t.pawelek

Q: Mavericks Caching Server Doesn't Work

Hey Everyone,

 

So I upgraded to 10.9, which is great, purchased the new Server, which is great and no matter what I do I can't get it to work. Which is not so great.

 

Here's the story:

 

1) Clean install of 10.9 on 2013 mac mini. Multiple times in fact.

 

2) Install OS > Configure Network (fixed eth ip) > Disable Wifi > Set Hostname > Configure App Store ID > Download Server > Install Server > Enable Caching.

 

3) Server is not a gateway and is connected directly to the LAN with a fixed IP (via time capsule). External IP confirmed to be the same between Server logs and the clients. Power saving is disabled (mini is on 24/7). Firewall is disabled.

 

4) Multiple clients running latest OSX / iOS. All using the same Apple ID as the Server. Tried some clients with a different ID from the same region (US) and from a different region (EU).

 

5) No matter what I do, the only stuff that's being cached is the system updates (itunes / codecs / etc.). Not a single OSX / iOS app is being cached.

 

6) Tried a variety of .plist changes, increased the log verbosity. No errors in Debug.log: normal registration, etc. But not a single OSX / iOS app is being cached. Downloading apps on clients doesn't do anything (i.e. doesn't spawn a single line of log), even with logging = verbose. Restarting the services doesn't reveal any issues, just a regular registration every single time.

 

7) Asked Apple for help, they asked for log files and remain silent since then (couple of days now).

 

I wasted so much time on this already. I'd be really grateful if anyone pointed me in the right direction (other than a wall with a "bang head here" poster).

Posted on Oct 27, 2013 2:35 AM

Close

Q: Mavericks Caching Server Doesn't Work

  • All replies
  • Helpful answers

first Previous Page 4 of 8 last Next
  • by t.pawelek,

    t.pawelek t.pawelek Nov 2, 2013 9:30 AM in response to fieldgeek
    Level 1 (0 points)
    Nov 2, 2013 9:30 AM in response to fieldgeek

    As much as I appreciate the fact, that DNS & NAT might be crucial for some services to work properly, I really do not see how double NAT and lack of DNS server should have anything to do with the Caching. According to the interwebz, caching works the following way:

     

    1) server registers with Apple (obviously - using its public IP) reporting its local ip, under which it's accessible to clients in its subnet,

    2) clients check with Apple if it knows of any funcional local cache server - at this stage Apple receives the client inquiry from the same external IP as the one that the server used in step (1),

    3) if found, Apple returns the local IP of the server to the client, which then does the update via server's caching service.

     

    So, if the above is true, then lack of local DNS server as well as double, triple or quadruple NATs should have absolutely nothing to do with the caching service working or not.

  • by fieldgeek,

    fieldgeek fieldgeek Nov 2, 2013 9:35 AM in response to alexrmc92
    Level 1 (0 points)
    Nov 2, 2013 9:35 AM in response to alexrmc92

    I'm with Telus (Canada).  I have two area's on the router I can change settings (besides wifi).  Firewall has firewall (basic low medium high), port forwarding by port or app, dmz, and upnp.  Advanced tab is services and website blocking, scheduling access, dhcp reservation, and ping ect.  It's their latest and greatest router/modem but it's been super simplified.  I went looking for a manual for it and found this can be a great little machine until they put their front end on it.

  • by alexrmc92,

    alexrmc92 alexrmc92 Nov 2, 2013 10:18 AM in response to t.pawelek
    Level 1 (60 points)
    Nov 2, 2013 10:18 AM in response to t.pawelek

    @t.pawelek

     

    What are you using for a firewall? If it has a logging feature try looking for denied packets to apple from your server. I have seen instances where incomming data was being blocked, even thought the connection was initiated from the internal side of the network. Especially when data is replied over a different port.

  • by fieldgeek,

    fieldgeek fieldgeek Nov 2, 2013 10:23 AM in response to alexrmc92
    Level 1 (0 points)
    Nov 2, 2013 10:23 AM in response to alexrmc92

    right now there is no firewalls active on any routers or machines, just nat.  The isp'd router doesn't let me see the logs anyway.

