1 2 Previous Next 26 Replies Latest reply: Oct 12, 2012 6:17 AM by Mark23
Mark23 Level 3 Level 3 (975 points)

should be to install the 10.7.3 Combo update found here OS X Lion Update 10.7.3 (Server) Combo or a newer version of the combo update.

 

I found that all problems I had with refusing services in Server Admin and Server.app were solved this way.

 

You should reboot afterwards....

 

I now still am having problems with Webmail, but this post helped me in the past and I'm sure it will now...

 

Hope this helps!


MacBook Pro (17-inch Early 2009), Mac OS X (10.7.2), 8GB, 2,93 GHz Intel Core 2 Duo
  • 1. Re: The first step to resolving any Lion Server problem...
    Mark23 Level 3 Level 3 (975 points)

    Today I made a backup of all my normal users by selecting them in Workgroup Manager and then click Server --> Export, then I demoted my Open Directory to stand alone via Server admin, only to promote it again to OD Master using Server.app's Manage --> Manage users menu item.

     

    After that I had to reset all passwords by hand, which is not a daunting task for a small organization, although I would like the option to reset the passwords to a their default value.

     

    After the OD-promotion through Server.app all certificates are back in place, only did I get the message "Diagnostic-code: smtp;530 5.7.0 Must issue a STARTTLS command first" in return when sending an e-mail to my server. That can be corrected by going to Server Admin: Mail: Settings: Advanced: Security and select use for SMTP SSL under Secure Sockets Layer (SSL).

     

    I'd set IMAP and POP SSL to Require if you've gotten a certificate from an external Certificate Authority.

     

    I did all this because my previous OD-master was put together through Server Admin, like I was used to in Snow Leopard, but that doesn't seem to do as much as Server.app in terms of configuring your system.

  • 2. Re: The first step to resolving any Lion Server problem...
    Mark23 Level 3 Level 3 (975 points)

    By the way, my webmail problems haven't been solved using the above link, so if someone has any suggestions I'd be glad to hear them.

  • 3. Re: The first step to resolving any Lion Server problem...
    Mark23 Level 3 Level 3 (975 points)

    Fixing webmail has been solved by someone else:

     

    1.  Turn off all services under Server app.

    2.  Under Hardware, settings, change SSL certificate to "none"

    3.  Under Hardware, network, reset host name again.

    4.  Under Hardware, settings, change SSL certificate back to correct one

    5.  Turn Web service ON.

     

    It may still say /var/empty.

     

    6.  Turn Wiki service ON

    7.  Recheck Web service.  It should be changed to /Library/Server/Web/Data/Sites/Default.

  • 4. Re: The first step to resolving any Lion Server problem...
    Mark23 Level 3 Level 3 (975 points)

    To get webmail working there is yet another huge step involved in the proces of fixing this:

     

    8. Turn mail on in Server.app and make sure Enable Webmail is ticked...

     

     

  • 5. Re: The first step to resolving any Lion Server problem...
    Mark23 Level 3 Level 3 (975 points)

    To get VPN working on Lion Server, please follow this guide:

     

    http://macminicolo.net/lionservervpn

  • 6. Re: The first step to resolving any Lion Server problem...
    Mark23 Level 3 Level 3 (975 points)

    Mac VPN Settings

     

    We have a lot of customers who use their Mac mini as a VPN server.This works great when you need an IP address in the US, or a secure internet connection on the road, or a number of other reasons. When Apple released Lion, they changed the setup a bit. By default, Lion Server VPN will distribute IP addresses in the same range the Mac itself uses. This doesn't work well in a facility like Macminicolo where each Mac mini has a static WAN IP address.

    This tutorial will show how to make the Mac mini an internet gateway that assigns a LAN IP range to connected VPN clients. This tutorial was created on Lion 10.7.1, and proven to continue working when upgraded to 10.7.2. Read over the steps below, and then follow each one closely.

    Server:

    Before we start the process, be sure you have downloaded and installed the Server Admin Tools for Lion. Those can be found on the Apple Support site here.

