ERROR: Could not retrieve managed install primary manifest

458 views
Skip to first unread message

Mitch Perry

unread,
Mar 8, 2021, 8:35:30 PM3/8/21
to munki-discuss
Hi guys, 

For the past few days I have been stuck with this error and it's doing my head in. Everything else with Munki works great. 

"ERROR: Could not retrieve managed install primary manifest"

So I have built Munki and used it on various OSX machines. I have tested this on Mojave and Catalina and it works perfect I wrote myself a set of instructions for creating a fresh image on an OSX setup with all the correct Munki settings etc and I am just following them.

However the moment I have followed my exact setup on a Big Sur OSX I always get that error. I have tried on an Intel Macbook with Big Sur and also now the new M1 Macbook and they are both the same. It's like it won't pull the info from my mac server. I can ping the mac server perfectly as well. like I said all the other images I have are pulling packages fine from the server as well.

I have googled endless info tried various things, installed all sorts of version of Munki tools and I am still not getting anywhere :( 

In the "SoftwareRepoURL" part in terminal I have tried using my http address to my Mac Server which is what I have used in the past. I have tried IP, different ways to access it and I am getting nowhere. 

Does anyone have any idea where I should go from now. Thank you

Gregory Neagle

unread,
Mar 8, 2021, 8:38:29 PM3/8/21
to 'Gregory Neagle' via munki-discuss
You should start with the troubleshooting tips here: https://github.com/munki/munki/wiki/Troubleshooting

Specifically, running `sudo /usr/local/munki/managedsoftwareupdate -vvv` on a machine with this issue will provide you a lot more info.

-Greg

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/365bca8f-fe15-41a3-962f-91168d616e21n%40googlegroups.com.

Alan

unread,
Mar 8, 2021, 8:40:08 PM3/8/21
to munki-...@googlegroups.com

Usually getting some -vvv output helps to see exactly why Munki is unable to retrieve the primary manifest. That error message alone (out of context) doesn't give much of a clue. Could be the manifest doesn't exist (are you using a ClientIdentifier?), could be the permissions are wrong for that manifest on the server, or could be a failed network connection. Hard to tell based on only the information you've given.

--

Mitch Perry

unread,
Mar 8, 2021, 8:52:20 PM3/8/21
to munki-discuss

Thanks for the quick reply guys now I have ran this managedsoftwareupdate -vvv on both Big Sur versions of Intel and M1 and it's always the same, I have formatted the hard drives started again various times and I always come back to this same part here with the same info. 


I have blanked out parts of the log just with my personal local stuff. 

I know the MYSERVER address part is 100% correct too I just don't know what could of possibly changed in this software compared to the last in order for it to not connect to my Mac Server. Anyone else had similar issues?


-------------------------------------------------------------------------------------------------------------------------------------

USERACCOUNT@AP############ ~ % sudo managedsoftwareupdate -vvv

Password:

Managed Software Update Tool

Copyright 2010-2021 The Munki Project

https://github.com/munki/munki

 

Starting...

    No CA cert info provided, so nothing to add to System keychain.

    No client cert info provided, so no client keychain will be created.

Checking for available updates...

    No client id specified. Requesting AP ############   ...

    Manifest base URL is: “http://MYSERVER/munki_repo”/manifests/

    Getting manifest AP ############   ...

    Request failed. Trying AP ############   ...

    Manifest base URL is: “http:// MYSERVER /munki_repo”/manifests/

    Getting manifest AP ############   ...

    Request failed. Trying MACHINE SERIAL NUMBER...

    Manifest base URL is: “http:// MYSERVER /munki_repo”/manifests/

    Getting manifest  MACHINE SERIAL NUMBER  ...

    Request failed. Trying site_default...

    Manifest base URL is: “http:// MYSERVER /munki_repo”/manifests/

    Getting manifest site_default...

ERROR: Could not retrieve managed install primary manifest.

    Nothing found to precache.

Finishing...

    Getting info on currently installed applications...

Done.

USERACCOUNT@AP############ ~ % ›

-------------------------------------------------------------------------------------------------------------------------------------

Mitch Perry

unread,
Mar 8, 2021, 8:54:17 PM3/8/21
to munki-discuss
Yes I am using a Client ID as well for this build I have done I actually left it out to see if it would make it work and it didn't. I have also rebuilt other manifests and targetted other ones that I know are working and still nothing. 

On Tuesday, 9 March 2021 at 09:40:08 UTC+8 alan...@gmail.com wrote:

Gregory Neagle

unread,
Mar 8, 2021, 9:08:30 PM3/8/21
to munki-...@googlegroups.com
In the output you posted no ClientIdentifier is being used and none of the manifests the client does request exist. 

