ARD Host issues
 

Hi, this is my first formal thread on this site. I will say I've gotten a lot of useful knowledge here, so hopefully the gurus can help me out a bit.

I work at a school, and I'm responsible for managing about 500 MacBooks, a number of G5s and Mac Pros, and a couple iMacs. I use Apple Remote Desktop 3.2.2 to do most of my work across the network when possible. I am running 10.5.7, all the other machines are running 10.5.6.

The problem - in the main ARD window, I have all my clients set to display the computer name, ethernet id, ip address, and current app. I have preimaged all these machines with my admin account so I can tap into any machine from our network. The actual problem is that recently, machines have started to display ethernet ids of 00:00:00:00:00:00, which means, of course, that I cannot access them. They all have IPs, are all active on the network, they all can access other computers through File Sharing, can all access the internet; the problem is I cannot access them from my machine, or any other machine running ARD.

I have tried reinstalling the OS on my machine, I have used other machines with ARD, also using 3.2.1, and the problem still exists. Some computers always display this invalid ethernet address. I have tried resetting the ethernet ID / Mac Address through terminal with one of the tricks I found here, but that didn't fix the problem either.

To throw a wrench in the situation, I thought it might just be a bad NIC in the MacBooks. But as we cycle through various machines, I noticed that some machines that previously worked fine (ie I could access them no problem, all displayed the appropriate mac address), have recently developed this problem too. This is occurring with MacBooks, and is also starting to happen with our iMacs. Any ideas?

So, either no one uses ARD or no one has come across this issue?

I would first look for a problem in your networking hardware--maybe your router or switches? What happens when you move a problematic machine to a different switch, for example?

Trevor

That sounds like a problem I had once with a wacky cisco AP. When leases would come up, the clients would get a new lease of the same IP but then it told the router the MAC was all 0's or all F's. In the end we wound up changing all the AP's one one floor, 2 switches, and the router.

Hmm. Yeah I could check that. We are using a Cisco router, however we have a dedicated Airport set up as the DHCP server. I work between two separate campuses as well, although each campus is set up identically, and the problems exist on both campuses sporadically. The problem exists primarily over wireless networks. I have cycled the power on all of our Airports (5 total at each, 1 DHCP server, the others set to Bridge mode to provide access throughout the entire campus).

It also seems that once this happens on a machine, it will continue being a problem regardless of which physical network they are part of as well. Weird.

A few questions...

1) Did the same MAC address get cloned from image to image on the machines? Do you run any network software that might 'hash' the MAC address during install?

2) If they are Macbooks would you not be managing over wireless?

The current version of ARD admin is bugged and I have signed a few NDAs regarding the newer versions, so I can't discuss it.

I haven't seen a duped MAC address problem in ARD admin...

When I first get the computers, I used ASR to image them. I have a G5 server dedicated to just this process. I netboot all the MacBooks to my server, and ASR multicast them to complete. After that process I log all of their information, IE Mac Address, Serial Numbers, Names. I do have the valid Mac Addresses for all of these machines from when I initially run this process, and they are all the correct, unique addresses for each machine.
As far as I know, I'm not running any network software that may change any of this, however, they are the student's personal machines after I image them, so they may be doing something on their own at home to cause this. That's what I first thought, until it started happening more often.
Not quite sure about your second question, maybe I'm not reading it correctly. Due to the physical size of our campus it is not in our financial best interest to run wired ethernet to every single room on campus. Also, most student's decide to run wireless anyway due to it's simplicity. I monitor the network wirelessly because they choose to run their machines wirelessly, although I am usually plugged in directly to the server. From time to time I need to copy files to an individual's machine, and this is where the problem is the most, well, problematic. I do have workarounds, but I would prefer to figure out this problem.
Especially since it happened to one of my main office iMacs, which is annoying as I try to VPN into it from home, but since it developed this issue I can no longer access it at all.

Are the student's admin users?

Yes. I preimage their machines with two accounts - one Admin account for myself, one for them for their 'class' account, and on their first day of class we walk them through creating their own admin user account. I have considered changing their accounts to managed, however, as they are their personal machines that they can take home with them, they need to have the ability to install software without me being there. Also, as they go through the program, they install various software in class, and it's just not feasible for me as a lonely IT guy to help 500 students install stuff every day.

Would the admin account be causing this problem then?

Well, they (the students) can google up endless amounts of hacks and management schemes an admin might do and they just might disable remote management all together, change a password, or perhaps disable the ARD client all together.

I work in a 1:1 in k12 education, and we have 6,000 macbooks. I assure you it is no easy task and I work my butt off, but all of my users take their machines home and they are managed.

If you have any questions shoot, I got a slow day today because I left my test machine at home this morning I was going to roll out the new image on.

Awesome, I appreciate your advice tlarkin. You always have very informative posts.

I work at a school that has a 1:1 initiative as well, however we are a trade school, and the laptops are the very lifeblood of their school experience.

I agree, many students have figured a way to disable ARD, and I spent a lot of time learning how to re-enable it. That's fun for my down times. However, I have a lot of personal interaction with the students, and I know that some of these users do not have the academic prowess, nor desire, to disable this, let alone know what it is in the first place.
I have verified that all the accounts are correct, and the proper settings and passwords are correct.

I guess it's just a bit of a mystery now until I can get some more hands on time figuring this one out. Usually I can overcome most obstacles I find, this one just perplexes me.

I would love to know how to actually make this happen though, considering how hard it is to permanently spoof MAC Addys in 10.5.

