Jamf Pro Server / Casper JSS Windows Upgrade Crib Sheet

Hey all. In case you couldn’t guess, I’ve been completing a lot of on-premise Casper JSS / Jamf Pro Server upgrades recently for customer’s using Windows Servers to host their solution. I’m a big fan of little reminders and checklists so I wrote a short ‘crib-sheet’ style note I use as I complete each one. I thought I should share my list in case it helps anyone else out.
Please Note: This is meant as a short reminder of tasks and not a full breakdown of all steps and considerations when upgrading your JSS. As always, your mileage may vary.


1) Right, before you touch anything, take backups. I’m serious. This will save your bacon if anything should go wrong. Backup your Database (if you have trouble running the Database Utility, check out this post for advice). If you’re running the server in ESXi or another Virtualisation platform (and why wouldn’t you?), have your platform administration take a Virtual Machine snapshot of the server before you start poking around.
Done? Great, lets get elbows deep.
2) If your also looking to upgrade MySQL to v5.7 at the same time, I’d strongly suggest going through Neil’s guide on the matter, as can be found here. I can’t recommend that post (or the blog) enough.
3) Review your JSS settings for areas that might be affected by an upgrade. This one isn’t so easy to suggest as it’s more a combination of experience and your own environment.
In the past, there has been issues with Configuration profiles with the Security & Privacy payload, as well as the ‘Log out users after’ option being enable on Login Window payloads. So make a note of these (screenshots work well, as would downloading the profiles). Also make a note of the Tomcat memory allocation, so you can reconfigure this if required (Jamf KB Article)
4) Stop the Tomcat service. This will stop changes being made to the database and will ensure the rest of the work goes as smoothly as possible.
There is a number of ways to do this, but the simplest is using the Microsoft “Services” application. Find and stop the “Apache Tomcat” service.
5) Copy (not move!) your JSS folder to a backup location. This holds your database connection settings, log file settings, Tomcat tweaks and SSL certificate (in the keystore file) and will again save a lot of effort should anything go wrong.
This will typically live in C:\Program Files\JSS
I tend to copy this to a second drive / volume on the server, typically in the same place as the database backups.
6) Run a database backup. Already done it in step 1 and 2? Tough. Do it again.
Again it’s always better to be safe than sorry. As with the JSS folder backup, I tend to save this on a second drive / volume.
7) Uninstall both the Java Runtime Environment (JRE) and Java Developer Kit (JDK) from the server.
This ensures there will be no conflict when we update them.
8) Download and install the latest JDK for your OS (Windows 64-bit, right?) from here.
Jamf cover this under their KB “Installing Java and MySQL“.
9) Download the latest Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from here.
Install these by dragging the two .jar files into the directory C:\Program Files\Java\jre<version>\lib\security\
Again, Jamf cover this under their KB “Installing Java and MySQL“.
10) Once done, edit the system environment variables to point the JRE_HOME and JAVA_HOME keys to the newly installed versions.
Jamf cover this here.
11) Reboot the Server.
Although optional, I’ve had issues with the automated backups running if you ‘forget’ to reboot the server after modifying the system environmental variables.
12) Once you’re back in, turn off the Apache Tomcat service again, if it has started up (see step 4, above).
13) Run the JSS installer. If you get issues with running the installer, check out this post.
14) Once done, confirm Tomcat starts up fine and you can load the web interface.
On first startup of Tomcat after the update, it will perform some tweaks and changes to the database tables. This can take anywhere between 3 minutes and hours depending on the size of your database.
15) Confirm the areas you checked over in step 3 are still fine. Reconfigure the Tomcat memory allocation if required.
16) Launch the JSS Database Utility again, and un-set and re-set the scheduled backup to ensure these are set and working.
17) Job done, consume beverage of choice as a reward.


And there we go, I’ve provided a rough crib sheet of steps I tend to take when upgrading a Jamf Pro Server / Casper JSS when hosted on Windows. Hopefully that’ll help some of you out (or future me when I forget again)! As always, if you have any questions, queries or comments, let us know below (or @daz_wallace on Mac Admins Slack) and I’ll try to respond to and delve into as many as I can.
P.S. Sorry, no screenshots this time :/
The usual Disclaimer:
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.