Skip navigation

No external access to iCal Server.

1717 Views 13 Replies Latest reply: Mar 15, 2012 5:21 AM by mediaserver RSS
Waragainstsleep Calculating status...
Currently Being Moderated
Apr 26, 2011 9:05 AM

I have no external access to iCal Server. I have an iCal server all set up and running on the local network perfectly. DNS is set up fine and working too and port 8443 is open. Clients outside the local network including iPhones will not connect via CalDAV.

 

Snow Leopard server running on Mac Mini 2010 Server. I am completely out of ideas. Server is also running OD, Address Book, Mail and file sharing.

  • Sven-Goran Ljungholm1 Level 2 Level 2 (240 points)
    Currently Being Moderated
    Apr 26, 2011 11:24 AM (in response to Waragainstsleep)

    Are you adding the port number to the address that you are connecting to? Did you try opening 8008?

  • gracoat Level 3 Level 3 (645 points)
    Currently Being Moderated
    Apr 26, 2011 1:13 PM (in response to Waragainstsleep)

    You should have 8008 and 8443 both open on the firewall, first off.  I'm assuming you're not using the NAT and Firewall services in OS X since you're connected to a firewall.

    If both ports ARE indeed open, I suggest that you verify that the certificate is properly installed on the iphone or device that's trying to connect.

    If it is, and you're sure that all the settings are right on the remote device, then the server is probably to blame. 

    I'd start my trouble shooting by seeing if the server will work when NOT using a secure method. 

    In Server Admin, select iCal.  Select Settings and click the Authentication button.

    Under "SSL" choose Don't Use.

    Save your settings.  If it doesn't ask you to restart the iCal service, you should do so.  (most likely it will)

    Now, on your remote devices, create a new Calendar connection to the server that doesn't use SSL.

    If it connects, it's a firewall problem. (again, assuming your certificate is valid)

    If it doesn't connect, it's most likely a remote device problem.

     

    -G

  • Sven-Goran Ljungholm1 Level 2 Level 2 (240 points)
    Currently Being Moderated
    Apr 29, 2011 5:27 AM (in response to Waragainstsleep)

    Have you tried to check the ports yourself from the outside? Can you set up a test user and let us try to connect?

  • Stress Test Level 4 Level 4 (1,265 points)
    Currently Being Moderated
    May 2, 2011 4:41 AM (in response to Waragainstsleep)

    And you are trying to connect to the server with the PUBLIC IP address of the server/router?

  • booginga Calculating status...
    Currently Being Moderated
    May 3, 2011 12:48 PM (in response to Waragainstsleep)

    I am seeing similar issues. Currently I have the following set up:

     

    Internet--pfSense router--OPT1.209--1:1nat--LAN.209--mac mini ical server.

     

    I have a split dns set up to help with nat reflection issues. when i do nslookup with the mac I see that

    LAN.209 <--> server.mydomain.com works resolves both ways. From a computer positioned out side the lan i see that the nslookup WAN.209 <--> server.mydomain.com.  The iCal service works on the LAN subnet. That is the easy part. When I try to probe port 8443 or 8008 from a remote location the ports hang and never respond. The firewall is currently completely disabled and I can access other services such as ssh remotely using the servers dns name. I figured that this could be some issue with dns because I know that dns and ical are closely related, so I changed the dns server of the ical server to googles public dns server and attempted to connect remotely... again nothing. This appears to have no effect on the LAN functionality as well. There must be something Im missing but I would love to be able to update my iCal's from anywhere on the internet.

    Thanks

    Che

     

    P.S. Im willing to provided any other details that might be needed to resolve this issue.

  • booginga Level 1 Level 1 (5 points)
    Currently Being Moderated
    May 3, 2011 1:09 PM (in response to Waragainstsleep)

    So I have an update that might be helpful. After doing some tcpdumping I found that the request are not coming in on port 8443 but port 443. I opened up server admin and changed the port to 443 for the iCal service and now its working on the internet. I would love to know why this behavior is happening and Im wondering what would happen if i was running https on this server?

     

    Thanks

    Che

  • Sven-Goran Ljungholm1 Level 2 Level 2 (240 points)
    Currently Being Moderated
    May 4, 2011 5:24 AM (in response to Waragainstsleep)

    Can you put your server on the DMZ and see if it works? Then you know if it is a firewall issue.

  • mediaserver Calculating status...
    Currently Being Moderated
    Mar 15, 2012 5:21 AM (in response to booginga)

    Hi,

     

    I was having a similar issue with iCal Server. I had Address Book Server and iCal Server working just fine and using SSL without the Firewall activated in Server Admin. I then proceeded activate the firewall, opening up ports 8008 & 8443 (iCal Server) and 8800 & 8843 (Address Book Server). This killed connectivity to iCal Server, but left Address Book Server untouched.

     

    I went through several iterations of turning the firewall on & off, confirming that the client was being stopped by the firewall only.

     

    The solution was to enable port 443 (https) in addition to the ports listed above. Now iCal Server is responsive through the firewall.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.