true3man

Q: Lion Server problem - Computer is already a network directory server

So I purchased Lion Server to trial it at home and it is not going well. Initially I was having issues connecting to the web interfaces for profile manager, etc. The server was not responding and so I uninstalled server and reinstalled it from the Mac Store (FYI: Apple has charged me for the OS and the server app as a result of this for some reason!!!)

 

With Server reinstalled I went to set up the server as a network directory and am shown this message every time I try to set up the directory admin account: "Computer is already a network directory server - This computer is already configured to manage network accounts. It cannot be configured again."

 

This leaves me unable to set up any profile or device management, I have tried the following solutions:

 

  1. Uninstall and reinstall server
  2. Deleted ServerVersion plist
  3. Reinstalled Lion
  4. Reinstalled Lion with format of HDD (although I did recover from a Time Machine Backup which included settings)

 

Any help would be appreciated.

Posted on Jul 28, 2011 2:10 AM

Close

Q: Lion Server problem - Computer is already a network directory server

  • All replies
  • Helpful answers

Previous Page 2 of 3 last Next
  • by Craig Weston,

    Craig Weston Craig Weston Sep 1, 2011 7:19 PM in response to matwyn
    Level 1 (0 points)
    Sep 1, 2011 7:19 PM in response to matwyn

    In addition to this look for certificates related to your server name as well. Eventually I deleted all of them with my server name in them, then I repaired the keychain to make them really go away (this seems to be a bug) and did the OD install successfully!

  • by Xenolith,

    Xenolith Xenolith Sep 1, 2011 11:25 PM in response to Craig Weston
    Level 1 (25 points)
    Sep 1, 2011 11:25 PM in response to Craig Weston

    Craig,

     

    By "repair" do you mean "Key Chain First Aid...Repair"?

     

    Also, by "OD install" do you mean changing the role from standalone to OD master?

     

    Sorry to pedantic but your reply seems like it might be a good lead but I still change my standalone to an OD master.

  • by Xenolith,

    Xenolith Xenolith Sep 1, 2011 11:44 PM in response to Craig Weston
    Level 1 (25 points)
    Sep 1, 2011 11:44 PM in response to Craig Weston

    Awesome! After resigning to the fact that I'd be doing a complete fresh Lion install *again* I figured I'd try deleting pretty much everything in the system key chain except for my wireless network password. And what do you know? I can finally change the role back to OD Master!

     

    Thanks Craig.

  • by andrew2011,

    andrew2011 andrew2011 Sep 2, 2011 2:09 AM in response to true3man
    Level 1 (4 points)
    Sep 2, 2011 2:09 AM in response to true3man

    I think I managed to solve this accidentially and in an unexpected way...

     

    I went to Network in System Preferences and changed the machine IP address (and made it fixed at the same time).  I had been unable to do this via Server.

     

    When I restarted Server, an alert was showing, saying the network configuration had changed.  Under that was 'Recovery Options' and the option to 'Update services' - 'Apply the new network configuration to your sevices'.

     

    I'd not seen this option anywhere else so clicked 'Recover' and after a few seconds, was able to set up a Network Directory Server no problem.

     

    I'm yet to get all my services working so may encouter related problems later, but this got me over the hurdle described here.

     

    This certainly seems worth doing if you change the hostname automatically assigned to the server, as I did. 

     

    Hope this helps.

  • by Craig Weston,

    Craig Weston Craig Weston Sep 2, 2011 6:12 AM in response to Xenolith
    Level 1 (0 points)
    Sep 2, 2011 6:12 AM in response to Xenolith

    yes to both questions.  Keychain first aid was the solution to the roadblock of a deleted keychain item that was still in the list.

     

    And yes, The Open Directory Master was created successfully after removal of all references to the server name. In my case I am using a dyndns server name to expose myself on the internet, so it was distinctive.

