luke__099486849888

Q: SSL Addressbook-Service suddenly stopped working (OSX 10.7.5 Server)

Hi,

 

i'm having problems with my Addressbook-Server. It suddenly stopped working with SSL. It work flawlessly for years and suddenly i can't reach it over SSL.

 

In the Browser I can reach the server with http://my.domain.at:8008/addressbooks/users/Lukas/ without a problem but as soon as i try it with the SSL URL https://my.domain.at:8443/addressbooks/users/Lukas/ it doesn't respond. T

 

he Calendar-Service works with and without SSL.

 

There are a few Konsol Messages

 

When trying to add an account.

 

05.10.15 09:02:30,831 accountsd[1031]: [CardDAVPlugin-ERROR] No 'AddlInfoKey' present to save: {

}

(CoreDAVHTTPStatusErrorDomain-Fehler 405.)

When an account it added via a profile. The 503 message commes every 30 seconds.

05.10.15 08:50:35,061 Contacts[715]: [CardDAVPlugin-ERROR] -getHomeInfo:[_controller containersAtURLs:{(

    https://lukas@my.domain.at/addressbooks/__uids__/C098C3CC-6135-4E07-85F5-0693D35 074DD///lukas@my.domain.at/addressbooks/__uids__/C098C3CC-6135-4E07-85F5-0693D35074DD/

)}] Error Domain=CoreDAVHTTPStatusErrorDomain Code=405 "(null)" UserInfo={CoreDAVHTTPHeaders=<CFBasicHash 0x7fedfbc1fca0 [0x7fff7a86d890]>{type = immutable dict, count = 7,

entries =>

  0 : Server = <CFString 0x7fedf9c4e570 [0x7fff7a86d890]>{contents = "Apache/2.2.26 (Unix) PHP/5.3.28 with Suhosin-Patch mod_ssl/2.2.26 OpenSSL/0.9.8za DAV/2"}

  1 : Content-Type = <CFString 0x7fedf9c81210 [0x7fff7a86d890]>{contents = "text/html; charset=iso-8859-1"}

  2 : Allow = <CFString 0x7fedf9c8a120 [0x7fff7a86d890]>{contents = "GET,HEAD,POST,OPTIONS"}

  6 : Date = <CFString 0x7fedf9c96750 [0x7fff7a86d890]>{contents = "Mon, 05 Oct 2015 06:50:35 GMT"}

  10 : Keep-Alive = <CFString 0x7fedf9cc4ab0 [0x7fff7a86d890]>{contents = "timeout=15, max=100"}

  11 : Content-Length = 433

  12 : Connection = <CFString 0x7fff7a811190 [0x7fff7a86d890]>{contents = "Keep-Alive"}

}

}

 

 

 

 

05.10.15 08:49:52,115 AddressBookSourceSync[933]: [CardDAVPlugin-ERROR] -getPrincipalInfo:[_controller supportsRequestCompressionAtURL:https://lukas@my.domain.at/principals/__uids__/C098C3CC-6135-4E07-85F5-0693D3507 4DD///lukas@my.domain.at/principals/__uids__/C098C3CC-6135-4E07-85F5-0693D35074DD/] Error Domain=CoreDAVHTTPStatusErrorDomain Code=503 "(null)" UserInfo={CoreDAVHTTPHeaders=<CFBasicHash 0x7f8f9b714270 [0x7fff7a86d890]>{type = immutable dict, count = 4,

entries =>

  3 : Content-Length = 471

  4 : Connection = close

  5 : Content-Type = <CFString 0x7f8f9b55f6b0 [0x7fff7a86d890]>{contents = "text/html; charset=iso-8859-1"}

  6 : Date = <CFString 0x7f8f9b5356f0 [0x7fff7a86d890]>{contents = "Mon, 05 Oct 2015 06:49:52 GMT"}

}

 

Since it gets 405 and 503 error messages it cant get to the server so there are no error messages on the server.

 

It is really strange that the calendar service is working and the contact service not via ssl.

 

Where should i look first. I haven't toughed any config files. Should i post any?

 

Thanks for for the support in advance

Posted on Oct 5, 2015 12:53 AM

Close

Q: SSL Addressbook-Service suddenly stopped working (OSX 10.7.5 Server)

  • All replies
  • Helpful answers

Page 1 Next
  • by jepping,

    jepping jepping Oct 5, 2015 6:26 AM in response to luke__099486849888
    Level 2 (430 points)
    Oct 5, 2015 6:26 AM in response to luke__099486849888

    Did you reboot the router already? Can the port 8843 at it's address be reached by using: http://www.yougetsignal.com/tools/open-ports/

    Does it work locally?

