You are not logged in.

Announcement

[2017.09.08] DeployStudio build v1.7.8 (checksum, release note).
[2016.08.26] DeployStudio build v1.6.19 (release note).
[2013.02.23] DeployStudio last universal build v1.5.17 (release note).

#1 2017-06-22 14:41:06

mungo2k
Member
Registered: 2014-05-22

DS 1.7.6 + macOS 10.12.5 NBI - DNS error with DS Runtime

Our NBIs have a DNS problem when using 10.12.5 to build them using DeployStudio 1.7.6. 10.12.4 was OK.
I can boot to the NBI, but then Runtime cannot resolve the DNS name of the URL. Enter the IP address, then I can proceed and login.
A Google search shows this has happened to others on previous releases (going back to 10.9) but has anyone else got this problem with 10.12.5?

The error message states "ourhost.com: unreachable host! (tested port 60443, ip=0)"

Offline

#2 2017-06-28 17:43:06

mungo2k
Member
Registered: 2014-05-22

Re: DS 1.7.6 + macOS 10.12.5 NBI - DNS error with DS Runtime

Update: This problem has existed since 10.12.3. It is clearly something to do with our network, but it is also clear that something changed in macOS 10.12.3's DNS service to cause the problem.  It is not restricted to a NetBoot set, I can reproduced the problem when running DS Runtime on a normal macOS installation (>10.12.2).

Offline

#3 2017-06-29 09:17:31

mjsanders
Member
From: Schiedam, Netherlands
Registered: 2008-09-02
Website

Re: DS 1.7.6 + macOS 10.12.5 NBI - DNS error with DS Runtime

I think this is a DNS issue, or Certificate, or a combination of these.

Recent versions (i forgot which version) are more strict on TLS certificate mismatches. You can use a custom cert, or the default com.deploystudio.server cert, which is always trusted by the runtime.

what if you use a client on the same network and use safari to go to https://server.dns.name:60443 ?
If OK it will ask for user/pw (of DS admin) and will show a page that starts with this text:
" DeployStudioServer registered web services

GET methods:
- /computers/get/all"

If not OK:
You can see the settings DS is configured with (urls) in the DeployStudio preference pane on the server.

I suggest you make the correct entries for your server in the DNS server (the one that is used by the netbooted clients), or re-run the DS setup assistant and use IP addresses everywhere, and then create a new .nbi using the same values (IP) as used for the server setup.

Last edited by mjsanders (2017-06-29 09:19:48)

Offline

#4 2017-06-29 10:18:21

mungo2k
Member
Registered: 2014-05-22

Re: DS 1.7.6 + macOS 10.12.5 NBI - DNS error with DS Runtime

Hi @mjsanders. Thanks for your reply.

When I log in via the browser I get a certificate warning, as we are using the default server cert. If I "Proceed Anyway" I can login as normal.

What I have just found out after extensive research is that if I disable IPv6 (set it to Link Local Only), the authentication works.  We also did a Wireshark sniff, and while IPv6 is enabled, no DNS search is being made by DS Runtime.  On an older client (10.11.6), our DHCP server is not setting an IPv6 address to the client.   I suspect there is either a bug in the Runtime application in relation to HTTPS, or a problem with our IPv6 setup.  Either way, it looks like we will have to manipulate our NBIs to switch off IPv6.

Offline

#5 2017-06-29 11:40:35

mjsanders
Member
From: Schiedam, Netherlands
Registered: 2008-09-02
Website

Re: DS 1.7.6 + macOS 10.12.5 NBI - DNS error with DS Runtime

I am curious if IPv6 has DNS resolution for your DS server. (and I doubt if DSserver will actually use IPv6, it does not show in system preferences)
I am not sure if DNS resolution should be IPv6 or IPv4. I guess that IPv4 ONLY should work.
Managing your DNS and/or DHCP is better than manipulate your NBI to work without IPv6, since you will have to do that every (re)build of your NBI.

I remember that macOS will prefer iPv6 when available, but that may change between macOS versions.
I have no IPv6 here to test , but check out this page : https://arstechnica.com/apple/2016/09/macos-10-12-sierra-the-ars-technica-review/6/#h3
"Networking: Sierra brings new IPv6 addresses"

Update:
on a test server (macOS 10.12.5/DS1.7.6) with IPv6 I can connect to https://[..IPV6...address..]:60443 using safari.
So DeployStudioServer can work with IPv6 connections.

I have fully trust com.deploystudio.com cert, but I hope the DS Runtime will work too.

Last edited by mjsanders (2017-06-29 12:52:57)

Offline

#6 2017-06-30 12:44:29

mungo2k
Member
Registered: 2014-05-22

Re: DS 1.7.6 + macOS 10.12.5 NBI - DNS error with DS Runtime

That could be an issue. Some of our subnets have IPv6 and some do not. The subnet containing the DS Servers does not have IPv6. Client subnets without IPv6 have no problem to connect to the server in DS Runtime (with DNS), but those with IPv6 enabled cannot connect.

Note that this does seem to be a DS Runtime bug, since terminal commands in the NBI have no problem resolving the DNS name of the DS Server. (Terminal is available once I login to Runtime using the IPv4 address).

Offline

Board footer

Powered by FluxBB