  • by OneClick,

    OneClick OneClick Sep 12, 2011 11:40 PM in response to Xenolith
    Level 1 (0 points)
    Sep 12, 2011 11:40 PM in response to Xenolith

    Same here

    forward and reverse DNS is OK

    sudo changeip -checkhostname is OK

     

    can't promote to OD master

  • by Xenolith,

    Xenolith Xenolith Sep 13, 2011 6:27 AM in response to Xenolith
    Level 1 (25 points)
    Sep 13, 2011 6:27 AM in response to Xenolith

    I found the best results (i.e. it's now working) from Craig Weston.

    • Check DNS - both forward and reverse zones
    • Certificates

     

    The key I found was that you must remember to check your certificates *on the server*. If you're running Server.app from another machine and you use Certificate Assistant (the application that opens when you select "Custom" for the certificate and then "Manage Certificates") you are accessing the *local* keychain. However, when you "Change Role" of the OD server that process, of course, uses the keychain on the server. Stupidity sieve struck again for me "Item 7: Are you running on the machine you think you're running on?" ;-)

     

    Let me know if that helps.

  • by Xenolith,

    Xenolith Xenolith Sep 13, 2011 6:28 AM in response to andrew2011
    Level 1 (25 points)
    Sep 13, 2011 6:28 AM in response to andrew2011

    @andrew2011 - sounds like your problem may have been DNS related. Lion Server is very very picky about both DNS and certs - way pickier than SLS even was.

  • by OneClick,

    OneClick OneClick Sep 13, 2011 6:34 AM in response to Xenolith
    Level 1 (0 points)
    Sep 13, 2011 6:34 AM in response to Xenolith

    In my case I was always on the server itself (with ARD) but still can't get my OD back :-(

  • by Xenolith,

    Xenolith Xenolith Sep 13, 2011 6:36 AM in response to OneClick
    Level 1 (25 points)
    Sep 13, 2011 6:36 AM in response to OneClick

    What certs appear in the System Keychain?

  • by OneClick,

    OneClick OneClick Sep 13, 2011 6:53 AM in response to Xenolith
    Level 1 (0 points)
    Sep 13, 2011 6:53 AM in response to Xenolith

    A single self signed certficate with the FQDN for my server.

    Before I had deleted the all other certs from the system keychain

  • by Xenolith,

    Xenolith Xenolith Sep 13, 2011 6:56 AM in response to OneClick
    Level 1 (25 points)
    Sep 13, 2011 6:56 AM in response to OneClick

    What is the error in your "Configuration Log" from "Server Admin" when you try to promote the OD to a Master?

  • by OneClick,

    OneClick OneClick Sep 13, 2011 7:06 AM in response to Xenolith
    Level 1 (0 points)
    Sep 13, 2011 7:06 AM in response to Xenolith

    In the configuration log there's nothing

    in the LDAP-log:

     

     

    Sep 13 16:01:10 ocserver slapd[734]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 25 2011 03:21:20) $

                        root@b1004.apple.com:/private/var/tmp/OpenLDAP/OpenLDAP-186~22/servers/slapd

    Sep 13 16:01:10 ocserver slapd[734]: daemon: SLAP_SOCK_INIT: dtblsize=8192

    Sep 13 16:01:12 ocserver slapd[734]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable

    Sep 13 16:01:12 ocserver slapd[734]: slapd starting

    Sep 13 16:01:12 ocserver slapd[734]: daemon: posting com.apple.slapd.startup notification

    Sep 13 16:01:26 ocserver slapd[734]: daemon: shutdown requested and initiated.

    Sep 13 16:01:26 ocserver slapd[734]: daemon: posting daemon shutdown notification.

    Sep 13 16:01:26 ocserver slapd[734]: slapd shutdown: waiting for 1 operations/tasks to finish

    Sep 13 16:01:32 ocserver slapd[734]: slapd stopped.

