Mac Admin

Installing the Jamf Software Server (JSS) onto Windows Server – Crib Sheet

Hey all. As mentioned previously, I recently had a requirement to install a Jamf Software Server onto a Windows Server on-premise. In case you didn’t notice, I’m a big fan of crib sheets and checklists to ensure that, in the heat of the moment, I’m not missing steps unknowingly.

This post is part-update, part-new version of my almost 2 year old Amsys post “Jamf Pro Server / Casper JSS Windows Upgrade Crib Sheet“. It’ll also pull from a few Jamf KB articles that are linked at the end.

It’s designed to act as a starting point for your own crib sheet / checklist for a fresh JSS install, as well as a possible basis for an upgrade crib sheet. It won’t go into all the customisations and options you may require for your environment so make sure to test everything and adapt as required. This also assumes you’ll be running the JSS on port 8443 and MySQL and Tomcat on the same server.

PLEASE NOTE: Before you touch anything, and at various points throughout, TAKE BACKUPS. I’m serious, they’ll get you out of trouble more times then you want and you’ll be glad each time.

Dates and Versions

In order to ensure this ages as gracefully as possible, I’m including dates and versions of the items used to build this guide. Please always check the KBs and your own notes in case of any changes required.

  • Date drafted: 2019-08-18
  • JSS Version: 10.14.0
  • Java Version: 11.0.4.11.1
  • MySQL Version: 8.0.17

The Guide

Without further ado, lets get cracking

Installing Java and MySQL

1) Download the Windows .msi for Corretto Java from here

2) Run through the standard installer for Corretto Java

3) Download the MySQL Community Server 64-bit MSI installer for Microsoft Windows from here

4) Launch the installer and pick “Server Only” for setup type and click Next

5) The installer will check the environment before continuing. If the ‘Microsoft Visual C++ Redistributable’ needs to be installed, it’ll let you know. If so, click ‘Execute’ to install it. Click Next

6) Click Execute to start the install

7) Once complete, you’ll be taken through the initial configuration options

8) Select the “Standalone MySQL Server” option and click Next

9) Select “Server Computer” and click Next

10) Select the “Use Legacy Authentication Method (Retain MySQL 5.x Compatibility)” and click Next

11) Set a password for the MySQL root account and click Next. Ensure it’s a long and complex password and is recorded somewhere safe.

12) These should be set by default, but ensure the options for “Configure MySQL Server as a Windows Service”, “Start the MySQL Server at System Startup” and “Standard System Account” are enabled. Click Next.

13) Click “Execute” to apply the configuration

14) Click “Finish” to complete the install and close the installer.

Configuring MySQL

1) Stop the MySQL server (either via the command line, or via the “Services” Windows application).

2) Make a backup of the MySQL configuration file (normally found at C:\ProgramData\MySQL Server 8.x\my.ini )

3) Open this file in your preferred code editor (don’t forget about possible issues with Notepad, as discussed here!)

4) Find the line [mysqld]

5) Add the following on a new line below this:

default-authentication-plugin=mysql_native_password

6) Find the setting for innodb_buffer_pool_size

7) Edit this to a value appropriate for your server. The Jamf KB discusses this in detail but an example I’ve used initially is:

12GB Total Server RAM = 6GB for the Tomcat service, 2GB for the host OS, and so 4GB for the innodb_buffer_pool_size

8) Find the setting for innodb_file_per_table and set this to 1

9) Save the file and restart MySQL

Create the MySQL Database

1) Launch the “MySQL Command Line Client”

2) Enter the MySQL root password we set above

3) Run the below command to create the Jamf Pro database, swapping out [MyGreatDatabase] for the database name of your choosing.

CREATE DATABASE [MyGreatDatabase];

4) Run the below command to create the JSS database user, swapping out [MyDatabaseUser] for a username of your choosing, and [MyDatabaseUserPassword] for a long and complex password for this user. Ensure it’s recorded somewhere safe.

CREATE USER '[MyDatabaseUser]'@'localhost' IDENTIFIED WITH mysql_native_password BY '[MyDatabaseUserPassword]';

5) Grant this user access to the database, swapping in the values as before:

 GRANT ALL ON [MyGreatDatabase].* TO '[MyDatabaseUser]'@'localhost';

6) Exit the application

exit

Jamf Pro Software Server Installation

1) Run the downloaded Jamf Pro Server installer .msi as the Local Administrator User (not a network user with local administration rights). Ensure to run a ‘complete’ install

2) Once complete, stop the Tomcat service (either via the command line, or via the “Services” Windows application).

3) Find the Jamf DataBase.xml file (normally in C:\Program Files\JSS\Tomcat\webapps\ROOT\WEB-INF\xml\DataBase.xml)

4) Take a backup of this file and open it in your code editor of choice

5) Edit the DataBaseName, DataBaseUser and DataBasePassword with the values set when you created the MySQL Database

6) Save and close the file

7) Start the Tomcat service, and ensure the webpage loads as required.

8) Launch the Jamf Pro Server Tools from C:\Program Files\JSS\bin\server-tools-gui.jar

9) Go to “Tomcat Settings” and find the “Tomcat maximum memory” field

10) Set this appropriately for your server (see “Configuring MySQL” – step 7 above)

11) Restart the Tomcat service.

Configure Database Backups

1) Launch the Jamf Pro Server Tools from C:\Program Files\JSS\bin\server-tools-gui.jar

2) Go to “Scheduled Backups”

3) Configure this as required

Links

Summary

This post covers a template crib sheet / check list for a new Jamf Pro Server installation on Microsoft Windows Server. As always, if you have any questions, queries or comments, let me know below (or @daz_wallace on Mac Admins Slack) and I’ll try to respond to and delve into as many as I can.

Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s