     

    Any changes in the configuration lately? Did you add any software or change services in web? Has the server been rebooted?

    Goodluck

     

    Jeffrey

  • by luke__099486849888,

    luke__099486849888 luke__099486849888 Oct 5, 2015 7:03 AM in response to jepping
    Level 1 (0 points)
    Oct 5, 2015 7:03 AM in response to jepping

    thank you very much for the response!

     

    Server has been rebooted multiple times and the router has also been checked.

     

    Internally i can't reach the 8843 Port when i'm testing it with the network utility.

     

    In recent times nothing has changed. I have a couple of sites and redirects to nginx machines but that is running for good 2 years now.

     

    But i saw that the /etc/caldavd/caldacd.plist was modified a few days ago. I dont now why but i restored that file from a few month ago but it still doesnt work.

     

    When i try to restart the service i get the following error also and the plist filed is modified:

    intern:apache2 admin$ sudo serveradmin start calendar

    2015-10-05 16:00:34.702 serveradmin[8324:907] xswebconfig failed: Exception:

    undefined method `downcase' for nil:NilClass

    2015-10-05 16:00:36.123 serveradmin[8324:907] xswebconfig failed: Exception:

    undefined method `downcase' for nil:NilClass

    2015-10-05 16:00:37.715 serveradmin[8324:907] xswebconfig failed: Exception:

    undefined method `downcase' for nil:NilClass

    2015-10-05 16:00:39.295 serveradmin[8324:907] xswebconfig failed: Exception:

    undefined method `downcase' for nil:NilClass

    calendar:state = "RUNNING"

    calendar:setStateVersion = 1

    calendar:readWriteSettingsVersion = 1

    luke

  • by jepping,

    jepping jepping Oct 5, 2015 7:18 AM in response to luke__099486849888
    Level 2 (430 points)
    Oct 5, 2015 7:18 AM in response to luke__099486849888

    Hi Luke,

     

    What do you get from this command:

    sudo serveradmin settings addressbook

     

    and can you reach this address on your server itself: https://127.0.0.1:8843

     

    When you restored that file, did you check for the correct permissions?

    Has access to the contacts been limited by the new server.app? Go to the server.app, top left, select your server and go to access. Anything different there?

    Goodluck


    Jeffrey

  • by luke__099486849888,

    luke__099486849888 luke__099486849888 Oct 5, 2015 7:46 AM in response to luke__099486849888
    Level 1 (0 points)
    Oct 5, 2015 7:46 AM in response to luke__099486849888

    thanks again for the help!

     

    I used Time-Machine to restore the file. The permissions are root:wheel rw-r-r. Same as the caldavd.plist.default file in the same directory.

     

    I think i am blind regarding the server.app access pane. I only know that from the server_admin.app, but cant find it in the server.app. can you specify in there that you can only connect via http and not via https.


    I can connect to the server without a problem with http but cant on https even on the server directly with the local IP https://127.0.0.1:8843/

     

    For the command "sudo serveradmin settings addressbook" im getting:

     

    addressbook:MaxResourceSize = 1048576

    addressbook:WebCalendarAuthPath = "/auth"

    addressbook:DirectoryService:params:cacheTimeout = 1

    addressbook:DirectoryService:params:node = "/Search"

    addressbook:DirectoryService:type = "twistedcaldav.directory.appleopendirectory.OpenDirectoryService"

    addressbook:Aliases = _empty_dictionary

    addressbook:BindSSLPorts:_array_index:0 = 8443

    addressbook:BindSSLPorts:_array_index:1 = 8843

    addressbook:EnablePrincipalListings = no

    addressbook:EnableDropBox = yes

    addressbook:DocumentRoot = "/Volumes/ServerData/Library/Server/Calendar and Contacts"

    addressbook:ConfigRoot = "/etc/caldavd"

    addressbook:SSLPrivateKey = "/etc/certificates/intern.dolzer.at.3E8305035A77FF951926411713656293DA077B3E.ke y.pem"

    addressbook:FreeBusyURL:AnonymousAccess = no

    addressbook:FreeBusyURL:Enabled = yes

    addressbook:FreeBusyURL:TimePeriod = 14

    addressbook:ProcessType = "Combined"