    Sep 13 16:01:33 ocserver slapd[752]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 25 2011 03:21:20) $

                        root@b1004.apple.com:/private/var/tmp/OpenLDAP/OpenLDAP-186~22/servers/slapd

    Sep 13 16:01:33 ocserver slapd[752]: daemon: SLAP_SOCK_INIT: dtblsize=8192

    Sep 13 16:01:33 ocserver slapd[752]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable

    Sep 13 16:01:33 ocserver slapd[752]: slapd starting

    Sep 13 16:01:33 ocserver slapd[752]: daemon: posting com.apple.slapd.startup notification

    Sep 13 16:01:38 ocserver slapd[752]: daemon: shutdown requested and initiated.

    Sep 13 16:01:38 ocserver slapd[752]: daemon: posting daemon shutdown notification.

    Sep 13 16:01:38 ocserver slapd[752]: slapd shutdown: waiting for 0 operations/tasks to finish

    Sep 13 16:01:40 ocserver slapd[752]: slapd stopped.

    Sep 13 16:01:40 ocserver slapd[771]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 25 2011 03:21:20) $

                        root@b1004.apple.com:/private/var/tmp/OpenLDAP/OpenLDAP-186~22/servers/slapd

    Sep 13 16:01:40 ocserver slapd[771]: daemon: SLAP_SOCK_INIT: dtblsize=8192

    Sep 13 16:01:40 ocserver slapd[771]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable

    Sep 13 16:01:40 ocserver slapd[771]: slapd starting

    Sep 13 16:01:40 ocserver slapd[771]: daemon: posting com.apple.slapd.startup notification

    Sep 13 16:01:43 ocserver slapd[771]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Sep 13 16:01:43 ocserver slapd[771]: conn=1014 op=6: attribute "entryCSN" index delete failure

    Sep 13 16:01:47 ocserver slapd[771]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Sep 13 16:01:47 ocserver slapd[771]: conn=1014 op=37: attribute "entryCSN" index delete failure

    Sep 13 16:01:51 ocserver slapd[771]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Sep 13 16:01:51 ocserver slapd[771]: conn=1014 op=70: attribute "entryCSN" index delete failure

    Sep 13 16:01:55 ocserver slapd[771]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Sep 13 16:01:55 ocserver slapd[771]: conn=1014 op=101: attribute "entryCSN" index delete failure

    Sep 13 16:01:58 ocserver slapd[771]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Sep 13 16:01:58 ocserver slapd[771]: conn=1014 op=132: attribute "entryCSN" index delete failure

    Sep 13 16:02:24 ocserver slapd[771]: daemon: shutdown requested and initiated.

    Sep 13 16:02:24 ocserver slapd[771]: daemon: posting daemon shutdown notification.

    Sep 13 16:02:24 ocserver slapd[771]: slapd shutdown: waiting for 0 operations/tasks to finish

    Sep 13 16:02:27 ocserver slapd[771]: slapd stopped.

  • by Craig Weston,

    Craig Weston Craig Weston Sep 13, 2011 6:19 PM in response to OneClick
    Level 1 (0 points)
    Sep 13, 2011 6:19 PM in response to OneClick

    Maybe there's something wrong with the permissions along the way?

     

    Try doing a system repair permissions from the recovery partition.

  • by OneClick,

    OneClick OneClick Sep 13, 2011 11:22 PM in response to Craig Weston
    Level 1 (0 points)
    Sep 13, 2011 11:22 PM in response to Craig Weston

    It turned out to be a problem with de local DNS-zone after all.

    The DNS-zone that was created was the FQDN of my server

    myserver.mydomain.private and

    the administrator email for it was info@myserver.mydomain.private.

     

    I changed the zone to myprivatedomain.com and forward en reverse lookup worked fine.

    Then I changed the admin email to my personal emailaddress (info@myprovider.com) and OD troubles began.

     

     

    Everthing working now except that I still can't enrol devices (another discussion).

Previous Page 2 of 3 last Next