Well for starters how about writing a small shell script and have it run as root via launchd at start up to ensure if ARD is turned on?

That way every time they reboot ARD is enabled, and you can even keep it alive so it will re-enable it if they turn it off. However, with them being admin users they can definitely turn them off.

I also work with a lot of the students directly as part of my job description is end user support, and I can tell you, once one of them finds an exploit all of them know with in a day.

We had one kid figure out a password and it spread like wild fire.

That's a good idea. There is already a script called Kickstart that comes preinstalled, just need to log in over SSH to activate it. But changing that around to run on startup is a great idea. I did also work with an AppleScript that would change the settings in System Preferences upon insertion of a flash drive, which is a great way to do it if you have direct access to a student's machine.

But yeah, word does spread like wildfire. As soon as one person learned how to turn off the ARD settings, half the campus had it disabled the next day.

I have students with tape over their built in cameras and ones that turn their airport card OFF while in school. They know that I push out updates and policies over the network so some of them keep them turned off while in school. The level of paranoia just cracks me up!

I also have large TV displays in the principals rooms that run ARD Admin through a mac mini and they can scroll through student's desktops so they are monitored. After all, with things like CIPA and the FCC forcing us to have strong Internet filtering we do need to audit it.

I have another script that forces on the airport card which will go into next years image.

I guess the good thing is, they are really making me get creative with my client management. I mean it is almost like a challenge, they find away around something I patch it, wash, rinse, repeat.:eek:

I have kick start script I used on my site, here:

http://tlarkin.com/tech/kick-start-a...ote-management

My site needs work and there are some database errors on some pages, but just ignore that!

That's a cool script. Nice work.

I was working on a new batch of machines yesterday, and everything was going fine through ARD. I threw them into a new list, authorized them, and everything was good. Then I came back today, booted them all up, and through the Scanner in the main window of ARD, they are all unresponsive.

http://i118.photobucket.com/albums/o...33/Scanner.jpg

However, when I jump back to my premade list from yesterday, they all show up fine. I guess this must be some sort of glitch in ARD...

http://i118.photobucket.com/albums/o...pt333/List.jpg

Instead of using bonjour to scan, actually set the network range of the VLANs they are on and see if that makes any difference. I think if the user turns off bonjour and it tries to scan for it, it could maybe cause issues? That is just a guess.

Yeah, I toggle back and forth between Bonjour and Local Network. Sometimes that will reset / rescan and get rid of the problem. I relaunched ARD on my machine, and my clones came back online, but there are still some problem student machines that have been on the network today that still display this problem =(

I had an issue similar to this. I can't verify that MAC address thing, since all that I am concerned with are computer names and currently logged in users.

I had a couple people in the office at one of my buildings where I simply could NOT get ARD to work. I got to the point to where I set them up on a basic 5 port switch with static IPs but ARD just wouldn't go for me. I could see a device on ARD, but it would only show up black.

After being completely baffled I went on Apple's website and download the ARD client. You can get it from here:

http://www.apple.com/downloads/macos...322client.html

It turns out that the issue was with my disk image and not a faulty switch or anything like that. I have no idea how it broke, but it just did. After re-installing (and re-creating my image), everything went smooth. Hopefully you have something simple as well.

And to throw in a small note about a previous post here, I have seen several staff put tape over their iMacs and MacBooks like I really care to watch someone go about their daily work. If I really wanted to drive the staff into paranoia I'd use Quartz Composer to activate their webcams and use it as a screen saver -- I sense an April Fool's Day joke in the making.

BTW tlarkin, do you just use an ARD / ARD Task Server to push out your updates or do you use something more sophisticated like Radmind? I've been looking into Radmind, but I haven't had much time to work on implementing something yet.

I am blessed with the Casper Suite from jamf software.

www.jamfsoftware.com

It does everything for me.

I've heard nothing but good things about Casper and might need to talk about it to the person holding the money. Wish me luck. :rolleyes:

Worth every penny, I am on the mailing list so maybe talk to you soon!

So, I was messing around with this more today. I ran across the exact same problem twice in two days, so I figured there must be a reason. I notice that when I image my machines, they would all initially show up with no problem. I image them over Ethernet, connected through a switch to my server. Then, after they are imaged, I zap the PRAM, let them boot, and go into my admin account on each machine to name them.

I noticed that once I'm logged in to each machine, they are connected to my wireless network by default. This apparently is what is causing the problem. They are still connected to my server through Ethernet, but they connect to my AirPort wirelessly, and the Network System Preferences is set to give AP the highest priority.

I switched the priority to Ethernet over AP, and the problem went away, at least on my server side, and allowed me to correctly pull reports off all the machines.

Now, if I try to connect to those machines with my MacBook, also running ARD, on the wireless connection, they all show up with no valid MAC Address. So, what I can figure, is that the MAC Address must be spit out using Bonjour, and (I can't confirm this) Bonjour must only broadcast MAC Addresses to the primary network interface. So if a machine is connected to a network in two different, or two different networks, only the primary network connection will display the MAC Address.

Does this sound about right?

Bonjour by default will not broadcast via WAN, only on the same LAN. Not sure about the rest of what you are seeing. You may want to keep the airport card disabled until you are done with post config to test this out?

Both networks are what I would consider to be on my LAN, just different access points. But yeah, for my next image, I'm going to set the ethernet to be my default setting to avoid this. At least that will be my temporary fix, although it's just a workaround for this problem, not a solution :(