Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Installing the DS and NS Agent for Macintosh

Created: 04 Mar 2008 • Updated: 04 Mar 2008 | 26 comments
Language Translations
dfnkt_'s picture
+2 2 Votes
Login to vote

Macintosh information for Altiris is a little sparse and I've often been left in the cold with questions. Hopefully this article will help guide those who are trying to get Macs to show up in the Deployment Console.

Getting a Mac into the DS allows you to have control over the machines, copy files to them, and see their inventory.

Also included in this article is how to install the NS Agent (Altiris Agent) on a Mac. Our environment is very unique; we run mostly PCs but do have quite a few Macintosh machines (300 or so) that handle graphic design tasks so I get quite a bit of exposure to them.

Page 260 of this pdf covers the DS agent for Mac.

Before We Begin

When I first started working on Macintosh machines and getting them into the DS I ran into issues with my two test machines going into a reboot cycle no matter what command I tried to perform from the DS. After upgrading the OS from 10.4.6 to 10.4.11 this issue resolved itself and I was then able to send files and reboot/power down the machines.

At Least One Macintosh

First things first, you need at least one Macintosh to get this to work obviously. Next you're going to need the Altiris ADLAgent, with my Mac OS 10.4.11. I'm using the latest package called "altiris-adlagent-2.6-38.Darwin." The first thing you need to do is get this package from your DS, the default location should be eXpress\Agents\ADLAgent.

In order to get to this location from a Mac you need to go to the Mac and go to the "Go" menu and select connect to server or use the keyboard shortcut "Command+K". Next you need to type in "smb://servername" sans quotes. This tells the Mac that you want to use SMB rather than the Apple default of AFP.

If all goes as it should, a dialog should pop up asking you for credentials. Login with an account that has access to the eXpress share. I used my Active Directory account to sign in.

Next you should see a dialog with a dropdown asking you what share you would like to mount, select the eXpress share and click OK. This should put a shortcut on the Mac desktop to the eXpress share but it will also go ahead and open a window with the contents of the eXpress folder.

Navigate to the Agents folder and then to the ADLAgent folder and inside you should find the altiris-adlagent-2.6-xx.Darwin files. Any of these files that end with .Darwin you can use, but as previously mentioned, I am using 2.6-38 for this article. 2.6-38.Darwin.zip is the agent for Mac, power pc.

Go ahead and drag that file onto the Mac desktop and double click it. Double clicking will result in a .PKG file being put on the desktop with the exact same name as the .ZIP file we just expanded.

If you want to save some time (as I know most admins do!) you should put this .PKG file on a thumb drive and save yourself the trouble of SMB mounting the eXpress share on all of the Macs you want to get into the DS.

You will get a series of dialogs that you should be able to click through; the installer will prompt once for the IP of your deployment server, enter it and continue. You will receive one final prompt for an IP address of a server that can be used to netboot clients. Netbooting is a little outside the scope of this article but it is something I have done before. If anyone needs some documentation on netbooting or Mac imaging, send me a message. I usually leave the box blank and click ok. If you need to add an IP for a netboot server, I will show you where to edit the config file later.

A few minutes after the install finishes, you should be able to look in the DS and see your Mac now. Give it a test by right-clicking on the Mac and selecting Power Control > reboot to make sure it's working. Give it a few seconds and the Mac should reboot and come back with no hitches. One note is that you should go to System Preferences > Sharing and make sure Apple Remote Desktop is enabled and make sure sleep under System Preferences> Energy Savings is disabled as it instructs in the installation requirements. While you're in the system preferences you can also go ahead and make sure that "Remote Login" is checked. Remote login is what allows the NS to do agent update jobs etc on the Mac.

You can now view the inventory of the Mac, power control it, and even copy files to it.

A word of advice on copying files from a PC to a Mac: Let's assume you have a folder named "Test" with 2 text files and one subfolder inside of it. When you setup the details of the copy file, you need to define the path of the files on the Mac absolutely, meaning you need to include the folder name on the end of your destination path, for example: I want to copy my Test folder and all its contents to the Mac desktop. I would copy them from my DS, let's say C:\Program Files\Altiris\eXpress\ to /Users/Username/Desktop/Test and make sure you check "Copy Directory" and also "Copy all subdirectories". If you leave the /Test off the end of the path you're going to get 2 text files and a subfolder directly on the Mac desktop. Also know that it doesn't play well with spaces.

