getting Netinstall/netrestore to work

[Sgtarky]

Ok, a little background I have been using macs for about 6 years. I have extensive experience with windows and some linux(early days). Our company has decided to get a few macs (4 mbpro 1 mac mini) I am the only IT person that has any interest in supporting it. The mac mini is setup on the domain, has server installed on it. I did setup netinstall, however my mbpro will not pick it up. Windows provides DHCP so dhcp is off on the mini. I worked with apple a bit and we tried just connecting the ethernet cable directly to mini with dhcp on. The mini did provide an ip address but still did not find netinstall.
I was able to make a netrestore using 2 mbpros, i then took that image and put it on the server and it does show it is offering it. I JUST CANNOT get my clients to see them!

 

[Sgtarky]

I might have figured something out. I have am using a belkin dock, I noticed there is no net activity when it is attempting to netboot. The bootp log is silent until the os boots.

 

[TriBruin]

Try booting in to Recovery Mode and then open Startup Disk from the Apple menu. Check and see if the NetRestore can be seen in Startup disk. if so, try selecting the NetRestore as the boot option.

If not, double check your settings in Server on your MacMini. Make sure NetBoot is turned on, you can see the NBI in the server console and it is active.

 

[hobowankenobi]

Also....in some enterprise networks, firewall or routing can block bootp traffic.

Not that common, but have seen it, and it is a a thing at my employer. Luckily a good network crew that handles it....but the default security (perhaps subnetting?) rules do block netboot servers.

BTW, you might look at DeployStudio too. Pretty awesome imaging tool that is free.

Dunno your level of expertise, but hopefully you are aware that Macs are currently transitioning to a new file system: From HFS+ to APFS. While I expect it to be very positive overall moving forward...the transition period (from 10.13 through 10.14?) does make support, and imaging in particular, more tricky. Hold on though, it will get better.

1. The flip side: With a small number of Macs, you can do a less automated process. Maintaining a cloned image and re-imaging off of a TB/USB 3 external is not terrible...on a small scale. Up to about a a dozen or so machines, it is simple fast and reliable.

Easier than anything I have seen on the Win side; MacOS is so much more portable for loads of reasons, especially since there is no licensing issues.

2. Apple is actually moving away from imaging...so be aware that at some point (a year or 3 from now, depending on hardware age and OS options), imaging may NOT be a smart option, and certainly will not be the default supported method. DEP is here.

 

[Sgtarky]

Try booting in to Recovery Mode and then open Startup Disk from the Apple menu. Check and see if the NetRestore can be seen in Startup disk. if so, try selecting the NetRestore as the boot option.

If not, double check your settings in Server on your MacMini. Make sure NetBoot is turned on, you can see the NBI in the server console and it is active.

yes, I could see it in the start up disk, it never would boot from it. I did hook my 2012 MBP into and it did get to the netrestore
[doublepost=1531745770][/doublepost]

Also....in some enterprise networks, firewall or routing can block bootp traffic.

Not that common, but have seen it, and it is a a thing at my employer. Luckily a good network crew that handles it....but the default security (perhaps subnetting?) rules do block netboot servers.

BTW, you might look at DeployStudio too. Pretty awesome imaging tool that is free.

Dunno your level of expertise, but hopefully you are aware that Macs are currently transitioning to a new file system: From HFS+ to APFS. While I expect it to be very positive overall moving forward...the transition period (from 10.13 through 10.14?) does make support, and imaging in particular, more tricky. Hold on though, it will get better.

1. The flip side: With a small number of Macs, you can do a less automated process. Maintaining a cloned image and re-imaging off of a TB/USB 3 external is not terrible...on a small scale. Up to about a a dozen or so machines, it is simple fast and reliable.

Easier than anything I have seen on the Win side; MacOS is so much more portable for loads of reasons, especially since there is no licensing issues.

2. Apple is actually moving away from imaging...so be aware that at some point (a year or 3 from now, depending on hardware age and OS options), imaging may NOT be a smart option, and certainly will not be the default supported method. DEP is here.

I really cant get profile manager/dep figured out I would rather do it that way. I have profile manager set up on the mac mini and I can add crap to the dock, wish I could remove items. I would like to add our office 2011 with dep but we bought an actual disc. I know, we are getting an office 365 sub so we should be able to get a mac package. oh and we use fortinet, but I cant find fortinet client in the app store to add it.

 

[hobowankenobi]

You might consider Dock Master. I think it is much better than the native Apple tools. You simple create a dock profile (from any machine you have all the software installed on....as a master template generator) using the web page, and then download it. Once you have the profile, distribute it on your work stations.

There is an option for an install-able package, instead of a .mobillcoonfig file too.

Although the distribution and installing is needs to be managed, creating the right profile is easy and fast.

Longer learning curve, but more powerful...CLI too: dockutil .

Don't know fortinet. Looks interesting.

Profile manager is fiddly. No two ways about it. Hope it gets better....not holding my breath.

Best practice: Built lots of individual profiles, so you have easy, layers to test and troubleshoot. If each is dedicated to one or two settings/choices, easy to troubleshoot. When you have one profile with lots of settings in it and something breaks, a PITA to troubleshoot. Very similar to best practices for group policies: granular and modular...not single monolithic.