21 Mar LANDESK Startup Disk Stamper NetInstall Image Failing? I Bet I Know Why.
But, you’re going to have to wait for a minute because there’s value in knowing what the LANDESK Startup Disk Stamper does before we dive into why it may not be working for you. Let’s get to it.
If you want to provision a Mac using LANDESK Management Suite, then you need to create your own custom NetInstall image that contains specific information about your environment. If you’re new to Mac administration, a NetInstall image loads the Mac into a pre-boot environment. With a NetInstall image loaded, you can make configuration changes as well as deploy your system image–similar to what WinPE does for Microsoft Windows.
To create this custom NetInstall image for LANDESK Management Suite, you first need to build a generic NetInstall image with Apple’s System Disk Image Utility. Then, as Mike Stahulak, one of Ivanti’s macOS engineers calls it, you need to “LANDESKify” (or now “Ivantify”) the generic NetInstall image. You do this by using the LANDESK Startup Disk Stamper utility to inject your client certificates of trust and other pertinent information related to your core server.
In addition to LANDESKifying the Apple NetInstall image, the LANDESK Startup Disk Stamper significantly reduces the size of the image itself. That’s important because a non-customized NetInstall file for macOS Sierra is nearly 5 GBs in size! In other words, if used as is, you’ll be pushing 5 GB NetInstall file across the wire every time you want to image a machine. Keep in mind that NetInstall file is simply used to put the device into a pre-boot environment so you can deploy an actual image to the device. The image you deploy will likely be an additional 5 GBs of data, if not more, that will also need to be transfered.
LANDESK Management Suite knows exactly what it needs to image a device, so the stamper utility strips out the extra code baggage found in the generic NetInstall image. When the Stamper is finished, your NetInstall file will be roughly 500 MBs vs. 5 GBs in size. That’s a huge reduction which results in significantly faster load times for you.
Not bad, right?
So, if the Stamper is so awesome at building a significantly size-reduced, LANDESKified NetInstall image, why is it not working for you?
I’ll give you a hint–it is not Ivanti’s fault. The Stamper utility is not buggy. When supplied with the correct files and the correct information, the utility works perfectly.
The problem lies with us as the users of the tool. This post will give you the information you need to understand how the tool works as well as how to use it successfully. When you’re done reading, you should know exactly how to make that “Create” button light-up blue; allowing you to build your LANDESK NetInstall image and have it work for every supported hardware platform you have.
To create a LANDESKified NetInstall image, you’re going to need the following items:
- An Installer for macOS
- Make sure the installer has a build version that supports your latest Mac hardware (I explain why in the macOS Build Versions section below). https://support.apple.com/en-us/HT204319
- A Mac
- Ideally your Mac will be a virtual machine that you built specifically with your macOS installer to ensure the build numbers match, but it can be a physical box as well. The critical piece is ensuring the build numbers between your macOS installer and the OS installed on the Mac match. Again, I have more info about this below.
- An Ivanti (LANDESK) macOS Agent
- The Ivanti macOS Agent needs to be installed on your desired LANDESK Startup Disk Stamper machine. Watch this video to learn how to install an agent.
- The LANDESK Startup Disk Stamper Installer
- The installer, titled landeskNBIStamper.pkg, can be found in your core server’s LDMain\Install\mac folder.
- An Apple NetInstall Image
- If you’re not sure how to create one, see my previous blog post.
macOS Build Versions
Before we dive into the LANDESK Startup Disk Stamper utility and how to LANDESKify your NetInstall image, you need to understand that the NetInstall world (regardless of what tool you’re using) is built on top of the macOS build number and not the macOS version number.
Understanding this piece alone will not only save you your sanity, but also hours and hours in lost time.
So, why is the build number so important?
It’s important because Apple can release multiple build numbers within a single macOS version. That means it’s possible that macOS version 10.12.1 may support one hardware model but not another.
Here is a real-world example. The 15” MacBook Pro, launched in late 2016, released with macOS Sierra version 10.12.1 on build 16B2659. The 13” MacBook Pro, made available at the same time as the 15” MacBook, released on macOS Sierra version 10.12.1 build 16B2657. As can be seen, both MacBooks are on macOS version 10.12.1, but they have slightly different build numbers.