    Open the network settings on the Mac mini and add a virtual interface:

    Image

    Image

    Once the interface is created as "LAN" then set the settings as below (ie, 10.0.0.1):

    Image

    Open Server Admin and check the following services so they are available. The dots will remain grey as they are not yet active.:

    Image

    Choose the "NAT" service, be sure you are on the "Overview" tab and click "Gateway Setup Assistant":

    Image

    It will warn that you are going to overwrite the DHCP subnets. This is fine:

    Image

    Select Ethernet for the WAN interface:

    Image

    Check "LAN" as the LAN Interface (this is the virtual interface you setup earlier):

    Image

    Next we will enable the VPN server. Your Shared Secret will be shared with any of the clients that you allow to connect:

    Image

    Next will be a window where you can confirm the settings and continue. When it's done, it will be reported as complete:

    Image

    Image

    The Gateway Setup should now be done and the four services should be enabled with green dots. First, go to the Firewall setting and be sure your proper ports are open. This would include the ARD ports so you can access the machine remotely and check all the VPN L2TP ports so you can connect to the new VPN server you are setting up. Or, you can choose to allow all traffic. Then Save:

    Image

    Go to the DNS service in Server Admin and set the Forwarder IP Addresses to the DNS addresses that your Mac mini uses. (For Macminicolo customers, that is 66.209.64.20 and 66.209.64.21):

    Image

    You can now close Server Admin. Next, open up Server.app and go to the VPN service. The service will be running already but we need to make two changes. First, we will need to change the subnet. It will default to 192.168.1.x, but it must be 192.168.2.x. Next, you can decide the range of IPs that you want to assign. For instance, if you anticipate 50 users, you would use a range of fifty. (ie, 192.168.2.100 - 192.168.2.150) Below are two screenshots of how it will look at first, and then how it will look after you change it.

    Image

    Image

    At this point, disable the VPN Server, wait 20 seconds, and enable it again.

    Next, open up terminal so we can we can run one command. You'll be prompted for your admin password. This is the command:

    sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.2.1"

    Image

    Finally, return to the VPN service, disable it, wait 20 seconds, and enable it again. After that, your VPN server should be active and ready for connections.

    A couple notes:

    If you go back to your network settings, you'll see that the IP address has changed from what you originally set. Also, you'll see that it's 192.168.1.x and not 192.168.2.x. Both of these are correct changes. Don't alter them.

    Image

    If it doesn't connect right away, you may try the Terminal command again, and disabling/enabling the VPN service. Sometimes it takes a couple tries to rewrite the plist.

    This tutorial was done on a Mac mini with a clean install of the operating system. As you set it up, be sure it doesn't conflict with other services you may already have running.

    If you try to connect from behing an Apple router (Airport Extreme or Airport Express) it may report that the server is unreachable. I wish I could give you a fix for this, but it looks to be a bug with the way the AE handles NAT, Back to my Mac, VPNs, and the mix of them. Hoping this will be fixed with an AE firmeware update.)

    Mac OS X Client Configuration:

    Setting up the client in OS X is just like any other VPN, but here are a couple tips. First, it will be done in the Network Settings. Create a new VPN interface with the "+" button and put in your settings. (this will include your server address and VPN account name:

    Image

    In Authenication Settings, provide your account password, and the Shared Secret. Hit OK.

    Image

    Under Advanced, you'll be able to set for all traffic to be sent thru the VPN. There are other settings as well so you can connect in a way that works best in your situation.

    Image

    Finally, you just hit connect.

    This tutorial got a lot of help from Rusty Ross, a great consultant that works with some customers here at Macminicolo. (Let us know if you'd like to be referred.) If you have questions, you can find us on Twitter @macminicolo. And if you're looking for somewhere safe and connected to place a VPN server, checkout our prices to host a Mac mini with us.

    About Macminicolo.net
    Macminicolo.net, a Las Vegas colocation company, has been hosting Mac minis since their introduction in January 2005. They are the leaders in this niche market and are known for their personal service. They currently host hundreds of Mac minis for satisfied customers located in 31 different countries around the world. Get more info on our frequently asked questions page.

    More Information
    Contact Macminicolo.net
    Pricing and Options


  • 7. Re: The first step to resolving any Lion Server problem...
    David Furland Level 1 Level 1 (0 points)

    This also solves the problem, where you can't acces Profile Manager frontend.

  • 8. Re: The first step to resolving any Lion Server problem...
    Mark23 Level 3 Level 3 (975 points)

    IPv6

     

    In order to get IPv6 working with the services Lion has to offer, please enter the following in terminal.app @ your server (just replace the bold tekst with your IPv6 address or range):

     

    1. sudo -s
    2. ip6fw -f flush
    3. ip6fw -q add allow udp from any to {your IPv6 address or range} 5678,500,1701,4500
    4. ip6fw -q add allow tcp from any to {your IPv6 address or range} 8008,8443,2195,2196,5222,5223,5269,7777,139,548
    5. ip6fw -q add allow tcp from any to {your IPv6 address or range} 25,110,143,587,993,995,80,443,1640
    6. ip6fw -q add allow tcp from any to {your IPv6 address or range} 2195,2196,5223,625,22,311,5900,1723
    7. ip6fw -q add 65535 deny all from any to any


  • 9. Re: The first step to resolving any Lion Server problem...
    Mark23 Level 3 Level 3 (975 points)

    I had multiple IP's set on my server, which randomly seemed to switch. It seems like there is an incompatibility still between Server Admin and server.app. Since Apple is pressing developers to test server admin and server.app I am confident those problems will resolve eventually, but for now I have deleted all-but-1 IPv4 and 1 IPv6 address (same interface), the networking interface overview for my server within Server Admin was updated and it looks like it works solid now, this was not by design I presume, so this must be another bug plaguing Lion...