    addressbook:GlobalStatsSocket = "caldavd-stats.sock"

    addressbook:UserName = "calendar"

    addressbook:MaxInstancesForRRULE = 400

    addressbook:Sharing:Enabled = yes

    addressbook:BindHTTPPorts:_array_index:0 = 8008

    addressbook:BindHTTPPorts:_array_index:1 = 8800

    addressbook:EnableAnonymousReadRoot = no

    addressbook:GroupName = "calendar"

    addressbook:SSLAuthorityChain = "/etc/certificates/intern.dolzer.at.3E8305035A77FF951926411713656293DA077B3E.ch ain.pem"

    addressbook:DSN = ":caldav:caldav:::"

    addressbook:HTTPPort = 8008

    addressbook:PIDFile = "caldavd.pid"

    addressbook:ServerRoot = "/Volumes/ServerData/Library/Server/Calendar and Contacts"

    addressbook:EnableTimezoneService = yes

    addressbook:UserQuota = 104857600

    addressbook:EnableWebAdmin = yes

    addressbook:GlobalSharedAddressBook:GroupShortName = "workgroup"

    addressbook:EnableCalDAV = yes

    addressbook:MaxCollectionsPerHome = 50

    addressbook:MultiProcess:ProcessCount = 0

    addressbook:EnableProxyPrincipals = yes

    addressbook:Authentication:Digest:Algorithm = "md5"

    addressbook:Authentication:Digest:Enabled = yes

    addressbook:Authentication:Digest:Qop = ""

    addressbook:Authentication:Kerberos:ServicePrincipal = ""

    addressbook:Authentication:Kerberos:Enabled = yes

    addressbook:Authentication:Wiki:UseSSL = no

    addressbook:Authentication:Wiki:Enabled = yes

    addressbook:Authentication:Wiki:Hostname = "127.0.0.1"

    addressbook:Authentication:Basic:Enabled = no

    addressbook:ErrorLogFile = "error.log"

    addressbook:EnableMonolithicCalendars = yes

    addressbook:DefaultLogLevel = "warn"

    addressbook:MaxAttendeesPerInstance = 100

    addressbook:SSLCertificate = "/etc/certificates/intern.dolzer.at.3E8305035A77FF951926411713656293DA077B3E.ce rt.pem"

    addressbook:ReadPrincipals = _empty_array

    addressbook:EnableSACLs = yes

    addressbook:RunRoot = "/var/run/caldavd"

    addressbook:DBType = "postgres"

    addressbook:Notifications:CoalesceSeconds = 3

    addressbook:Notifications:Services:XMPPNotifier:CalDAV:SubscriptionURL = "https://intern.dolzer.at:8080/subscription"

    addressbook:Notifications:Services:XMPPNotifier:CalDAV:APSBundleID = "com.apple.calendar.XServer.6dabaeaf-13fa-4f1e-b651-2de7f4f28b07"

    addressbook:Notifications:Services:XMPPNotifier:Host = "intern.dolzer.at"

    addressbook:Notifications:Services:XMPPNotifier:CardDAV:SubscriptionURL = "https://intern.dolzer.at:8080/subscription"

    addressbook:Notifications:Services:XMPPNotifier:CardDAV:APSBundleID = "com.apple.contact.XServer.fa0445e4-6902-4756-8b7f-d1cae0c4bb69"

    addressbook:Notifications:Services:XMPPNotifier:JID = "com.apple.notificationuser@intern.dolzer.at"

    addressbook:Notifications:Services:XMPPNotifier:Enabled = yes

    addressbook:Notifications:Services:XMPPNotifier:Service = "twistedcaldav.notify.XMPPNotifierService"

    addressbook:Notifications:Services:XMPPNotifier:Password = "khsZTE8sMhmT8kPh"

    addressbook:Notifications:Services:XMPPNotifier:Port = 5218

    addressbook:Notifications:Services:XMPPNotifier:ServiceAddress = "pubsub.intern.dolzer.at"

    addressbook:EnableAnonymousReadNav = no

    addressbook:ServerHostName = ""

    addressbook:DataRoot = "Data"