Now, as I said earlier, I will cover modifying a few of the default things that happen when the ADLAgent is installed. Located in /opt/altiris/deployment/adlagent/conf there is a file named "adlagent.conf." I prefer to edit my configuration files from command line, I just find it easier. With your Terminal open (Macintosh HD > Applications > Utilities > Terminal.app) you can do "cd /" this puts you in the root of the hard drive.

Next you should CD to the directory I mentioned above by doing "cd /opt/altiris/deployment/adlagent/conf". If you get an error about unknown you can try just moving up one folder at a time, i.e- "cd opt/" then "cd altiris/" etc until you are at the correct directory. Once you are in the conf directory you can use a text editor such as nano to edit the adlagent.conf file. The command you want is "sudo nano adlagent.conf". Don't forget to use sudo as we want to have permission to save this file once we are done editing it. If you happen to be on an older version of Mac OS X then you might have to substitue "pico" for "nano" as the text editor, they function exactly the same.

Your bash (Bourne-Again Shell) terminal will be taken over by the text document adlagent.conf. You can use the arrow keys to scroll down through the document and read the comments which, as usual, are indicated by "#" prefixing the sentence. At the bottom of this file you can see the setting for updating the IP address of an OSX Server serving netboot images. If you modify or uncomment settings in the file as you can CTRL+O to save it, it will prompt you for a filename and will already be named the current file name, you can just hit enter and it will save. The carets at the bottom with the letters show you controls for editing, the caret indicates the Control key.

Another thing you will want to change in the adlagent.conf is the saving location of the aclient.log incase you need to troubleshoot. By default and I'm not quite sure how this happened; the aclient.log can be found in the /opt/altiris/deployment/adlagent/bin folder under "C:\Program Files\Altiris\Aclient\AClient.log". This does actually get saved into the bin folder with a filename similar to "C\/Program Files\/Altiris...." You can see below I have adjusted it to save in the log folder under aclient.log.

In the next screenshot you can see Aclient.log successfully created in the log folder.

If for some reason you need to uninstall the ADLAgent from a Mac, there is an uninstall script in /opt/altiris/deployment/adlagent/bin. Easiest way to uninstall is to open the Terminal (Applications > Utilities > Terminal.app) and type in "sudo sh /opt/altiris/deployment/adlagent/bin/uninstall.app" sans quotes. This will prompt you for root password and after providing it, the uninstaller will start. If you are having trouble with this you can open Terminal and use the cd or change directory command "cd /opt/altiris/deployment/adlagent/bin". Then try "sudo sh ./uninstall.app" and see if that helps.

If you're like I used to be then you might be a little confused when you see some of these commands or paths prefixed with "./". Don't worry about that, most of us are used to Windows or DOS which automatically searches the current directory for a file or command. Unix which is at the heart of Mac OS X does not function this way. If you want to run something in the current directory, then you need to prefix it with a ./ which tells it to first look in the current directory.

After running the uninstall.app with the above commands you will be presented with this dialog:

Click OK and you will be presented with several dialogs that have OK buttons, it is unnecessary to click these. Once the uninstaller finishes the ADL Agent should be no more. That about covers it for the deployment agent for Mac, let's move on to the NS Agent.

Before we actually begin installing the NS Agent there are a few things on the Mac that we need to do first. You will need to make sure that the root user account is enabled and had a decent password. You can enable the root user and assign a password by going to the NetInfo Manager found in "Macintosh HD > Applications>Utilities"

With the netinfo manager open, you will want to go to the "Security" menu and the drop down to "Enable root user"

You will then receive a notification that the root users password is currently blank and that you need to assign a password. Click OK and a dialog will come up where you need to input your new root user password twice and click OK. Please be cautious with what you pick as your password, the root user the end-all, be-all user with access to everything. We also keep the root password of all of our Macs the same so that if we ever need to do admin tasks to them, we know what the password is.

If for some reason you have a Mac and the root user password has already been set and you do not know what it is, don't worry, nothing a little terminal knowledge can't take care of. Open the Terminal and you want to use the following command "sudo sh" it will prompt you for your current user account password, unless you've recently issued a sudo command and given it your password. Type in your password and you will receive a shell (sh) prompt. From the sh# prompt type in "passwd root" it will ask for a new password, enter it, then enter again to confirm and bang, new root password for you my friend. Type "exit" to back out of the sh# prompt.

