- Zuludesk Macos Not Installing Apps Windows 10
- Zuludesk Macos Not Installing Apps Mac
- Zuludesk Macos Not Installing Apps Android
To configure the app to install automatically, go to Organization Settings Apps & Documents and select Enable automatic installation for new groups in the scope of an application or document. The installation status of an app can be pending for several reasons: The device has not checked in yet. The device is locked with a passcode. At this moment, I don’t have any additional information to share outside the public press release but I’m sure this acquisition and combined forces will bring an exciting new future for the world of macOS and iOS management! For now I just wanted to help spreading this awesome news! Stay tuned for more. Exciting times ahead!
Created On 01/10/19 18:28 PM - Last Updated 12/14/19 01:23 AM
Zuludesk Macos Not Installing Apps Windows 10
Symptom
Constrains:
Most of the existing macOS deployment solutions on the market only allow the deployment of single package files (*.pkg) or single metapackages (*.mpkg) files.
A few examples of macOS deployment solutions that suffer from these limitations:
- Microsoft InTune
- AirWatch
- Apple Remote Desktop
- DeployStudio
- MunkiTools
- ZuluDesk
- There might be others
Note: JAMF doesn't suffer from this limitation and it works well due to the composer module which is a built in package builder.
Symptoms and end results:
Upon deployment of Traps packages on the macOS environment, endpoints cannot communicate with the ESM/TMS. As such they cannot retrieve the environment policy and only locally based protection modules will work depending on the default (base) policies that come with the installation package itself.
Zuludesk Macos Not Installing Apps Mac
EnvironmentSupported Traps for macOS versions:
- 4.x
- 5.x
Supported macOS versions as per Traps compatibility matrix:
- https://docs.paloaltonetworks.com/compatibility-matrix/traps/where-can-i-install-the-traps-agent
Zuludesk Macos Not Installing Apps Android
Cause1. Traps for macOS 4.x installation package is divided into:
- 'Traps.pkg' - the actual installation package
- 'Servers.xml' - config file containing the ESM core servers addresses
- 'Traps Uninstaller.app' - application to uninstall Traps from the system (not relevant on this context)
On Traps 4.x, the server XML file is not mandatory. Using cytool CLI command ('esm connect' command, server address and port arguments) you can specify the ESM server to connect to. This still requires an additional step, and therefore an additional deployment action must be sent to the entire environment, which is not ideal.
2. Traps for macOS 5.x installation package is divided into:
- 'Traps.pkg' - the actual installation package
- 'Config.xml' - config file containing the package's distribution ID and the PANW's distribution URI
- 'Traps Uninstaller.app' - application to uninstall Traps from the system (not relevant on this context)
On Traps 5.x, the config XML file is required since it holds the distribution ID. The distribution ID is vital for the agent to successfully register and establish a connection with the TMS since it is with this ID that the 'distributions.traps.paloaltonetworks.com' will match the correct installation package and map it to the specific TMS. As a response the endpoint will receive the TMS tenant URI and start the registration request process with the given TMS instance.
Resolution
Possible solutions:
1. We are aware that in terms of package deployment these applications only support packages (*.pkg) and metapackages (*.mpkg)There is a constraint here, but we can be work around that taking advantage of how packages work on macOS system (see additional information section for package definition)
2. We are also aware that some applications, such as Apple Remote Desktop for instance (there may be others), also have the capabilities of copying files and running UNIX commands targeting multiple machines, which can also be leveraged to workaround the problem
- Both packages and metapackages support containing multiple embedded packages inside the main package
- This allows us to create a new package, that will contain both 'Traps.pkg' and 'Servers.xml'/'Config.xml' inside a single container
- Deployment of the package to your entire macOS environment on a simple package is possible in this way
- Several package creation applications for macOS are available that will facilitate this process.
- 'Iceberg' application was chosen for this reference documentation, as it's free (and with BSD license)
- Other applications can be used as PackageMaker or any other at your disposal
1.1. Create new package:
- Install Iceberg and open the application
- Create new project
- Select Darwin package
- Give name to the project
- NOTE: project name (which later will be the package name) cannot have spaces in it. Packages with empty spaces do not work and will fail, as you can see on the screenshot attached ('PackageNameBroken.png').