Sent from my iPhone

On Mar 8, 2021, at 5:54 PM, Mitch Perry <mit...@gmail.com> wrote:

Yes I am using a Client ID as well for this build I have done I actually left it out to see if it would make it work and it didn't. I have also rebuilt other manifests and targetted other ones that I know are working and still nothing. 

Mitch Perry

unread,
Mar 8, 2021, 9:32:46 PM3/8/21
to munki-...@googlegroups.com

 

So I added the Client ID (Which I have done on all my past builds as well)


sudo defaults write /Library/Preferences/ManagedInstalls ClientIdentifer "No-Mad"


I get the same thing. Now if I am on that local machine If I type in the web browser my http://MYSERVER/munki_repo etc I can see the repo in the browser view. So if there is a connection error I am stumped because it pings the server fine and I can also browse the repo through the browser on that machine I am setting it up on.






USERACCOUNT@############ ~ % sudo managedsoftwareupdate -vvv

Managed Software Update Tool

Copyright 2010-2021 The Munki Project

https://github.com/munki/munki

 

Starting...

    No CA cert info provided, so nothing to add to System keychain.

    No client cert info provided, so no client keychain will be created.

Checking for available updates...

    No client id specified. Requesting AP############...

    Manifest base URL is: “http://MYSERVER/munki_repo”/manifests/

    Getting manifest AP############...

    Request failed. Trying AP############...

    Manifest base URL is: “http://MYSERVER/munki_repo”/manifests/

    Getting manifest AP############...

    Request failed. Trying MACHINE SERIAL NUMBER...

    Manifest base URL is: “http://MYSERVER/munki_repo”/manifests/

    Getting manifest MACHINE SERIAL NUMBER...

    Request failed. Trying site_default...

    Manifest base URL is: “http://MYSERVER/munki_repo”/manifests/

    Getting manifest site_default...

ERROR: Could not retrieve managed install primary manifest.

    Nothing found to precache.

Finishing...

    Getting info on currently installed applications...

Done.

USERACCOUNT@AP############ ~ %




 

To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/3C94A779-62E1-432D-A001-8D9BF50BC50E%40mac.com.


--
Mitch Perry

Gregory Neagle

unread,
Mar 8, 2021, 9:36:03 PM3/8/21
to munki-...@googlegroups.com
There me no attempt to retrieve a manifest named “No-Mad”:

Checking for available updates...

    No client id specified. Requesting AP############...

    Manifest base URL is: “http://MYSERVER/munki_repo”/manifests/

    Getting manifest AP############...


Sent from my iPhone

On Mar 8, 2021, at 6:32 PM, Mitch Perry <mit...@gmail.com> wrote:



Mitch Perry

unread,
Mar 8, 2021, 9:56:14 PM3/8/21
to munki-...@googlegroups.com
Ok that's good so I am not going insane then haha. 

I have tried every SoftwareRepoURL I can think of different versions in case it's struggling to read etc. All this works perfectly fine as well on Catalina and Mojave even Sierra. 

http://MYSERVER/munki_repo/manifests/No-Mad (When I access this URL on the browser on the machine I am entering the info into terminal on it shows what packages it should be pulling down through Munki)
 
With my current Client Identifer.

sudo defaults write /Library/Preferences/ManagedInstalls ClientIdentifer "No-Mad"

I have even targetted other Client Identifer's as well that I know are working on other machines as well. 



To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/4C944D21-61DE-406A-A14E-67647EF7B8D0%40mac.com.


--
Mitch Perry

Gregory Neagle

unread,
Mar 8, 2021, 9:58:46 PM3/8/21
to munki-...@googlegroups.com
"ClientIdentifer" is not "ClientIdentifier"

`sudo managedsoftwareupdate --show-config` will almost certainly confirm my suspicion...

-Greg

Mitch Perry

unread,
Mar 8, 2021, 10:08:35 PM3/8/21
to munki-...@googlegroups.com
Ahh so I have stuffed up with the wording. 

ok I just did the --show-config and you are right "No-Mad" was blank I corrected it and it's showing in the --show-config as "No-Mad" now. 

I will test a few things and get back to you. 

To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/8A1971DA-02FD-47E4-ACAC-27F4E2CCEFFA%40mac.com.


--
Mitch Perry

Mitch Perry

unread,
Mar 9, 2021, 12:01:50 AM3/9/21
to munki-discuss
Ok that has sorted it now thank you so much, I feel like a complete idiot haha. I am tripping out though because I did use that same client id on the Mojave and Catalina version I built. I just wonder if it couldn't find it and it went to site_default instead and it allowed it that way. I will have to check out the --show-config on those machines to confirm. 

Thanks again guys!
Reply all
Reply to author
Forward
0 new messages