There are 3 ways to install the NS Agent; the push install, the pull install, and the manual install. Although the pull install and manual install are considered two different methods, in this case they are pretty much identical. Assuming you have the Altiris Agent for Mac solution installed the first method which is the Push method.

In console 6.0 go to the "Configuration" tab and then on the left pane menu expand "Altiris Agent" then expand "Altiris Agent Rollout" and there is a task there called "Altiris Agent Installation". In console 6.5 click "Configure> Agents> Agent Push". You should have a tab in the right pane window called "Install Altiris Macintosh Agent", click it. You should be presented with a list of computers, you can click "OsName" to arrange them into their respective OS versions. From this list, select the computer you wish to push to and click "Install Altiris Agent". A dialog should come up confirming your intent to install the Altiris Agent on the selected computer. It will finish after a moment and you should be all set.

If you click on "Install Settings" you will notice there is an area where you can define the username and password used to connect to the Macs

The next method which is the pull method involves browsing to the page listed in the same area we were just in. On the target machine you want to browse to this page and follow the directions. The page instructs you to download a file called bootstrap.Z. The page also gives you a set of commands to run from the Terminal. You can download the bootstrap.Z file and place it on the root of the hard drive and then open terminal, and execute the command "uncompress aex-bootstrap.Z && chmod u+x aex-bootstrap && sudo ./aex-bootstrap http://your-ns-server.dotted.domain." The && characters in this command act to chain the commands together so that you don't have to do each one separately. Remember to replace "your-ns-server.dotted.domain" with the name of your NS server and domain name with the dots.

Running the above command should take care of the NSAgent install. There is no reason to explain the manual installation since that is what you just did. If you want to get technical, a pull install would be if you pulled the bootstrap.Z file from the website and installed it with the commands versus a manual install would be getting the file from a thumb drive or other method and installing it but that is splitting hairs. If you need to get the bootstrap.Z file it should be located at "\\NS_Server\nscap\bin\mac\agent".

I hope this information helps everyone corral those Macs and keep better tabs on their environment. If you're looking for some more Mac information Kbuller posted an article on the Juice located here that covers some scripts you can run with remote desktop to accomplish some things.

Comments 26 CommentsJump to latest comment

kbuller's picture

It's nice to see that I'm not the only one using Altiris with Mac's!

0
Login to vote
dfnkt_'s picture

No, there are more of us around :) If anyone has issues with these steps please let me know. I tried to cover any missteps or issues I had in the article but you can never get everything.

0
Login to vote
jeremyboger's picture

We, too, have a few in our district. I have as of yet been able to figure out how to use Altiris on them. This article will get me well on my way to that. It will be nice to finally be able to control these machines using DS and get inventory information on them from NS. Thanks for the article.

Jeremy I. Boger
Network Technician
MSD of Lawrence Township

0
Login to vote
vroom's picture

Thank you for this article.

I've been searching for Altiris and Mac information and have also found it hard to come by.

Would you know if it is possible to use Altiris to reload mac hardware (Intel) carrying only windows? And if it is possible to do the same but carrying windows and the max OS using Boot Camp?

My guess is that it would be possible. Without PXE the computer would boot into the automation partition which would contact the altiris server for its job.

Buuuut, I'm only guessing there so any information "at all" would be wonderful.

regards
Peter

0
Login to vote
dfnkt_'s picture

I am not for sure as I havn't experimented lately. I gave up the iMac I had running as an OS X Server and have yet to get our old xserve up and running again. I would think that you could use altiris for those purposes but I do not think Altiris would handle it by itself.

I dont see an issue with using bootcamp and getting that to work, but you might have some trouble the other way around. I will have to re-create a good test lab once I finish up some other loose ends.

0
Login to vote
ianatkin's picture

This is really good. I've been thinking I should get around to managing Macs -this certainly makes that hill easier to climb.

Kind Regards,
Ian./

Ian Atkin, IT Services, Oxford University, UK

Connect Etiquette: "Mark as Solution" those posts which assist you most in resolving your problem, and give a thumbs up to useful articles and downloads

0
Login to vote
jlevers9's picture

Hi, I can't seem to find the bootstrap.z file. Where do I get it from? Also, we're using Deployment console v6.8 and I'm trying to do a push, but can't seem to find any of the configuration tabs you mention in your post. Any help you can give would be appreciated. I've just taken on using our Altiris and I have a steep learning curve here. :^)
Thanks

Jeff

0
Login to vote
dfnkt_'s picture

Sounds like you might be missing some privileges for the NS console.