    addressbook:EnablePrivateEvents = yes

    addressbook:BindAddresses = _empty_array

    addressbook:AdminPrincipals = _empty_array

    addressbook:RedirectHTTPToHTTPS = yes

    addressbook:EnableSearchAddressBook = no

    addressbook:EnableCardDAV = yes

    addressbook:DirectoryAddressBook:params:queryPeopleRecords = no

    addressbook:DirectoryAddressBook:params:queryUserRecords = no

    addressbook:DirectoryAddressBook:Enabled = yes

    addressbook:LogRoot = "/var/log/caldavd"

    addressbook:SSLPort = 8443

    addressbook:MaxResourcesPerCollection = 10000

    addressbook:AccessLogFile = "access.log"

    addressbook:RotateAccessLog = yes

    addressbook:OpenDirectoryModule = "calendarserver.platform.darwin.od.opendirectory"

    addressbook:EnableSSL = yes

    addressbook:Scheduling:CalDAV:EmailDomain = ""

    addressbook:Scheduling:CalDAV:HTTPDomain = ""

    addressbook:Scheduling:CalDAV:AddressPatterns = _empty_array

    addressbook:Scheduling:iMIP:Sending:Server = "localhost"

    addressbook:Scheduling:iMIP:Sending:UseSSL = yes

    addressbook:Scheduling:iMIP:Sending:Username = "com.apple.calendarserver"

    addressbook:Scheduling:iMIP:Sending:Address = "com.apple.calendarserver@intern.dolzer.at"

    addressbook:Scheduling:iMIP:Sending:Password = "beZOSXJeruDgfrA5"

    addressbook:Scheduling:iMIP:Sending:Port = 587

    addressbook:Scheduling:iMIP:Enabled = yes

    addressbook:Scheduling:iMIP:MailGatewayPort = 62310

    addressbook:Scheduling:iMIP:Receiving:Server = "localhost"

    addressbook:Scheduling:iMIP:Receiving:UseSSL = yes

    addressbook:Scheduling:iMIP:Receiving:Username = "com.apple.calendarserver"

    addressbook:Scheduling:iMIP:Receiving:PollingSeconds = 30

    addressbook:Scheduling:iMIP:Receiving:Type = "imap"

    addressbook:Scheduling:iMIP:Receiving:Password = "beZOSXJeruDgfrA5"

    addressbook:Scheduling:iMIP:Receiving:Port = 993

    addressbook:Scheduling:iMIP:AddressPatterns:_array_index:0 = "mailto:.*"

    addressbook:Scheduling:iMIP:MailGatewayServer = "localhost"

    addressbook:Scheduling:iSchedule:Enabled = no

    addressbook:Scheduling:iSchedule:Servers = "servertoserver.xml"

    addressbook:Scheduling:iSchedule:AddressPatterns = _empty_array

     

    luke

  • by jepping,

    jepping jepping Oct 5, 2015 7:56 AM in response to luke__099486849888
    Level 2 (430 points)
    Oct 5, 2015 7:56 AM in response to luke__099486849888

    You should resolve the reachability of https://127.0.0.1:8843. It that doesn't work, any other work will not help at all.

     

    It could be a firewall rule, redirect in webservices or limited access due to restrictions setup in the server.app.

    Go to the top left in the server.app, click on your server icon (a macmini for instance) en go to the tab on the right named access.

    Verify access to the contacts services there.

    Do you get a not allowed or another message when you try to reach your server.

     

    Also please clean up the export of your settings, it has some passwords and perhaps will grant access to your server in them.

    Goodluck

     

    Jeffrey

  • by luke__099486849888,

    luke__099486849888 luke__099486849888 Oct 5, 2015 8:46 AM in response to jepping
    Level 1 (0 points)
    Oct 5, 2015 8:46 AM in response to jepping

    that is really strange that i cannot connect it directly on the server on port 8843/8443.

     

    The browser acts like there is no httpd-service running on port 8843 "cannot connect to the server" no permissions error, but normal sites with the standard 443 ports work normal.

     

    There is no firewall running on the server right now.

     

    I am still blind. Can it be that because i'm still on lion 10.7 that i don't have that feature. I see it in the Server-Admin.app and there i have access to the contact service.

    screenshot_serverapp.pngscreenshot_serveradminapp.png

  • by luke__099486849888,

    luke__099486849888 luke__099486849888 Oct 5, 2015 9:12 AM in response to luke__099486849888
    Level 1 (0 points)
    Oct 5, 2015 9:12 AM in response to luke__099486849888

    i'm seeing that the server is not listening to the ports 8843/8443 now.

