Monthly Archives: June 2012

Troubleshooting Apple Software Update Server

We are currently in the process of migrating towards a thin imaging approach for the Macs I manage at my university. One of the things we needed was an Apple Software Update Server, which is pretty straight forward to set up using Server Admin. I used Snow Leopard Server 10.6.8 with Lion updates enabled as described in Apple’s KB article.

A command I found extremely useful:

sudo serveradmin settings swupdate | grep "enable = no" | awk -F '=' '{print $1"= yes"}' | sudo serveradmin settings

This command enables all available updates. If you have set SUS to automatically mirror, but not automatically enable, this command saves you from having to click on every single one of the 600 updates to enable it.

A few days after I set up my SUS I was starting to see a bunch of error messages in /var/log/swupd/swupd_syncd_log after starting a sync run using the refresh button below the updates list in Server Admin. I’ll go over them here and explain my fixes:

“Product file URL contains possible security violation.” in log

*** Product file URL contains possible security violation.
*** Product ID: "11D2515_ServerEssentials"; file URL: "http://swcdn.apple.com/content/downloads/10/59/11D2515_ServerEssentials/xajda1v3ycqbtv75fiw5hvosaovu9to9hc/ServerEssentials.dst/041-5774.Italian.dist"
*** Reason: file download path cannot be reached / does not exist.
*** The suspect product file will not be downloaded.

A few Lion updates contain subfolders, which SUS does not create. Simply create those subfolders (mkdir /var/db/swupd/content/downloads/10/59/11D2515_ServerEssentials/xajda1v3ycqbtv75fiw5hvosaovu9to9hc/ServerEssentials.dst; chown _softwareupdate /var/db/swupd/content/downloads/10/59/11D2515_ServerEssentials/xajda1v3ycqbtv75fiw5hvosaovu9to9hc/ServerEssentials.dst) and have SUS recheck for available updates.

[EDIT: The original version of this blog post used curl to download the file, but forgot to chown the folder. Letting SUS download the file itself is the cleaner solution.]

[EDIT 2: This issue is really widespread with the ARD Client 3.6 update, where http://swcdn.apple.com/content/downloads/31/58/041-5433/xt9k9paj5zu8rx258rdccohk236ee77clh/RemoteDesktopClient.dst/041-5433.*.dist fails. This does solve this issue.]

“Product XXX-YYYY is no longer available and has no replacement” in log or “*** Missing version string for product XXX-YYYY” in log or “_productId Update” showing up in Server Admin

Your catalog is corrupted. Delete it to have it rebuilt automatically. The following commands help:

sudo serveradmin stop swupdate
cd $(sudo serveradmin settings swupdate:updatesDocRoot | awk -F '"' '{print $2}')/html/content
mv catalogs catalogs.old
sudo serveradmin start swupdate

Create a bootable Mac OS X Lion Server USB drive

  1. Download Lion from the Mac App Store.
  2. Use Disk Utility to restore /Applications/Install Mac OS X Lion.app/Contents/SharedSupport to a USB flash drive.
  3. Download Lion Server from the Mac App Store.
  4. Grab the correct version of ServerEssentials.pkg by running curl “http://swscan.apple.com/content/catalogs/others/index-lion-snowleopard-leopard.merged-1.sucatalog” | grep ServerEssentials in a Terminal, searching for the line that corresponds to your version of Lion (it can be identified by looking at ./System/Library/CoreServices/SystemVersion.plist on the flash drive), and downloading the file from the link referenced by that line (it will look like http://swcdn.apple.com/content/downloads/21/09/11E53_ServerEssentials/yfLkxRYr8GczRPHKBSpStgMYT3kjRnKQRf/ServerEssentials.pkg).
  5. Drop the downloaded ServerEssentials.pkg into ./Packages on the flash drive.
  6. If after installing from the Flash drive, you are missing /Applications/Server.app, that can easily be extracted from the Lion Server Combo Updater (use the version that corresponds to your Lion version) using Pacifist.

More details here.