As far as the bootstrap.z file goes it should be located in the directory I pointed to in the article which is "\\NS_Server\nscap\bin\mac\agent", be sure you replace "NS_Server" with the name of your notification server.

0
Login to vote
jeremyboger's picture

I was able to get three of our MACs to show up in the DS console. They show as inactive, though. I made the necessary changes in System Preferences on all three of them (ensure Apple Remote Desktiop is enabled and sleep mode is disabled). Am I missing a step somewhere? The three MACs are all powered on currently, but they are showing in the console as inactive. Also, when I try to do a WOL through the console, it tells me that feature is not available for MACs. Any additional information would be appreciated.

Jeremy I. Boger
Network Technician
MSD of Lawrence Township

0
Login to vote
kimpton's picture

Hmm things are not going well with the adl agent on the Macintosh machines.

Here are some things i have found out:

The Macintosh adl agent needs to communicate to the Deployment server and if it cannot it will keep adding processes to the process table until it can communicate with the database.

I have found that you need to set the energy saver to sleep to never and do not set the HD to sleep when inactive.

We had some machines where the machine were set to sleep and the adl agent was trying to communicate to the server but couldn't.

This causes massive problems because the Macintosh has a maximum of 529 processes and when the process table is full you cannot open any applications. Yes thats right the users get an error

Application failed to launch (-10810)

A closer look at the logs show the proc table is full

May 20 10:27:49 xxxxxxx adlagent[214]: Session pid is for different process than what we are tracking, found -1073744200, should have found 7105653
May 20 10:27:49 xxxxxxx kernel[0]: proc: table is full

And the logs go on and on to say the proc table is full.

Also after setting the energy saver to never and put the hd to sleep to off this problem does not happen.

The problem is the DB is not running because of a sql error and i am getting the -10810 error on the machines when users are trying to open applications again.

So in summary

If the enery saver and hd to sleep and db is not running the adl agent keeps adding to the process table and users after a while are unable to open applications and get -10810 errors

Quick fix:

Reboot resets the process table
Log in as Admin
open Activity monitor quit the adl processes

Until i can get this fix the adl agent is a bad idea for the Macintosh platform.

0
Login to vote
kimpton's picture

Hmm things are not going well with the adl agent on the Macintosh machines.

Here are some things i have found out:

The Macintosh adl agent needs to communicate to the Deployment server and if it cannot it will keep adding processes to the process table until it can communicate with the database.

I have found that you need to set the energy saver to sleep to never and do not set the HD to sleep when inactive.

We had some machines where the machine were set to sleep and the adl agent was trying to communicate to the server but couldn't.

This causes massive problems because the Macintosh has a maximum of 529 processes and when the process table is full you cannot open any applications. Yes thats right the users get an error

Application failed to launch (-10810)

A closer look at the logs show the proc table is full

May 20 10:27:49 xxxxxxx adlagent[214]: Session pid is for different process than what we are tracking, found -1073744200, should have found 7105653
May 20 10:27:49 xxxxxxx kernel[0]: proc: table is full

And the logs go on and on to say the proc table is full.

Also after setting the energy saver to never and put the hd to sleep to off this problem does not happen.

The problem is the DB is not running because of a sql error and i am getting the -10810 error on the machines when users are trying to open applications again.

So in summary

If the enery saver and hd to sleep and db is not running the adl agent keeps adding to the process table and users after a while are unable to open applications and get -10810 errors

Quick fix:

Reboot resets the process table
Log in as Admin
open Activity monitor quit the adl processes

Until i can get this fix the adl agent is a bad idea for the Macintosh platform.

0
Login to vote
dfnkt_'s picture

Thank you for the reply, and yes, sorry i forgot to cover that information in the article, the PDF from altiris does make mention of disabling those power options.

0
Login to vote
kimpton's picture

Yes thats right i did read the documentation about disabling the power options prior to this and confirmed it through testing.

Unfortunately there is not any mention about my particular problem with the adl agent not communicating with the server because there is a problem connecting to the database and the process table on the machines becoming full.

I have logged a call with Symantec and will see what they say.

0
Login to vote
packmad's picture

Hi dfknt_,

is it possible to have the procedure to image Mac computers with Altiris DS? I have found some information in the documentation but it's not clear.