- Select Scripts tab
- Check postflight script, choose the selected script file as per 1.2 below
- Add 'Traps.pkg' and 'Config.xml' to additional resources
- You can edit the others tab if wanted, although not required
- Build
- Package is ready on the project folder
- You can upload the package to the macOS deployment applications
1.2. Script file:
- Script will just point to the package to install, the sub-package embedded inside the main package, 'Traps.pkg'
- No file extension
- TextEdit.app cannot be used to create or edit the file
- File content:
'#! /bin/sh
sudo installer -dumplog -verbose -pkg $1/Contents/Resources/Traps.pkg -target /'
- Open terminal
- Run command 'vi postflight'
- Editor opens with new created file
- Press G (uppercase G)
- Press A (uppercase A)
- Paste file content
- Press escape
- Type ':wq' (write and quit)
- Script is created
- Run command 'sudo chmod 777 postflight' and enter password
- This will give the file run permissions
2.1. Apple Remote Desktop copy + UNIX features:
- Copy 'Traps.pkg' and 'Config.xml' and script to a location on all needed endpoints
- Should be possible to place them on a folder and copy the folder with the 3 files
- Run the UNIX Command to all needed endpoints
- Command is 'sudo ./postflight'
2.2. Script file:
- Script will install 'Traps.pkg'
- No file extension
- TextEdit.app cannot be used to create or edit the file
- File content:
'#! /bin/sh
sudo installer -dumplog -verbose -pkg ./Traps.pkg -target /'
- Open terminal
- Run command 'vi postflight'
- Editor opens with new created file
- Press G (uppercase G)
- Press A (uppercase A)
- Paste file content
- Press escape
- Type ':wq' (write and quit)
- Script is created
- Run command 'sudo chmod 777 postflight' and enter password
- This will give the file run permissions
Scripts:
Scripts for case 1 and 2 are attached for reference, file named 'Scripts.zip'. please feel free to modify or create yours if needed.
Video:
A video recording of the full tutorial following the instructions exactly as detailed above is attached to this article, file named 'TrapsMacOsPackagingIceberg.mp4'. This might help to clarify any doubts or follow the procedure more closely.
Additional Information
Note:
Please note that Palo Alto Networks does not enforce any specific software distribution tool, and it's each customer's decision to opt for the best tool for their environment. We provide the installation package and the config XML file, and with this data you can do everything that is needed to install Traps.
Palo Alto Networks engineers are not expected or required to hold knowledge on how every software distribution tool works, since we don't support any 3rd party products. That said, each customer should be responsible for the decisions in terms of the deployment solutions and related implementations.
Package Definition:
Package is a file system directory abstraction. We can also define it as a container that encapsulates all the daemons, kexts (short for kernel extension, aka kernel drivers in Windows), config files, launching agents and daemons, any direct dependencies (libraries) and possible needed scripts for pre or post installation.
- Additional information on macOS packages @ https://en.wikipedia.org/wiki/Package_(macOS)
- Additional information on encapsulation @ https://en.wikipedia.org/wiki/Encapsulation_(computer_programming)
As a learning experience:
- Grab any macOS package file (*.pkg)
- Rename it to *.zip
- Extract it to some location/folder
- You will probably see a single extracted file named 'Payload~' or 'Payload'. Maybe not, and you will see another package files (*.pkg) and config files (*.xml), etc - which is the exact kind of package embedding we did to resolve this initial problem described on this KB. It that is the case, start the procedure again on new packages.
- Once again rename 'Payload~' to 'Payload.zip' and extract it again
- You will probably see now the files mentioned above that are the content of the application. You might also see directly the application (*.app)
- On some cases you might have to repeat the renaming and extraction process 1 or 2 more times depending on the level of the encapsulation donr
About Iceberg:
(extracted from their official website @ http://s.sudre.free.fr/Software/Iceberg.html)
Iceberg is an Integrated Packaging Environment (IPE) that allows you to create packages or metapackages conforming to the Mac OS X specifications.
With Iceberg, you can quickly create your installation packages using a graphic user interface similar to your favorite development tools.
Iceberg can also be useful for Administrators who want to gather in a metapackage numerous packages for remote distribution via Apple Remote Desktop.
- Additional information on Iceberg @ http://s.sudre.free.fr/Software/documentation/Iceberg/English.lproj/documentation/index.html
- Screenshots of all the application's views @ http://s.sudre.free.fr/Software/Iceberg.html
Author & Date:
Pedro Oliveira
10th January 2019
Attachments