Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Creating a NetBoot Image and Setting Up a NetBoot Server

Disclaimer: This knowledge base article is no longer being updated. Apple does not recommend using NetBoot imaging to upgrade computers with macOS 10.13 or later. Computers with macOS 10.13 or earlier can use Server.app 5.6 or earlier or the NetSUSLP for hosting NetBoot images. For more information about NetSUSLP, see the following website: https://github.com/jamf/NetSUS

Overview

A NetBoot server is a server that hosts a NetBoot image. You can boot computers to a NetBoot image in place of a recovery partition or external drive when imaging.

This article explains how to create a NetBoot image that can be used with the Casper Suite, and set up a NetBoot server on a server with macOS Server installed.

Note: The NetBoot image is not deployed to computers during imaging. It is the image that computers boot to during imaging only.

Requirements

  • A minimal base OS image. For instructions on how to create a minimal base OS image, see Creating a Minimal Base OS Image.
  • A server with macOS server installed that you can use to host the NetBoot image.

Note: If you are booting a macOS 10.11 computer to the NetBoot image, the computer must first trust the NetBoot server. For more information, see the Booting macOS 10.11 or Later Computers to a NetBoot Image Using a Policy or Casper Remote Knowledge Base article.

Procedure

  1. Copy the minimal base OS image to a server with macOS Server installed.
  2. Open the Casper NetInstall Image Creator.
  3. Select the path to your image source.
  4. Enter an image name.
  5. Enter an image index that differs from other NetBoot images hosted on the same server with macOS Server installed.
  6. Click the Enable this NetInstall Image checkbox.
  7. Click the Set this NetInstall Image as the Default Image checkbox.
  8. Select the latest version of Casper Imaging.app.
  9. Click the Create Casper Preference File checkbox.
  10. Enter the JSS URL.
  11. Click Create.

If you are already using the NetInstall service, the image will be enabled immediately upon creation. If you have not yet configured the NetBoot service, open the Server application, and start the NetInstall service.

Like Comment
Order by:
SOLVED Posted: by mm2270

Heh. Love the Terminator reference in the hostname :)

Like
SOLVED Posted: by donmontalvo

Possible to replace 10 lines in step 1 with:

sudo passwd root

:)

Don

Like
SOLVED Posted: by pnbahry

I have followed this and it all seems to work perfectly, however when I went to image a machine with Bootcamp Partition I ran out of Memory on the OS on the Netboot and it wanted me to quit Casper Imaging to free up some space.

Like
JAMFBadge
SOLVED Posted: by Matt_Fjerstad

Hi Paul,

If we are getting an error message about running out of disk space while NetBooted please refer to this KB Article: https://jamfnation.jamfsoftware.com/article.html?id=198

Matt Fjerstad

Like
SOLVED Posted: by pnbahry

Thanks Matt,

Thats exactly what I was trying to look for.

Paul

Like
SOLVED Posted: by Torin

I have followed these steps, I use 10.8 server and I was creating a 10.8 netboot set. Every time I try to erase a drive and install a image it freezes during the block copy part of the install. I noticed in Installation \- /private/var/netboot \- disk0s2 instead of /volume/Macintosh HD/ this shows up at the top Casper Imaging screen. Has anybody seen this or better yet have a solution?

Thanks
Torin

Like
SOLVED Posted: by justinrummel

Torin,

There could be a couple of issues:

  1. Diskless option is not properly set on your netboot.nbi on the server. Try to de-select, disable netboot, re-select, enable netboot
  2. You are using a TB => Ethernet adaptor, of which people are reporting to be an issue for imaging. See below links
  3. Verify AFP SACL permissions have not resctricted your netboot client data

https://jamfnation.jamfsoftware.com/discussion.html?id=2652
https://jamfnation.jamfsoftware.com/discussion.html?id=4977
https://jamfnation.jamfsoftware.com/discussion.html?id=5416
https://jamfnation.jamfsoftware.com/discussion.html?id=5544

Like
SOLVED Posted: by Torin

Thanks Justin, I have toggled the diskless booting as you described as well as run the command line serveradmin to make sure diskless booting was available.I have also verified permissions and they appear to be correct and inline with other netboot sets. I am not using an Ethernet adaptor, so I am not sure what else to do, cause I am having the same issue.

Like
SOLVED Posted: by peterleeman

@Torin

Did you ever get this sorted? I am having similar issues.

Like
SOLVED Posted: by greatkemo

@Torin, @peterleeman,

Did either of you guys figure this out? I am having the same problem, although, when i manually erase a disk using disk utility, and then uncheck erase Macintosh HD in casper imaging it will image, BUT the process does not perform a block copy it just says installing, which takes slightly longer than a block copy, then it reboots into the new image.

