Skip navigation

Push Notification Issues - Lion Server 10.7

18053 Views 34 Replies Latest reply: Nov 9, 2012 11:12 PM by hoops7 RSS
  • Matt Domenici Calculating status...
    Currently Being Moderated
    Aug 16, 2011 8:20 PM (in response to NWFSCIT)

    That article is more in reference to the MDM/Profile Manager setup.  Push e-mail works on a different set of ports, and as far as I can tell, doesn't seem to work properly.

  • waider Calculating status...
    Currently Being Moderated
    Feb 8, 2012 3:32 AM (in response to drr105)

    I'm not depending on push notifications, but I was happy it worked, and mildly unhappy when it broke. And it broke  at about the same time as I had to renew my push certificate, which gave me a hint. What worked for me, and may work for you (but no guarantees since my sample size is 1):

     

    · check what certificate your notification service thinks it's using:

    mymac:~ waider$ sudo serveradmin settings notification:sslKeyFile
    notification:sslKeyFile = "/etc/certificates/mymac.mydomain.com.BADBADBADBADBADBADBADBADBAD.concat.pem"
    mymac:~ waider$ sudo serveradmin settings notification:sslCAFile
    notification:sslCAFile = "/etc/certificates/mymac.mydomain.com.BADBADBADBADBADBADBADBADBAD.chain.pem"

    · check what cert files you've actually got:

    mymac:~ waider$ ls -1 /etc/certificates/mymac.mydomain.com*
    /etc/certificates/mymac.mydomain.com.HEXHEXHEXHEXHEXHEXHEXHEXHEX.cert.pem
    /etc/certificates/mymac.mydomain.com.HEXHEXHEXHEXHEXHEXHEXHEXHEX.chain.pem
    /etc/certificates/mymac.mydomain.com.HEXHEXHEXHEXHEXHEXHEXHEXHEX.concat.pem
    /etc/certificates/mymac.mydomain.com.HEXHEXHEXHEXHEXHEXHEXHEXHEX.key.pem

     

    · if the notification files don't match the ones in your /etc/certificates directory, update them:

    mymac:~ waider$ sudo serveradmin settings notifications:sslKeyFile = "/etc/certificates/mymac.mydomain.com.E9A509E12E8D8CE04165291F2781DC44A85F1832.concat.pem"
    mymac:~ waider$ sudo serveradmin settings notifications:sslCAFile = "/etc/certificates/mymac.mydomain.com.E9A509E12E8D8CE04165291F2781DC44A85F1832.chain.pem"

     

    · Reboot. I tried restarting a couple of things, but really, rebooting seems to be the key way of getting this to take.

    Mac mini (Late 2009), Mac OS X (10.7.3)
  • raha613 Calculating status...
    Currently Being Moderated
    Feb 9, 2012 10:36 PM (in response to waider)

    Worked for me

     

    Thanks Waider!

  • Fred de Gembloux Level 1 Level 1 (10 points)
    Currently Being Moderated
    Feb 12, 2012 8:45 AM (in response to waider)

    Hi,

     

    I first got empty path:

    • notification:sslCAFile = ""
    • notification:sslKeyFile = ""

     

    I did some cleaning in my /etc/certificates folder. It was full of rubbish/old revoked certificates.

     

    I regenerated the push notification certificates, but the path to certificates remains empty...

     

    I manually set the pat to the right certificates with sudo serveradmin settings notifications:sslKeyFile = command, but when checking the path, I get the same result as before...

    • notification:sslCAFile = ""
    • notification:sslKeyFile = ""

    Even after reboot, no change...

    Any idea?

     

    Thanks

  • Xenolith Level 1 Level 1 (25 points)

    +1

  • guillame Calculating status...
    Currently Being Moderated
    Feb 13, 2012 11:48 PM (in response to drr105)

    Same thing for me. It seems that the logs on the server saying that push notification is not available have stopped but the outcome of "sudo serveradmin settings notification:sslKeyFile" is empty. Adding +1 results in "notification = _empty_dictionary". Any ideas will be highly appreciated.

  • mac_mattias Calculating status...
    Currently Being Moderated
    Feb 14, 2012 2:55 PM (in response to waider)

    I as many others for those empty notification:sslCAFile and notification:sslKeyFile. Tried to add them and rebooted the server and they are still empty. If I make a change to lets say calender on a Mac nothing happens on the phones calender or the other way around.

     

    Id love some help on this I need to get the push thing working, it worked so nice under 10.6.8.