     

    sudo lsof -i | grep LISTEN

    launchd       1           root    9u  IPv4 0xffffff803cf72c20      0t0    TCP localhost:31415 (LISTEN)

    launchd       1           root   17u  IPv6 0xffffff803cf78d80      0t0    TCP *:asip-webadmin (LISTEN)

    launchd       1           root   18u  IPv4 0xffffff803cf72500      0t0    TCP *:asip-webadmin (LISTEN)

    launchd       1           root   23u  IPv6 0xffffff803cf789c0      0t0    TCP localhost:ipp (LISTEN)

    launchd       1           root   24u  IPv4 0xffffff803cf71de0      0t0    TCP localhost:ipp (LISTEN)

    launchd       1           root   94u  IPv6 0xffffff803cf78600      0t0    TCP *:afpovertcp (LISTEN)

    launchd       1           root   96u  IPv4 0xffffff803cf716c0      0t0    TCP *:afpovertcp (LISTEN)

    launchd       1           root  107u  IPv4 0xffffff803cf70fa0      0t0    TCP *:dec_dlm (LISTEN)

    launchd       1           root  108u  IPv6 0xffffff803cf78240      0t0    TCP *:dec_dlm (LISTEN)

    launchd       1           root  110u  IPv4 0xffffff803cf70880      0t0    TCP *:rfb (LISTEN)

    launchd       1           root  111u  IPv6 0xffffff803cf77e80      0t0    TCP *:rfb (LISTEN)

    launchd       1           root  113u  IPv4 0xffffff803cf6ec00      0t0    TCP *:microsoft-ds (LISTEN)

    launchd       1           root  114u  IPv6 0xffffff803cf77ac0      0t0    TCP *:microsoft-ds (LISTEN)

    launchd       1           root  116u  IPv4 0xffffff803cf6e4e0      0t0    TCP *:22022 (LISTEN)

    postgres_    98      _postgres    3u  IPv4 0xffffff80404b3c20      0t0    TCP localhost:postgresql (LISTEN)

    master       99           root   12u  IPv4 0xffffff803cf6fa40      0t0    TCP *:smtp (LISTEN)

    master       99           root   13u  IPv6 0xffffff803cf76f80      0t0    TCP *:smtp (LISTEN)

    master       99           root   26u  IPv4 0xffffff803f34ade0      0t0    TCP *:submission (LISTEN)

    master       99           root   27u  IPv6 0xffffff803cf76440      0t0    TCP *:submission (LISTEN)

    slapd       100           root    8u  IPv4 0xffffff803f349fa0      0t0    TCP *:ldap (LISTEN)

    slapd       100           root    9u  IPv6 0xffffff803cf75cc0      0t0    TCP *:ldap (LISTEN)

    named       103           root   20u  IPv4 0xffffff803f34bc20      0t0    TCP localhost:domain (LISTEN)

    named       103           root   21u  IPv4 0xffffff803f34b500      0t0    TCP intern.dolzer.at:domain (LISTEN)

    named       103           root   22u  IPv4 0xffffff803cf6f320      0t0    TCP localhost:xns-ch (LISTEN)

    named       103           root   23u  IPv4 0xffffff803f3474e0      0t0    TCP 172.16.30.1:domain (LISTEN)

    named       103           root   24u  IPv4 0xffffff804292f320      0t0    TCP 192.168.82.1:domain (LISTEN)

    dovecotd    104           root   14u  IPv4 0xffffff80404b3500      0t0    TCP *:sieve (LISTEN)

    dovecotd    104           root   15u  IPv6 0xffffff803cf75540      0t0    TCP *:sieve (LISTEN)

    dovecotd    104           root   16u  IPv4 0xffffff80404b2de0      0t0    TCP *:callbook (LISTEN)

    dovecotd    104           root   17u  IPv6 0xffffff803cf75180      0t0    TCP *:callbook (LISTEN)

    dovecotd    104           root   21u  IPv4 0xffffff80404b26c0      0t0    TCP *:pop3 (LISTEN)

    dovecotd    104           root   22u  IPv6 0xffffff8040533d80      0t0    TCP *:pop3 (LISTEN)

    dovecotd    104           root   23u  IPv4 0xffffff80404b1fa0      0t0    TCP *:pop3s (LISTEN)