Therefore, if you were to build a NetInstall image from a macOS installer on 10.12.1, ignoring the build number, you might find it works with your 13” MacBooks but not with your 15” MacBooks. Those 15” machines would then cause you all kinds of grief whenever you attempted to do a NetInstall–black screens and universal “no symbols.”
That’s when your sanity starts to go and your frustrations mount.
In our example above, all the headache could be avoided simply by creating the NetInstall image with build 16B2659 that would have drivers for both pieces of hardware. So let me reiterate–the NetInstall world, and whether or not you succeed in it, is derived from the OS build number and not the macOS version number.
Now that we’ve established the importance of the build number, let’s talk about how to find the build number you need for your hardware.
For starters, take the following link and bookmark it: https://support.apple.com/en-us/HT204319. You’ll notice that link has all of Apple’s hardware with the corresponding build numbers for the hardware at time of release.
What you need to do is make note of the newest piece of hardware you support then find a macOS installer that has that build number (or a builder number greater than it) to generate your NetInstall image.
That’s the first issue you’ll run into with build numbers.
Now to further complicate things, the LANDESK Startup Disk Utility pulls files from two different sources – the generic Apple NetInstall image you create with your macOS Installer, as well as the Mac itself where the Stamper is installed. Both of these sources need to be on the same OS build number, otherwise you won’t be able to click the Create button on the stamper utility and will be stopped in your tracks.
Therefore, before you even begin installing the LANDESK Startup Disk Stamper, check the build version for the Mac you want to install it on. You can do this by clicking on the Apple in the menu bar at top, selecting “About This Mac,” and then clicking on the Version Information text. When you click on it, it’ll flip from showing just the macOS version to showing the macOS version and the build number.
Make note of that build number and validate it against https://support.apple.com/en-us/HT204319 to make sure it is going to support all of your hardware. You don’t want to build a NetInstall image that only works with a subset of your hardware unless you absolutely have to.
If your build number for your Mac passes the check, then you’ll need to compare the build number on your Mac with the build number for the macOS installer you’ve downloaded from the Mac App Store. You do this by opening Terminal and running the following command, changing the macOS name and path to match your downloaded installer as needed:
cat "/Applications/Install macOS Sierra.app/Contents/Info.plist" | grep -A 1 DTSDKBuild
You’ll see the build number for your installer between the XML <string> tag. If the build numbers match between your installer and your Mac, you’re all set. If they do not match, you need to track down an installer that matches your Mac’s build number.
Now, finding an installer to match your Mac can be a lot easier said than done. If you’re on Apple’s cutting edge hardware release, you may not be able to download the slightly updated build from the Mac App Store. In this case, you can attempt to build your NetInstall disk with an older installer and hope it works with your newer hardware. However, you may find that you must wait for the next official dot version release from Apple to build your NetInstall image.
Build Your Mac and Install the LANDESK Startup Disk Stamper
So let’s put this all together. As I mentioned above, the ideal situation when building a new LANDESK NetInstall image is to use a virtual machine. Personally, each time I generate a new LANDESK NetInstall image, I create a new virtual machine using the macOS installer I downloaded from the Mac App Store. Doing this ensures my build numbers will match up between the OS and the Apple NetInstall image. You can use a physical machine to do this as well, I just find it easier to stand up a VM rather than rebuild a physical machine.
Regardless of whether you use a virtual machine or a physical machine, install the OS and patch it.
Next, install the LANDESK agent on it.
Finally, copy the installer “landeskNBIStamper.pkg” found in \\yourcoreservername\ldmain\Install\mac locally to your Mac and then double click on the pkg file and walk through the installer.
Create an Apple NetInstall Image
I cover the details of building a NetInstall image in my previous blog. Therefore, if you want an understanding of why you’re doing each step below, see that post.
To create an Apple NetInstall image, complete the following steps on the Mac you just built.
- Copy the macOS Installer you used to build your Mac to the Applications folder. Apple’s System Image Utility requires the installer to be located in that folder.
