true3man

Q: Lion Server problem - Computer is already a network directory server

So I purchased Lion Server to trial it at home and it is not going well. Initially I was having issues connecting to the web interfaces for profile manager, etc. The server was not responding and so I uninstalled server and reinstalled it from the Mac Store (FYI: Apple has charged me for the OS and the server app as a result of this for some reason!!!)

 

With Server reinstalled I went to set up the server as a network directory and am shown this message every time I try to set up the directory admin account: "Computer is already a network directory server - This computer is already configured to manage network accounts. It cannot be configured again."

 

This leaves me unable to set up any profile or device management, I have tried the following solutions:

 

  1. Uninstall and reinstall server
  2. Deleted ServerVersion plist
  3. Reinstalled Lion
  4. Reinstalled Lion with format of HDD (although I did recover from a Time Machine Backup which included settings)

 

Any help would be appreciated.

Posted on Jul 28, 2011 2:10 AM

Close

Q: Lion Server problem - Computer is already a network directory server

  • All replies
  • Helpful answers

first Previous Page 3 of 3
  • by MDallimore,

    MDallimore MDallimore Oct 8, 2011 10:09 AM in response to OneClick
    Level 1 (5 points)
    Oct 8, 2011 10:09 AM in response to OneClick

    Hi,

    I have this issue and its driving me nuts.

    I've read through all the suggestions but can't seem to resolve this at all.

    Anyone got any hints or advice as I just can't get a local OD to premote with getting the CA error.

     

    2011-10-08 17:05:59 +0000 ***Error creating intermediate CA. Error - The specified item already exists in the keychain.

    2011-10-08 17:05:59 +0000 Intermediate CA creation failed with error - -25299

    2011-10-08 17:05:59 +0000 Destroying OD master as CA creation failed with error 75

     

    Thanks for any advice you might be able to offer.

  • by Xenolith,

    Xenolith Xenolith Oct 8, 2011 2:54 PM in response to MDallimore
    Level 1 (25 points)
    Oct 8, 2011 2:54 PM in response to MDallimore
    • Correct DNS?
      • Forward & reverse mappings?
    • Delete the necessary keys in the system keychain?
    • Run Keychain FirstAid in Keychain Access

     

    These are the things that all here have found to be the cause/remedy to this issue.

  • by MDallimore,

    MDallimore MDallimore Oct 9, 2011 1:30 AM in response to Xenolith
    Level 1 (5 points)
    Oct 9, 2011 1:30 AM in response to Xenolith

    I'm at a loss.

     

    DNS is fine.

     

    Mappings are resolving correctly.

     

    I'm sitting on the server running Keychain I've deleted everything that relates to my server but still I get the same error. Run FirstAid and even that tells me everything is A OK.........

     

    I really do want to avoid a reinstall but at the moment it seems likely?

  • by fzawadiak,

    fzawadiak fzawadiak Oct 23, 2011 3:54 PM in response to true3man
    Level 1 (0 points)
    Oct 23, 2011 3:54 PM in response to true3man

    Had the same problem. Turned out that CA directory had to be removed from:

    /var/root/Library/Application Support/Certificate Authority

  • by gregoryfromrocklea,

    gregoryfromrocklea gregoryfromrocklea Nov 2, 2011 6:51 AM in response to fzawadiak
    Level 1 (0 points)
    Nov 2, 2011 6:51 AM in response to fzawadiak

    fzawadiak, thank you for your last response.  I tried everything with no fix, until I removed the folder in /var/root/Library/Application Support/Certificate Authority.

  • by GSB_admin,

    GSB_admin GSB_admin Jan 29, 2012 12:44 AM in response to fzawadiak
    Level 1 (0 points)
    Jan 29, 2012 12:44 AM in response to fzawadiak

    Thank you SOO much! This was a real headache for me, and this cleared it right up. Now i'm back to getting the profilemanager running again as it says it is disabled, even though it is enabled. Cracked that nut before....

  • by Kimbakat,

    Kimbakat Kimbakat May 17, 2012 10:36 AM in response to gregoryfromrocklea
    Level 1 (65 points)
    May 17, 2012 10:36 AM in response to gregoryfromrocklea

    WHOLEY MOLEY! THAT WORKED.

     

    Get into that /var/root/Library/Application Support/Certificate Authority

     

    ..and delete every one of those MoFos!