    dovecotd    104           root   24u  IPv6 0xffffff80405339c0      0t0    TCP *:pop3s (LISTEN)

    dovecotd    104           root   29u  IPv4 0xffffff80404b1880      0t0    TCP *:imap (LISTEN)

    dovecotd    104           root   30u  IPv6 0xffffff8040533600      0t0    TCP *:imap (LISTEN)

    dovecotd    104           root   31u  IPv4 0xffffff80404b1160      0t0    TCP *:imaps (LISTEN)

    dovecotd    104           root   32u  IPv6 0xffffff8040533240      0t0    TCP *:imaps (LISTEN)

    cupsd       105           root   11u  IPv6 0xffffff803cf789c0      0t0    TCP localhost:ipp (LISTEN)

    cupsd       105           root   12u  IPv4 0xffffff803cf71de0      0t0    TCP localhost:ipp (LISTEN)

    cupsd       105           root   14u  IPv4 0xffffff8041cf4fa0      0t0    TCP *:ipp (LISTEN)

    cupsd       105           root   15u  IPv6 0xffffff803cf75900      0t0    TCP *:ipp (LISTEN)

    Python      107           root   24u  IPv4 0xffffff8041cf4160      0t0    TCP *:http-alt (LISTEN)

    Python      107           root   25u  IPv4 0xffffff8041cf3a40      0t0    TCP *:sunwebadmin (LISTEN)

    Python      112   _teamsserver    4u  IPv4 0xffffff80404af4e0      0t0    TCP *:8089 (LISTEN)

    PasswordS   127           root   12u  IPv4 0xffffff8041cf2c00      0t0    TCP *:apple-sasl (LISTEN)

    PasswordS   127           root   13u  IPv4 0xffffff8041cf24e0      0t0    TCP *:3com-tsmux (LISTEN)

    PasswordS   127           root   14u  IPv4 0xffffff8041e39c20      0t0    TCP *:apple-sasl (LISTEN)

    PasswordS   127           root   17u  IPv4 0xffffff8041e39500      0t0    TCP *:3com-tsmux (LISTEN)

    kpasswdd    136           root    3u  IPv6 0xffffff803cf77340      0t0    TCP *:kpasswd (LISTEN)

    kpasswdd    136           root    6u  IPv4 0xffffff803f34a6c0      0t0    TCP *:kpasswd (LISTEN)

    kdc         137           root    6u  IPv6 0xffffff8040532e80      0t0    TCP *:kerberos (LISTEN)

    kdc         137           root    8u  IPv4 0xffffff8041012c20      0t0    TCP *:kerberos (LISTEN)

    kadmind     138           root    4u  IPv4 0xffffff803f349880      0t0    TCP *:kerberos-adm (LISTEN)

    kadmind     138           root    5u  IPv6 0xffffff803cf76bc0      0t0    TCP *:kerberos-adm (LISTEN)

    ruby        152   _teamsserver    7u  IPv4 0xffffff80404b0320      0t0    TCP localhost:8085 (LISTEN)

    ruby        153   _teamsserver    6u  IPv4 0xffffff80404afc00      0t0    TCP localhost:8094 (LISTEN)

    collabd     154   _teamsserver    5u  IPv4 0xffffff803cf70160      0t0    TCP localhost:krb524 (LISTEN)

    collabd     154   _teamsserver    6u  IPv6 0xffffff803cf77700      0t0    TCP localhost:krb524 (LISTEN)

    ruby        156   _teamsserver    9u  IPv4 0xffffff8042932c20      0t0    TCP localhost:8093 (LISTEN)

    ruby        157   _teamsserver    9u  IPv4 0xffffff8042932500      0t0    TCP localhost:8092 (LISTEN)

    ruby        158   _teamsserver    9u  IPv4 0xffffff80425b3c00      0t0    TCP localhost:8091 (LISTEN)

    ruby        159   _teamsserver    9u  IPv4 0xffffff80425b34e0      0t0    TCP localhost:8090 (LISTEN)

    ruby        160 _webauthserver    7u  IPv4 0xffffff8041010160      0t0    TCP localhost:8086 (LISTEN)

    APNBridge   166        _jabber    5u  IPv4 0xffffff8041010880      0t0    TCP *:http-alt (LISTEN)