Kamal

Like
SOLVED Posted: by Torin

@peterleeman, @greatkemo

Sorry for the delayed response,

I never figured this out, I adjusted the size of my image as suggested in this Knowledge Base https://jamfnation.jamfsoftware.com/article.html?id=198 and this helped me for some models of computers. My computers are not immediately locking during block copy but I do receive an out of memory error during the imaging process.

Like
SOLVED Posted: by rwwest7

"Verify AFP SACL permissions have not resctricted your netboot client data"

Is there any directions or hints on how to do this on ML Server? They removed Server Admin.app

Like
SOLVED Posted: by hermant

When I create the Net boot image it keeps changing the energy preferences on the net boot environment. Is there a way to stop this?

Like
SOLVED Posted: by easyedc

@rwwest7

I opened a support ticket with AppleCare and they dug out this KBase for me. It mentions the AFP SACL permissions.

http://support.apple.com/kb/TS4316

Like
SOLVED Posted: by thanzig

I am running into a similar issue. The "erase HD" function fails and the block copy does not happen. I have been able to get around this by booting to my NetInstall and wiping the HD, then I reboot into the NetBoot and run Casper Imaging with the "erase HD" unchecked since the HD is already wiped. This is a workaround, but I would still like to know what is going on.

Like
SOLVED Posted: by hkim

I posted something about making sure to disable sleepimage in your BaseOS, that was the cause of our issues with 10.8 Netboot sets.

https://jamfnation.jamfsoftware.com/discussion.html?id=7091

Like
SOLVED Posted: by winningham.2

You have a typo according to Apple's documentation in 10.8...

The NetBoot image must be in the following location on your NetBoot server: /Library/Netboot/Netboot/SP0/

The actual location for the .NBI is

/Library/Netboot/NetbootSP0/

Like
SOLVED Posted: by erin.miska

@winningham2, thanks for catching that! Fixed.

Like
SOLVED Posted: by michaelhusar

Hi I followed the tips here and did set the SACL but I see that only 3 netboot accounts are enabled.

We are running osx Server 2.2.1 \- Under Users I see the system accounts netboot100 to netboot 149.
They first 3 have not entry, but all the others show DISABLED.
In the settings I see no way to enable them.
Did anyone solve that?

Is there a command line to change that ? I am not really convinced that I should set under "/advanced options" the login shell to /bin/bash ....

Even if I change the Netboot Client Aging time I think, I cannot live with only 3 clients.
Thank you for your help!

Like
SOLVED Posted: by michaelhusar

Brock at Jamf pointed me to

http://www.macos.utah.edu/documentation/administration/setup_netboot_service_on_mac_os_x_10.6.x_client.x_client/setup_netboot_service_on_mac_os_x_10.6.x_client-diskless_netboot.html

10 deploys already through and running.
Thanx!

Like
SOLVED Posted: by benyoung

Thanks @michaelhusar! I was getting the "An exception of class NilObjectException was not handled" error when booted to a Net Appliance running Casper Imaging 9.2 and the article you referenced helped solved this problem.

The article mentions that you need to save the shadow file in a RAM disk to be able to make changes to the local disk in some situations. Something to do with AFP limitations of 10 clients over the network then the shadow file fails over to the local disk?

I used System Image Utility v10.9 (Mavericks) to build the NetBoot set so was kind of hopping that there wouldn't be any issues. But I didn’t run the NetBoot Set through the Server Admin tool and make the other changes mentioned above which may have solved this problem?

For reference, this solution was picked up by @brj back in 2012.
https://jamfnation.jamfsoftware.com/discussion.html?id=5156

The original article:
http://www.macos.utah.edu/documentation/administration/setup_netboot_service_on_mac_os_x_10.6.x_client.x_client/setup_netboot_service_on_mac_os_x_10.6.x_client-diskless_netboot.html
was written in 2011 by Richard Glaser from uMac. Richard filed a bug report to Apple ref: 9665982.

Like
SOLVED Posted: by michaelhusar

Thanks @benyoung for the feedback. I think what is also to be considered: Who serves the net boot image? In my test lab I saw that the "same" set (built with system image utility 10.8.3) did: -10.6.8 Server: boot ok
-NET/SUS appliance 1.02: boot ok
-10.8.4 with Server 2.1: only work with the RAM disk hack

Like
SOLVED Posted: by benyoung

@michaelhusar I found a similar situation, but it wasn't as clear cut as the difference between SUI 10.8.3, 10.8.4 and 10.9 for me. However I didn't need to create a RAM disk originally with SIU 10.8.3 and Net Appliance 1.02. Could be the amount for memory allocated to the VM?

Like
SOLVED Posted: by CasperSally

Any hope of using the new NetInstall Creator and still get a netboot image that offers a script to wipe FV2 enabled drives (see @jarednichols post here https://jamfnation.jamfsoftware.com/discussion.html?id=5763).