  • by LLange,

    LLange LLange Jun 4, 2012 2:48 AM in response to fzawadiak
    Level 1 (4 points)
    Jun 4, 2012 2:48 AM in response to fzawadiak

    Recap :

    If for some reason you have LDAP error -14006 or problem with LDAP state "Not running" :

     

    1) Remove Certificate used by LDAP from the Keychain as well as :

    IntermediateCA_hostname

    OPENDIRECTORY_ROOT_CA_IDENTITY

    OPENDIRECTORY_INT_CA_IDENTITY

    MACHINE_IDENTITY

     

    2) sudo rm -R /var/root/Library/Application\ Support/Certificate\ Authority/

     

    Many thanks to fzawadiak

  • by Twistan,

    Twistan Twistan Jul 12, 2012 5:10 AM in response to LLange
    Level 1 (11 points)
    Mac OS X
    Jul 12, 2012 5:10 AM in response to LLange

    Summary:

    How to fix Open Directory after Changing your Server's Hostname (see separate post)

     

    Problem:

    I had to change our server's hostname from a private hostname (server.name.private) to a public hostname (name.dyndns.org).

     

    Procedure:

     

    1. Precautions:

    Since I was anticipating major dramas I tested the change of hostname on a clone ( I used Super Duper, and I very strongly advise everybody to heed this warning because a change of hostname will corrupt your server services, in particular Open Directory)

    Second, I exported the network users from Server Admin and copied the archive to the Drop Folder of the server's local account (because the network accounts will be unavailable after demoting the OD Master.)

     

    2. Change hostname and demote OD Master

    a) I re-booted the server from the clone

    b) I changed the hostname in Server App and I noticed that the Open Directory Password and the Kerberos database were still stuck with the old hostname.

    c)  I then demoted to a standalone directory (Server Admin) and I tried to promote the server to an OD Master using the Server App (Manage Network Accounts). Server App always returned an error saying I should check my network settings.

     

    3. List of 'fixes'

    I tried the following fixes to no avail (which does not mean that you can skip them)

    a) I checked the DNS entries, forward and reverse were working fine (sudo checkip -changehostname)

    b) Checked with Lookup in Network Utility, all was fine

    c) I deleted all system certificates (Keychain) which showed the name of the previous hostname

    ( N.B. you need not delete email certificate and private/public keys)

    d) I tried to assign a new static IP in Networking Preferences (had no visible result)

    e) I re-booted from the working drive and I re-paired permissions on the clone; I ran disk repairs.

     

    Despite all this I could not re-create an OD Master.

    I then looked for this dubious folder /var/root/Library/Application Support/Certificate Authority.

    I could not find this folder when using the Finder's Go To Folder, nor did "Easy Find" see this folder.

     

    I was about to give up when I read the posts on this page and I entered the Terminal commands

    sudo rm -R /var/root/Library/Application\ Support/Certificate\ Authority/

     

    I had not much hope when I set about to re-create the OD Master from the Server App.

    But lo and behold !!! I did not trust my eyes when Server App claimed that the OD Master had been successfully created. And indeed, Server admin showed a running OD Master, LDAP, Kerberos and Password Server all running again !

     

    Final touch: re-import the user accounts.

     

    Epilogue:

    I woud not have been able to fix this issue had not so many others shared their experience and the working solution.

    Thank you all !

     

    Let's hope that Apple will fix this annoying issue in the next server update.

     

    Regards,

    Twistan

  • by FlorianLeo,

    FlorianLeo FlorianLeo Nov 30, 2013 6:12 AM in response to true3man
    Level 1 (9 points)
    Mac OS X
    Nov 30, 2013 6:12 AM in response to true3man

    I had the same problem. I looked at the OD's Configuration-Log and found one interesting entry:

     

    2013-11-29 18:29:46 +0000 Creating admin user

    2013-11-29 18:29:48 +0000 Creating certificate authorities & hostname certificate

    2013-11-29 18:29:49 +0000 Creating root CA with COBA Open Directory-Zertifizierungsstelle

    2013-11-29 18:29:49 +0000 ***Error creating domain CA. Error - The specified item already exists in the keychain.

    2013-11-29 18:29:49 +0000 Root CA creation failed with error - -25299

     

     

    However - I couldn't find anything in Keychain?!

     

    I opened Terminal and did a sudo find / -name *Zertifizierungsstelle* and was really surprised that I found 2 directories still containing the certificates for the former root-ca and intermediate-ca at /private/var/root/Library/Application Support/Certificate Authority/

    And from there there were 2 subdirectories containing the mentioned certificates.

     

    I removed the 2 subdirectories and gave it another try - tata

  • by thightower,

    thightower thightower Jan 11, 2014 6:04 PM in response to fzawadiak
    Level 1 (5 points)
    Jan 11, 2014 6:04 PM in response to fzawadiak

    sudo rm -R /var/root/Library/Application\ Support/Certificate\ Authority/

     

    After a long couple of days, and a little more grey hair. (What I didn't pull out) This resolved my issue as well. 

     

    Thank you, fzawadiak

first Previous Page 3 of 3