    APNBridge   166        _jabber    9u  IPv6 0xffffff8040532ac0      0t0    TCP *:http-alt (LISTEN)

    iStatServ   170           root    6u  IPv4 0xffffff80425b5160      0t0    TCP *:5109 (LISTEN)

    iStatServ   170           root    9u  IPv6 0xffffff804745f9c0      0t0    TCP *:5109 (LISTEN)

    router      402        _jabber    5u  IPv4 0xffffff804100e4e0      0t0    TCP localhost:5348 (LISTEN)

    c2s         403        _jabber    6u  IPv6 0xffffff8040531f80      0t0    TCP *:5218 (LISTEN)

    s2s         404        _jabber    7u  IPv6 0xffffff8040531bc0      0t0    TCP *:5268 (LISTEN)

    screensha   441           root    5u  IPv4 0xffffff803cf70880      0t0    TCP *:rfb (LISTEN)

    screensha   441           root    6u  IPv6 0xffffff803cf77e80      0t0    TCP *:rfb (LISTEN)

    AppleFile   443           root    4u  IPv6 0xffffff803cf78600      0t0    TCP *:afpovertcp (LISTEN)

    AppleFile   443           root    5u  IPv4 0xffffff803cf716c0      0t0    TCP *:afpovertcp (LISTEN)

    mysqld      557         _mysql   12u  IPv4 0xffffff80410116c0      0t0    TCP *:mysql (LISTEN)

    memcached   604      _calendar   16u  IPv4 0xffffff804100fa40      0t0    TCP localhost:11211 (LISTEN)

    Python      625      _calendar    6u  IPv4 0xffffff80425b7500      0t0    TCP localhost:62309 (LISTEN)

    imap-logi   683      _dovenull    7u  IPv4 0xffffff80404b1880      0t0    TCP *:imap (LISTEN)

    imap-logi   683      _dovenull    8u  IPv6 0xffffff8040533600      0t0    TCP *:imap (LISTEN)

    imap-logi   683      _dovenull    9u  IPv4 0xffffff80404b1160      0t0    TCP *:imaps (LISTEN)

    imap-logi   683      _dovenull   10u  IPv6 0xffffff8040533240      0t0    TCP *:imaps (LISTEN)

    ruby       1058     _devicemgr    9u  IPv4 0xffffff8041e38de0      0t0    TCP localhost:officelink2000 (LISTEN)

    ruby       1060     _devicemgr    9u  IPv4 0xffffff8041e386c0      0t0    TCP localhost:vnsstr (LISTEN)

    ruby       1062     _devicemgr    9u  IPv4 0xffffff8041e37160      0t0    TCP localhost:3322 (LISTEN)

    ruby       1064     _devicemgr    9u  IPv4 0xffffff80425b5fa0      0t0    TCP localhost:3323 (LISTEN)

    ruby       1066     _devicemgr    9u  IPv4 0xffffff8041e37880      0t0    TCP localhost:3324 (LISTEN)

    ruby       1067     _devicemgr    9u  IPv4 0xffffff80425b6de0      0t0    TCP localhost:3325 (LISTEN)

    ruby       1068     _devicemgr    9u  IPv4 0xffffff803f349160      0t0    TCP localhost:sftu (LISTEN)

    ruby       1069     _devicemgr    9u  IPv4 0xffffff80404b0a40      0t0    TCP localhost:bbars (LISTEN)

    ruby       1070     _devicemgr    9u  IPv4 0xffffff80425b7c20      0t0    TCP localhost:egptlm (LISTEN)

    ruby       1071     _devicemgr    9u  IPv4 0xffffff8041e35c00      0t0    TCP localhost:hp-device-disc (LISTEN)

    smbd       1956           root    5u  IPv4 0xffffff803cf6ec00      0t0    TCP *:microsoft-ds (LISTEN)

    smbd       1956           root    6u  IPv6 0xffffff803cf77ac0      0t0    TCP *:microsoft-ds (LISTEN)

    httpd      4963           root    5u  IPv6 0xffffff804745c540      0t0    TCP *:https (LISTEN)

    httpd      4963           root    7u  IPv6 0xffffff8054a67cc0      0t0    TCP *:http (LISTEN)

    odproxyd   5858           root    5u  IPv4 0xffffff803cf70fa0      0t0    TCP *:dec_dlm (LISTEN)

    odproxyd   5858           root    6u  IPv6 0xffffff803cf78240      0t0    TCP *:dec_dlm (LISTEN)

    httpd     12583           _www    5u  IPv6 0xffffff804745c540      0t0    TCP *:https (LISTEN)