We stick that in the dock and the techs rely on it.

Like
SOLVED Posted: by charliwest

It seems like there is now a step missing in this article and the one you link to in creating the image, on here or https://jamfnation.jamfsoftware.com/article.html?id=313 there is now no mention of using composer to actually make the dmg you need to use NetInstall Creator. When you get to that bit on the other page it tells you to come here.

Like
SOLVED Posted: by clifhirtle

@dwest I believe "Step 3: Build a Package of the OS: For instructions on how to build an OS package, see "Building OS Packages" in the Casper Suite Administrator's Guide." would cover that.

Like
SOLVED Posted: by wmateo

has anyone tried this with an encrypted disk? When I use the NetInstall Creator, it gives me an error saying it cant find drive. Obviously because drive is encrypted and cant mount without proper credentials. Only work around I have found is to boot from another source and delete encryption/filevault information.

Like
SOLVED Posted: by sgoetz

So can you use the Install OSX.app downloaded from the Apple Store to make NBI's with this CNIC.app?

Like
SOLVED Posted: by bentoms

@sgoetz, I think it needs an
OS.dmg.. Such as one created via AutoDMG.

I've also an app that automates the NBI creation: https://jamfnation.jamfsoftware.com/discussion.html?id=11356

I'll be talking about AutoCasperNBI alongside Nick whom will talk about CNIC @ JNUC.

Like
SOLVED Posted: by lammersst

Is this going to updated to work with Yosemite? I am trying to create a NBI file to work with Yosemite but I can't get this program to make a NBI.

Like
SOLVED Posted: by bentoms

@lammersst, Both Casper NetInstall Creator v5 (https://jamfnation.jamfsoftware.com/viewProduct.html?id=13&view=info) & AutoCasperNBI (https://macmule.com/AutoCasperNBI) can create 10.10.x NBI's.

Like
SOLVED Posted: by TomDay

+1 for @bentoms comment @lammersst, AutoCasperNBI works perfectly for Yosemite!

Like
SOLVED Posted: by scottyo

This may seem sort of nit-picky, but this link and article used to be totally different and have information about creating a netboot image from scratch (activating the root user, etc.). Now I didn't copy that article, but I want/need to reference it. Most of the comments still attached to this article don't have much to do with the text above (they reference the previous article). Is there anyway to access the previous document, or is it gone forever?

I really don't want to have to print out useful articles I find here on Jamf Nation, but this isn't the first time I've run across this in a knowledge base article here. What's wrong with keeping the old articles around for reference (I can't seem to find what I'm looking for through a search - so I'm assuming it's gone). If it is somewhere, can you publish a link to it? Thanks in advance.

Scotty Orr

Like
SOLVED Posted: by bentoms

@scottyo I have some of the information in my AutoCasperNBI guide.

Not sure if any help.

Like
SOLVED Posted: by nigelg

Can anyone confirm if this workflow is dependant on having a AFP file distribution point?

After reading this https://jamfnation.jamfsoftware.com/article.html?id=74 it doesn't look like it but I would like confirmation. We will have to consider other options if we cannot use SMB as we have been doing.

Like
SOLVED Posted: by jhuhmann

@nigelg I can confirm that you can not use an SMB distribution point with the above. I use AutoCasperNBI to create my netboot images because of this.

Like
SOLVED Posted: by jake.snyder

After following these instructions and then netbooting a test machine I get stuck at "parsing JSS data..." after providing the initial credentials.

I don't have this problem when accessing Casper Imaging on the NetBoot server.

Has anyone run into this issue before?

Like
SOLVED Posted: by CSHGreenwich

I second the AutoNBI.. It works like a charm..SOOOOO much easier.

Like
JAMFBadge
SOLVED Posted: by benjamin.michael

ICYMI - We published a White Paper on Imaging OS X Computers with the Casper Suite. It includes much more detail about imaging methods, workflows, and our recommendations based on your environment. Check it out and please let us know your feedback!

Thanks

Like
SOLVED Posted: by pmcgurn

Read and tried to follow this as a rookie. Two pieces of feedback.

  1. Don't link to other articles that refer to yet other documentation. Consolidate it into one flow. If you think it's too many steps, it is, and take that as feedback on improving the process through your product.
  2. Step 1 should explicityly call out that this is a DMG file, not the contents of the drive used for the base image. The Netboot app you provide will allow the selection of a file system, vs. a DMG file, and will seem to work until you try to create the image. At that point, the app simply crashes...
Like
SOLVED Posted: by jgsims

Can this be updated since Netboot has been removed from OSX Server?

Like

Jamf wants to hear your feedback around Jamf Pro: LDAP Servers and Reports!