- Launch System Image Utility by using Spotlight or browsing to /System/Library/Core Services/Applications.
- Select, from the Source menu, your macOS installer and click Next.
- Choose NetInstall Image from the Network Disk Image Type window, select Next and agree to the licensing agreement. Do not select NetBoot Image.
- Press Next, leaving the defaults as they are, for the next 4 panels, ending with Automation Settings.
- Assign a file name and description as desired on the Image Settings panel. You can choose to leave the index number random or set one manually. All you need to ensure is that the number chosen does not match with any other NetInstall image file.
- Leave the Supported Computer Models checked and hit Next.
- Press Next, ignoring any filtering.
- Provide an image file save name and location. I generally save my image to the desktop. When prompted, provide an admin username and password.
Launch the LANDESK Startup Disk Stamper
OK, we’re now ready to start the LANDESK NetInstall build process. Browse to your Applications folder, launch the LANDESK Startup Disk Stamper and provide your administrative credentials.
Configure the NBI Source
The first section within this tool is the NBI Source section. Since both a NetInstall and NetBoot image generated with Apple’s System Disk Utility create an NBI file, the NBI file being requested here is that NetInstall image you created previously. All you need to do is hit the Choose button and point to the NBI file.
If after selecting your NBI source you see the text “No” after the “Meets OS Version Requirements,” with the additional text of “the NBI OS version is different than the agent OS version,” then you’re in trouble. Go back and review the previous section titled macOS Build Versions.
If you see a nice “Yes,” then proceed to the next section.
Tweak the Agent Source Section
The Agent Source Section is mainly an information panel. It will detect to see if the LANDESK agent is installed as well as supply the OS build version so you can compare it with the NetInstall version.
If you desire, you can select to change the background image used during the provisioning process. Do this by clicking on the Choose button on the Desktop Image Source line and selecting your desired image. For best results, upload an image file with a resolution of 1024×768.
Finalize the Destination Section
The Destination section has several options that need to be set. If you intend for your NetInstall image to be used over the network, select the radio button “NetBoot Image.” If you want to build a USB removable drive, to be used only when physically present at your image machine, select the “Removable Drive” option.
Once your destination type is set, you need to supply a name and location for the NetInstall image. Point to either a local disk location or to a USB stick and enter your desired file name.
Your index number can be any four-digit number you desire if you chose to build on a removable drive. If you selected a “NetBoot Image,” assuming you do not have any other active NetInstall images on the subnet or network, it too does not matter what index number you choose. However, if you’ll have more than one NetInstall image in use, then it does matter which number you select and you need to make sure the four-digit number you supply is different from any of those in use.
Lastly, provide a description if you want.
With everything now properly configured, the Create button should be blue and you should be able to press it, provide admin credentials once again, and build your LANDESKified NetInstall image. The process should take anywhere from about 5 minutes on an SSD drive to much longer on a spin disk.
You now have, either on your removable drive or copied to the hard drive, a LANDESKified NetInstall image ready for use. You should be proud of yourself! Go ahead and give yourself a pat on the back.
Create Button is Greyed Out
If the Create button is greyed out, either you’ve failed to provide the NBI source, the LANDESK agent isn’t installed, the destination location path has not been provided, or your build versions don’t match. Everything but the build version match should be easy to quickly remediate, so double check to see if you supplied all the needed information.
If you’re in a situation where your build number between your Mac and your Apple NetInstall NBI source is slightly off and you still want to test building your NetInstall image with a build discrepancy, you can simultaneously press the ‘control’ key and the ‘option’ keys to override the stamper’s build version check. Doing so will allow you to build your NetInstall image, but know that you will be left with an unsupported NetInstall file.
Assuming all went well, not only do you now have a working LANDESKified NetInstall image ready to be used for macOS provisioning, but also an understanding of just how critical the macOS build number is to the NetInstall process so you can continue being successful in the future.
Remember, creating a NetInstall image is not a one-and-done process. With each new Apple hardware model you support, you’ll likely need to build a new NetInstall image, so keep your notes handy.
Stay tuned for my next blog post where I’ll cover how to configure the LANDESK core server as well as update the PXE representative(s) to support the NetInstall image you just built.