  • by t.pawelek,

    t.pawelek t.pawelek Nov 2, 2013 11:26 AM in response to alexrmc92
    Level 1 (0 points)
    Nov 2, 2013 11:26 AM in response to alexrmc92

    @alexrmc92: I'm using RouterOS 6 (Mikrotik) with Level 5 license. I'll try checking for connections, although I doubt anything's being blocked - especially that server registration works just fine (in the logs).

     

    @fieldgeek: Is this a DSL connection? Many modems allow a bridge mode, which means you can then have something on your own behind the modem and that something registers directly with the ISP (pppoe).

     

    There is a PPPoE option in TC/Airport Extreme, but I've never used it myself - I only use Apple stuff as L2 equipment.

  • by fieldgeek,

    fieldgeek fieldgeek Nov 2, 2013 11:59 AM in response to t.pawelek
    Level 1 (0 points)
    Nov 2, 2013 11:59 AM in response to t.pawelek

    My connection is ADSL but the router has no real advanced settings.  I do agree with your earlier post about how it should just work (as most apple things do) as that is how all the documentation reads.  I did try a reinstall of the server and I tried installing it on another machine as a peer, but there was no joy.  I am willing to try that again, if someone knows how to completly remove all the server settings (remove from applications, then deleting the server folder didn't get rid of everything).

  • by t.pawelek,

    t.pawelek t.pawelek Nov 2, 2013 12:03 PM in response to fieldgeek
    Level 1 (0 points)
    Nov 2, 2013 12:03 PM in response to fieldgeek

    It begins to look like we're looking for an issue on our side, which is simply not there. The success of caching goes down to Apple sending local server IP back to ios/osx clients, which apparently is simply not happening (as per my wireshark tests).

     

    Therefore, it's Apple that must get their sh*t together.

  • by alexrmc92,

    alexrmc92 alexrmc92 Nov 2, 2013 2:00 PM in response to t.pawelek
    Level 1 (60 points)
    Nov 2, 2013 2:00 PM in response to t.pawelek

    @t.pawelek

     

    Thats a possibilty, but i doubt this because i use caching server just fine. I've seen instances of firewalls blocking response packets because they come in on a different port. If you can log some denied packets.

  • by Simon Comeau Maretl,

    Simon Comeau Maretl Simon Comeau Maretl Nov 2, 2013 3:11 PM in response to t.pawelek
    Level 1 (0 points)
    Nov 2, 2013 3:11 PM in response to t.pawelek

    Same problem here. Caching Server is working for system updates, but not for Mac/iOS Apps.

     

    I am in Canada. And am wondering:  Is it working for some people outsite of the US? Those of you who got it working, can you tell us in what country your server is located and if the Apple ID you are using is associated with the same country?

     

    Thanks!

  • by MrHoffman,

    MrHoffman MrHoffman Nov 2, 2013 3:13 PM in response to fieldgeek
    Level 6 (15,627 points)
    Mac OS X
    Nov 2, 2013 3:13 PM in response to fieldgeek

    fieldgeek wrote:

     

    Thanks for the quick response.  So I tried setting time capsule on a DMZ with my isp's router, but it still complained of double nat.  I guess it isn't going to be that easy.  I know I can set up time capsule into bridge mode to solve this part way.  My ISP's router is pretty locked down, I don't have access to the DHCP settings, I can't even turn it off and I know it would be cleanest for server to provide DHCP.  Will portforwarding on the router to server for DNS be enough or will I have to manualy insert it in each machine's DNS list?

     

    Time Capsule can be configured as an access point (what Apple calls bridging) as you've found, but it's not AFAIK capable of being a firewall other than via its NAT capabilities.  Open-source or commercial devices can be used in that capacity.   Alternatively, some ISPs are willing to switch the modems from a gateway-router over into a bridged mode — and where the ISP modem supports bridging — which would allow you to return your Time Capsule to its NAT mode and out of its access point (bridged) mode, or you could choose to install some other NAT-capable firewall.

     

    The component of DNS that's important here is not the DNS-name-to-IP-address translation, it's the IP address to DNS name translation.  With NAT and the private IP address block that you're using, that translation is not feasible with your ISP DNS servers.  Which means local DNS services.  Which means configuring OS X Server DNS either in a bogus domain such as host.fieldgeek or (far preferable) in a real domain (or subdomain of a domain) that you've registered and are using within your local network, and set up by following the directions I'd linked earlier.