Thnaks in advance

0
Login to vote
powellbc's picture

[quote=packmad]Hi dfknt_,

is it possible to have the procedure to image Mac computers with Altiris DS? I have found some information in the documentation but it's not clear.

Thnaks in advance[/quote]

This may help:

https://kb.altiris.com/display/1/kb/article.asp?ai...

It's a guide on getting DS set up on the client and server side for Macs.

0
Login to vote
kimpton's picture

Please see

https://kb.altiris.com/article.asp?article=42783&p=1

The hotfix is the

altiris-adlagent-2.6-54.Darwin.zip

I am unsure if this will fix the problem because the only way i will find out is if i disconnect the connection from the server to the database... but i am not going to do that because it will cause mayhem with other systems.

Also i am unsure if this works for 10.5 and i cannot find any documentation about the new OS and if it is supported for the ADL client.

It is essential Symantec has a working ADL client for 10.5 because new Macintosh machines come with 10.5 and you cannot roll back to 10.4 because of the Firmware changes Apple have made.

0
Login to vote
Y Mac Guy's picture

The ADLAgent package seems to install fine, except that it never asks me for a server.  It just says "Installation Complete."  Any ideas?
And no, they don't show up in Console.

0
Login to vote
mabdelnabi's picture

Check kb.altiris.com Article ID: 45086.
That solved the problem for me. You may need to restart after adjusting the configs.

0
Login to vote
CAG's picture

Thanks for this....I use DS 6.9 and manage about 4000 PCs and now have a handfull of these dang Macs I am attempting to get into the DS.  I can install Darwin just fine, and the macs show up active in the DS and all, but now what?  I mean  I have several .pkg files that i need to deply to the macs, but how on earth to I turn these into Altiris jobs?  On a windows machines .pkg files show up as folders so I can't even select it in the distribute software dialogue box in the DS.  Can someone point to any documentation on this or post some advice?  Thanks.

0
Login to vote
telegon's picture

For those of you who may be using Mac OSX 10.6 - The NetInfo Manager has been replaced by the Directory Utility tool,  which can be found under (HardDriveName)\System\Library\CoreServices\DirectoryUtility.

Once you launch the tool, go to Edit, Enable Root User.

Hope that helps!

 

Jim

+1
Login to vote
dfnkt_'s picture

Yes, thanks Jim.

0
Login to vote
BARishel's picture

In the document above there is a link to a PDF file with instructions for how to install the agents.  The link is broken as it takes you to the Altiris product family page instead of loading up the PDF.

 

If anyone has this PDF, I would be greatful if they could email it to Bryan.Rishel@Flagstar.com

 

Thank you very much,

 

Bryan Rishel

Flagstar Bank

0
Login to vote
joe.zeles's picture

Are you just looking for information on how to install both of these products?  Or are you specifically looking for this PDF?

Joe Zeles - Sr. Systems Engineer

Intuitive Technology Group - Symantec Platinum Partner

0
Login to vote
BARishel's picture

Joe.Zeles,

 

I'm looking for both.

 

Bryan Rishel

0
Login to vote
joe.zeles's picture

To install the ADLAgent, you need to download it from the Express share on the DS 6.9 server.  Its stored under agents/adlagent/.  Make sure you grab the most recent build.  It comes as a standard pkg file.  You can simply double click on it on each machine.  During the installation you need to enter in the IP address of both the DS server as well as the Xserve (not needed if you aren't using it for imaging).  If you are trying to do this on a mass scale, you can use an app like ARD to roll out the pkg file.  Once the package is installed you just need to replace the adlagent.conf (/opt/altiris/deployment/adlagent/conf/) with one that contains the IP addresses.  Does that make sense?

Installing the 7.1 agent is a bit more tricky.  You will first need to access the bootstrap file from your NS and run the commands specified on the page below: (http://servername/Altiris/UnixAgent/AltirisUnixAge...).  

It is possible to create a pkg file for the 7.1 agent if you are familiar with using Apple's Package Maker.  Please let me know what additional questions you may have.  Unfortunately I do not have that PDF file.

Joe Zeles - Sr. Systems Engineer

Intuitive Technology Group - Symantec Platinum Partner

0
Login to vote
jellsworth's picture

It's a shame that pulling the agent to Mac's would be so tedious. With the PC I can just VNC into the machine, pull from the site, and bam it's done. No bootstraps needed. Any reason why the Macs require a bootstrap file to pull the agent?

0
Login to vote