  • guillame Level 1 Level 1 (10 points)
    Currently Being Moderated
    Feb 18, 2012 10:16 PM (in response to drr105)

    Eventually Apple admitted that they had a problem on their end re push notification certs. I had to go through a total wipe-out and reinstallation of my server - and then they said that they have a problem on their system, causing a "Unexpected error (-1) has occurred" message. After they fixed it, I was able to get the certs but *not* to get them working. Any ideas?

    BTW, Apple support reps said that they can't support the above recommendation of a manual change of push notification certs. So if you have a support service - take that into consideration.

  • mac_mattias Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 19, 2012 3:41 AM (in response to drr105)

    I finally got it working. I did something ugly...

    I removed SSL all together. Well that did the trick.

     

    Now I am gonna leave this for a while and when I am up to it I will look into the SSL buisness again.

  • waider Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 19, 2012 4:00 AM (in response to Fred de Gembloux)

    Interesting. I notice that the commands I used - which I cut & pasted - used 'notifications', where it now looks like the relevant section is 'notification' (no trailing s) - this may be a 10.7.2 to 10.7.3 change as I've upgraded the server in the interim. I don't really have any suggestions for the apparently unsettable values - I figured out what to do by dumping the full config for notifications using serveradmin settings notifications and then looking for things that were out of place or incorrect.

  • Matt Domenici Level 1 Level 1 (110 points)
    Currently Being Moderated
    Mar 10, 2012 8:49 AM (in response to drr105)

    Thanks for this -- after mucking with it once on 10.7.3, I finally have push working.  Much appreciated!

  • Matt Domenici Level 1 Level 1 (110 points)
    Currently Being Moderated
    Mar 11, 2012 5:55 PM (in response to Matt Domenici)

    Well, I spoke to soon.  The push seems to still work, but the feedback server seems to randomly disconnect.  I noticed that profile manager can push things to devices, but doesn't get feedback, which would seem to make sense given the feedback server is dropping the connection.

  • waider Level 1 Level 1 (0 points)
    Currently Being Moderated
    Mar 12, 2012 2:51 AM (in response to Matt Domenici)

    I've noticed that even with the certs corrected there seems to be a regular round of timeouts when talking to the server. This may well reflect the fact that I'm a casual user with no support contract, etc. and therefore no SLA. It may also be down to the fact that my broadband router isn't the most reliable piece of kit. I've found that since I made the cert correction, however, that when the system works it works without me having to do anything - in other words, that I've probably fixed all that can be fixed from the client side.

     

    (also, if this helps you, a "worked for me!" vote on the original fix would be appreciated!)

  • guillame Level 1 Level 1 (10 points)
    Currently Being Moderated
    Mar 12, 2012 11:36 AM (in response to drr105)

    What I found out is that when I disabled the IP firewall on the server, push notification started working. When I reenabled it, it stopped working. Unfortunately, I couldn't reproduce this behavior.

    Apple support told me that I need the following  ports open: TCP 1295 - APNS pushes, TCP 1296 - APNS feedbacks, and TCP 5223 for client connections. All ports are required for both outbound and inbound.

    I  tried opening the specified ports, and even opened 2195 and 2196 as the support expert had both versions in his response - with no success. Push notification doesn't work for me. Waiting for 10.8...

  • guillame Level 1 Level 1 (10 points)
    Currently Being Moderated
    Mar 16, 2012 5:41 AM (in response to drr105)

    Guys, Push notification seems to be working. I can't really point out why this is working now while it didn't a few days ago, as I didn't do any change in the last few days. It could be that:

    1. Apple had an issue on their end and they solved it

    2. After I opened TCP ports 2195, 2196 and 5223 as described above, it took the server/service a few days in order to sync with APNS

    3. The sevreal attempts to restart push notification service on the server took some time to effect

    4. All of the above

    5. All of the above, excluding #1

     

    I do get the following error though:

    3/16/12 12:32:00.010 AM com.apple.APNBridge: Opening connection to apn feedback server feedback.push.apple.com for topic com.apple.mail.XServer.5dc4d75c-9f8b-4ad0-92ac-ejhg859uhgu4
    3/16/12 12:32:01.770 AM com.apple.APNBridge: Disconnected from apn feedback server feedback.push.apple.com for topic com.apple.mail.XServer.5dc4d75c-9f8b-4ad0-92ac-

    ejhg859uhgu4: error (null)

     

    Will continue to investigate w/ Apple support.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (6)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.