN ] [DataSource 2011-12-13 19:31:13,732 [WARN ] [DataSource 2011-12-13 19:31:13,784 [WARN ] [DataSource 2011-12-13 19:31:13,785 [WARN ] [DataSource 2011-12-13 19:31:13,787 [WARN ] [DataSource 2011-12-13 19:31:13,788 [WARN ] [DataSource 2011-12-13 19:31:13,791 [WARN ] [DataSource 2011-12-13 19:31:13,792 [WARN ] [DataSource 2011-12-13 19:31:13,793 [WARN ] [DataSource 2011-12-13 19:31:13,794 [WARN ] [DataSource 2011-12-13 19:31:13,794 [WARN ] [DataSource 2011-12-13 19:31:13,795 [WARN ] [DataSource 2011-12-13 19:31:13,796 [WARN ] [DataSource 2011-12-13 19:31:13,797 [WARN ] [DataSource 2011-12-13 19:31:13,798 [WARN ] [DataSource 2011-12-13 19:31:13,799 [WARN ] [DataSource 2011-12-13 19:31:13,799 [WARN ] [DataSource 2011-12-13 19:31:13,800 [WARN ] [DataSource 2011-12-13 19:31:13,801 [WARN ] [DataSource 2011-12-13 19:31:13,802 [WARN ] [DataSource 2011-12-13 19:31:13,803 [WARN ] [DataSource 2011-12-13 19:31:13,803 [WARN ] [DataSource 2011-12-13 19:31:13,804 [WARN ] [DataSource 2011-12-13 19:31:13,805 [WARN ] [DataSource 2011-12-13 19:31:13,806 [WARN ] [DataSource 2011-12-13 19:31:13,807 [WARN ] [DataSource 2011-12-13 19:31:13,827 [WARN ] [DataSource 2011-12-13 19:31:13,829 [WARN ] [DataSource 2011-12-13 19:31:13,830 [WARN ] [DataSource 2011-12-13 19:31:13,832 [WARN ] [DataSource 2011-12-13 19:31:13,833 [WARN ] [DataSource 2011-12-13 19:31:13,834 [WARN ] [DataSource 2011-12-13 19:31:13,835 [WARN ] [DataSource 2011-12-13 19:31:13,889 [WARN ] [DataSource 2011-12-13 19:31:13,891 [WARN ] [DataSource 2011-12-13 21:58:31,958 [WARN ] [SmartCompu 2011-12-13 21:58:31,959 [WARN ] [LogReaper 2011-12-13 21:59:16,638 [INFO ] [InitializeServer 2011-12-13 21:59:17,241 [INFO ] [VerifyDatabaseSchema 2011-12-13 21:59:18,123 [INFO ] [VerifyDatabaseSchema 2011-12-13 21:59:20,500 [INFO ] [Init 2011-12-13 21:59:23,526 [INFO ] [InitializeServer 2011-12-13 22:00:33,929 [WARN ] [SmartCompu 2011-12-13 22:00:33,930 [WARN ] [LogReaper ] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupReportID).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupReportID).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupReportID).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupReportID).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupReportID).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupReportID).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupComputerInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupComputerInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupComputerInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupComputerInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupComputerInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupComputerInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupPurchasingInfo.LookupPurchasingInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.Attachment.lookupAttachmentList).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.EnterIPhone.EnterIPhone).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.EnterIPhone.EnterIPhone).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.EnterPurchasingInformation.EnterPurchasingInformation).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupLocation.LookupLocation).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupIPhone.LookupIPhoneByUdid).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupIPhone.LookupIPhoneDetails).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupLocation.LookupLocation).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupIPhoneApplication.LookupIPhoneApplications).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupPurchasingInfo.LookupPurchasingInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.Attachment.lookupAttachmentList).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupIPhoneProfilesAndCerts.LookupIPhoneAssets).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupIPhoneProfilesAndCerts.LookupIPhoneAssets).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupIPhoneProfilesAndCerts.LookupIPhoneAssets).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupComputerInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupReportID).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupReportID).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupReportID).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupReportID).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupReportID).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupReportID).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupComputerInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupComputerInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupComputerInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupComputerInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupComputerInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupComputerInfo.LookupComputerInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupPurchasingInfo.LookupPurchasingInfo).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.Attachment.lookupAttachmentList).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.EnterIPhone.EnterIPhone).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.EnterIPhone.EnterIPhone).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.EnterPurchasingInformation.EnterPurchasingInformation).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.LookupLocation.LookupLocation).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.EnterLocation.EnterLocation).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.EnterLocationChange.EnterLocationChangeIPhone).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.EnterSoftware.EnterIPhoneApplication).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.EnterApplicationUsageLog.clearLog).
] - WARNING: This session (ID: F5FA7CAF12077B829E308FC5A8FD9B4C) has obtained 2 connections (Calling Function: com.jamfsoftware.EnterApplicationUsageLog.EnterApplicationUsageLogs).
terGroupMonitor] - SmartComputerGroupMonitor aborted.
] - LogReaper aborted: java.lang.InterruptedException: sleep interrupted
] - Initializing JSS...
] - Verifying Database Schema...
] - Verify Database Schema complete.
] - CA is present. No need to recreate.
] - Finished JSS Initialization.
terGroupMonitor] - SmartComputerGroupMonitor aborted.
] - LogReaper aborted: java.lang.InterruptedException: sleep interrupted