     

    After upgrading Postgres to 9.1.3 and upgrading webmail (upgrade: usr/share/webmail) from www.roundcube.net, making a new site webmail.example.com with the files stored in /Library/Server/Web/Data/Sites/CustomSitesDefault/webmail/ I made a symbolic link from that 'directory' to the actual built in webmail facility found in /usr/share/webmail by entering the following in terminal.

    ln -s -i /usr/share/webmail/ /Library/Server/Web/Data/Sites/CustomSitesDefault/webmail/

     

    By doing this it will ask to remove a directory, if you didn't put any important files in there, which I presume you didn't, confirm with the letter y and press enter.

     

    Webmail now works every time the way I want it Profile Manager is happy too... for now

  • 10. Re: The first step to resolving any Lion Server problem...
    jaygao168 Level 1 Level 1 (0 points)

    How do I fix Wiki "error reading settings" problem. I followed your instructions by resetting host name, it only fixed "Profiles Manager" issue. Wiki service window still keep showing "error reading settings". THANKS

  • 11. Re: The first step to resolving any Lion Server problem...
    Mark23 Level 3 Level 3 (975 points)

    First, please backup your now working Profile Manager database (device_management) using pgAdmin3 (found here: http://www.postgresql.org/ftp/pgadmin3/release/v1.14.2/osx/).

     

    You'll need to run the following before pgAdmin3 can contact the PostgreSQL database:

     

    sudo nano /System/Library/LaunchDaemons/org.postgresql.postgres.plist

     

    and change the "listen_addresses" property. Then restart postgres (serveradmin stop postgres, serveradmin start postgres) and you'll have port 5432 open to connect with pgAdmin3 so you can access and back up your PostgreSQL database locally.

     

    Now for the wiki: after you've started Terminal from the utilities folder, run:

     

    sudo /System/Library/ServerSetup/CommonExtras/PostgreSQLExtras/CoreCollaborationPost greSQLExtras.sh

     

    NOTE that when you copy the command into terminal it will probably have a white space between "CoreCollaborationPost" and "greSQLExtras.sh" and thus will generate an error if you hit enter.

     

    That will build the roles and set up the database for use with wiki.

    If that doesn't help, please install MediaWiki (found here: www.mediawiki.org), it was very simple to set up and it just works...

     

    Apple just didn't make the implementation of Postgres as user-friendly as they should have. Oh well, soon we'll have 10.7.4 (the new update to Lion) and a little later 10.8 (Mountain Lion; OS X's new version).

     

     

    Hope this helps.

  • 12. Re: The first step to resolving any Lion Server problem...
    Mark23 Level 3 Level 3 (975 points)

    After "and change the 'listen_addresses' property" I meant to say "to 127.0.0.1", but discussions wouldn't let me change any longer...

  • 13. Re: The first step to resolving any Lion Server problem...
    Mark23 Level 3 Level 3 (975 points)

    Thank you for asking me your question. I now found out that the web server shouldn't really be on the same server serving the wiki, so I'll change that.

     

    Shut down the Web-portion in Server.app while keeping the Wiki-portion intact. All problems should be gone now. I'm so happy

  • 14. Re: The first step to resolving any Lion Server problem...
    m3astwood Level 1 Level 1 (0 points)

    I have the same issue as jaygao168 where my Wiki is displaying "Error Reading Settings". I've had this issue in the past, and managed to fix it then but can't do it this time.

     

    I desperately need to get my wiki up and running because it has heaps on there. I have backed it up, but it didn't migrate into a new install of Lion Server...

     

    Every time I try to rebuild the CoreCollaboration SQL Extras sh it says:

     

    Is the server running locally and accepting connections on Unix domain socket "/var/pgsql_socket/.s.PGSQL.5432"?
    createdb: could not connect to database postgres: could not connect to server: No such file or directory

     

    It says that 4 times and does nothing. I've googled madly but can't get it to work. I feel like the postgres server is not running properly. Terminal says it is, but in logs and in my example its continually reports that it couldn't connect, or had incorrect permissions.

     

    I've fixed permissions a hundered times, but to no avail. Please help.

1 2 Previous Next