     

    But this question really belongs in its own separate thread, as it's just going to serve to further confuse this Caching Server thread.

  • by t.pawelek,

    t.pawelek t.pawelek Nov 2, 2013 3:14 PM in response to alexrmc92
    Level 1 (0 points)
    Nov 2, 2013 3:14 PM in response to alexrmc92

    @alexrmc92: can you kindly elaborate?

     

    Which packets are the ones you're refering to? As far as I undersand, there are two phases in a regular cached update:

     

    A - Server Registration

     

    A1) Server sends a registration request to Apple (via HTTP) - including its lan IP

    A2) Server receives a confirmation from Apple

     

    B - Client Request

     

    B1) Client sends an update/download request to Apple

    B2) Apple responds with a caching server lan IP

    B3) Client requests the update via Caching Service

     

    What happens afterwards doesn't matter much in my case, as I know for sure that the clients never ever send anything to the server on its lan IP (apart from regular broadcasts which are irrelevant). I've never looked at B2 content, but I'm guessing it would be SSL'd and unreadable.

     

    So - which packets have you experienced to be blocked by firewalls?

  • by jcouani,

    jcouani jcouani Nov 2, 2013 4:04 PM in response to Simon Comeau Maretl
    Level 1 (0 points)
    Nov 2, 2013 4:04 PM in response to Simon Comeau Maretl

    Working here in Sydney Australia.

    MacOSX and iOS, multiple devices on both platforms.

    Think I just fluked it.

    If it hadn't worked i'd be here asking noob questions…!

  • by alexrmc92,

    alexrmc92 alexrmc92 Nov 2, 2013 5:07 PM in response to t.pawelek
    Level 1 (60 points)
    Nov 2, 2013 5:07 PM in response to t.pawelek

    A2 and B2 would be the main suspects. You dont need to know the packets contents, but rather just look in the logs of your firewall (which i assume router os has?)

     

    You will see things like "denied connection from <APPLE IP> to <LAN IP OF CLIENT>" it also describe ports.

  • by t.pawelek,

    t.pawelek t.pawelek Nov 3, 2013 5:02 PM in response to alexrmc92
    Level 1 (0 points)
    Nov 3, 2013 5:02 PM in response to alexrmc92

    It is not the firewall. As I already said multiple times, server registers with Apple just fine, but then the clients do not receive instructions (again - from Apple) to talk to local server when attempting an update.

     

    So at this stage we ruled out the following suspects:

     

    - NAT (doesn't harm caching service),

    - Firewall (has nothing to do with LAN communication),

    - DNS (doesn't seem to be affecting the service in any way, Apple should return lan IP (not the hostname) for the clients to talk to caching server)

     

    I'm still at square one

     

    @Simon Comeau Maretl: We have a network of offices that spans across 3 continents (including US)... so I can vpn myself out to the Internet anywhere I want. Our main business Apple ID is US. I can try and play with the location of my external IP, but I can't recall a single time when Apple restricted access to any services using geo-localisation of customer's IPs.

     

    @jcouani: Can you kindly confirm if you're using Australian Apple ID?

  • by shuether,

    shuether shuether Nov 5, 2013 10:31 AM in response to t.pawelek
    Level 1 (0 points)
    Nov 5, 2013 10:31 AM in response to t.pawelek

    I'm having similar issues. I've set it up and the logs show it registered sucessfully with Apple. Mini is running as DNS and Caching Server for local network, router is handeling DHCP. Everything looks like its working but no iOS stuff is cached. Mac updates and MAc apps show up in cache but nothing else.

     

    My only thought at this point is maybe the fact that my ISP isn't giving me a static IP is causing problems? The IP hasnt changed in months but technically its a dynamic IP. Might try moving my server to a static IP and seeing what happens.

     

    Router is a Cisco RV180, Mac mini is mid 2010, everything uptodate. In Canada, ISP is Shaw Cable, using Canadian iTunes account.

first Previous Page 4 of 8 last Next