Repackaging Matlab 2011b with Composer

rtrouton — Sun, 11 Dec 2011 00:40:00 +0000

Since starting to use Casper at my workplace, I’ve wanted to be able to provide a unlicensed Matlab installer via Self Service. The reason I wanted it unlicensed is because, while we have a Matlab network license server, it has a very limited license pool. Instead, most of our labs purchase standalone licenses and register them to the person using it.

However, a showstopper issue I’ve run into has been that Matlab needs to have a license entered as part of the installation process. After some trial and error, I was able to figure out a way to use Jamf Software’s Composer build a Self Service-deployable installer that uses our network license and also an unlicensed installer. See below the jump for the details.

Building the Matlab network license installer with Composer

1. Find and launch the installer files for the version you require (in this case, I’m building a Matlab 2011b installer.)

2. Copy the installer directory to your desktop before running the installer.

3. Launch Jamf Software’s Composer and have it take a snapshot for packaging.

4. Launch the installer and use the Install without using the internet option.

5. Accept the End User License.

6. Enter the File Installation Key (FIK) for the version you wish to install (some information has been redacted.)

7. Specify the installation type (I chose Typical)

8. Specify the installation folder path (I chose /Applications.)

9. Download and save the license.dat file for the Matlab network license to your desktop.

10. Direct the installer to this file’s location when requested.

11. Proceed with the installation.

When completed, Matlab should be set to run using the license on the server.

12. Open Terminal and run the following commands:

sudo chown -R root:admin /path/to/MATLAB_RXXXXX.app

sudo chmod -R ug+rwx /path/to/MATLAB_RXXXXX.app

(MATLAB_RXXXXX is your Matlab application. Fill in as appropriate.)

This will fix the permissions of the Matlab application, from being owned by the user account that installed it to now being owned by the root user and admin group. This allows multiple accounts on the box to use Matlab successfully.

13. Go back to Composer and have it finish the snapshot process.

14. When the snapshot process finishes, delete the Users directory. The only directory that should be listed is Applications, with MATLAB_RXXXXX.app inside

15. Composer will then give the option of saving the installer package as a Casper-usable .dmg installer or as a standard Apple .pkg installer.

Removing the network license to force Matlab to prompt for activation

1. Log in with an account that has administrator privileges.

2. Open Terminal and run the following command to delete the Matlab network license file:

sudo rm /path/to/MATLAB_RXXXXX.app/licenses/*.lic

(MATLAB_RXXXXX is your MatLab version)

3. Close out of Terminal.

4. Open Matlab. You should be prompted to activate a new license.

5. Quit out of Matlab.

At this point, you should be able to repackage the Matlab application again to build an unlicensed installer that can be deployed via Casper or your other deployment tools.

NetBooting across subnets

rtrouton — Thu, 08 Dec 2011 18:40:17 +0000

Being able to NetBoot from a server that’s not located on the same subnet as the Mac you’re working on can be an invaluable tool for a Mac admin. I use NetBoot all the time at my shop, both to boot new machines for setup by DeployStudio and also to boot ailing machines from NetBoot-hosted utility disks.

In my case, our network team configured our network infrastructure in order to allow my machines to NetBoot from a server located on a different subnet (in my case, the server’s located in our main datacenter.) However, not everyone has that option available. If you’re one of those folks, here’s the commands you can use to configure your Mac to boot from a specific NetBoot server located outside of the local network.

Short version:

sudo bless --netboot --server bsdp://ip.address.here

This command should (hopefully) tell your Mac to boot from the default NetBoot set available from that NetBoot server.

Long version (should all be one line):

sudo bless --netboot --booter tftp://ip.address.here/NetBoot/NetBootSP0/NetBoot-Set-Name-Here.nbi/i386/booter --kernel tftp://ip.address.here/NetBoot/NetBootSP0/NetBoot-Set-Name-Here.nbi/i386/mach.macosx --kernelcache tftp://ip.address.here/NetBoot/NetBootSP0/NetBoot-Set-Name-Here.nbi/i386/x86_64/kernelcache --options "rp=nfs:ip.address.here:/private/tftpboot/NetBoot/NetBootSP0:NetBoot-Set-Name-Here.nbi/NetInstall.sparseimage"

This should work if the previous command did not, though you’ll need to know the specific NetBoot set’s name.

Hat tip to @gmarnin for posting this and also to @natewalck for helping figure it out.