    httpd     12583           _www    7u  IPv6 0xffffff8054a67cc0      0t0    TCP *:http (LISTEN)

    httpd     12585           _www    5u  IPv6 0xffffff804745c540      0t0    TCP *:https (LISTEN)

    httpd     12585           _www    7u  IPv6 0xffffff8054a67cc0      0t0    TCP *:http (LISTEN)

    postscree 12589       _postfix    6u  IPv4 0xffffff803cf6fa40      0t0    TCP *:smtp (LISTEN)

    postscree 12589       _postfix    7u  IPv6 0xffffff803cf76f80      0t0    TCP *:smtp (LISTEN)

    httpd     12612           _www    5u  IPv6 0xffffff804745c540      0t0    TCP *:https (LISTEN)

    httpd     12612           _www    7u  IPv6 0xffffff8054a67cc0      0t0    TCP *:http (LISTEN)

    httpd     12615           _www    5u  IPv6 0xffffff804745c540      0t0    TCP *:https (LISTEN)

    httpd     12615           _www    7u  IPv6 0xffffff8054a67cc0      0t0    TCP *:http (LISTEN)

    httpd     12616           _www    5u  IPv6 0xffffff804745c540      0t0    TCP *:https (LISTEN)

    httpd     12616           _www    7u  IPv6 0xffffff8054a67cc0      0t0    TCP *:http (LISTEN)

    httpd     12617           _www    5u  IPv6 0xffffff804745c540      0t0    TCP *:https (LISTEN)

    httpd     12617           _www    7u  IPv6 0xffffff8054a67cc0      0t0    TCP *:http (LISTEN)

    httpd     12618           _www    5u  IPv6 0xffffff804745c540      0t0    TCP *:https (LISTEN)

    httpd     12618           _www    7u  IPv6 0xffffff8054a67cc0      0t0    TCP *:http (LISTEN)

    httpd     12619           _www    5u  IPv6 0xffffff804745c540      0t0    TCP *:https (LISTEN)

    httpd     12619           _www    7u  IPv6 0xffffff8054a67cc0      0t0    TCP *:http (LISTEN)

    httpd     12620           _www    5u  IPv6 0xffffff804745c540      0t0    TCP *:https (LISTEN)

    httpd     12620           _www    7u  IPv6 0xffffff8054a67cc0      0t0    TCP *:http (LISTEN)

    httpd     12622           _www    5u  IPv6 0xffffff804745c540      0t0    TCP *:https (LISTEN)

    httpd     12622           _www    7u  IPv6 0xffffff8054a67cc0      0t0    TCP *:http (LISTEN)

  • by luke__099486849888,

    luke__099486849888 luke__099486849888 Oct 6, 2015 12:10 AM in response to luke__099486849888
    Level 1 (0 points)
    Oct 6, 2015 12:10 AM in response to luke__099486849888

    OK now a really strange think is happening. This morning I'm suddenly able to connect to https://localhost:8843/. I can also connect from machines pre iOS9 and OSX 10.11.

     

    But on iOS9 and El Capitan it doesn't work.

  • by MacPro_de,

    MacPro_de MacPro_de Oct 7, 2015 2:16 AM in response to luke__099486849888
    Level 1 (51 points)
    Servers Enterprise
    Oct 7, 2015 2:16 AM in response to luke__099486849888

    I think, that it might be possible, that also in OS X 10.7.5 Server the calendar and the addressbook server still use SSLv3, but iOS 9 and OS X 10.11 El Capitan require at least TLSv1.

    I needed to change this here on our Mac OS X 10.6.8 Server also to ensure, that clients which use iOS 9 and OS X 10.11 can still connect to those services.

     

    I changed all SSLv3 and SSLv23 configurations to use TLSv1 only.

    I stopped iCal and Addressbook Servers and then I used TextWrangler to do a multi file search for "SSLv3" and "SSLv23" in the folders:

     

    /usr/share/caldav/lib/python

    /usr/share/carddav/lib/python

     

    I replaced "SSLv3" and "SSLv23" with "TLSv1" in all .py files accordingly (be careful - don't use "Replace all" !!! - AND: be sure, to have a backup !!!) and then started the services again. Since I made those changes, all clients can connect without a problem.

     

    Hope, this helps.

  • by luke__099486849888,

    luke__099486849888 luke__099486849888 Oct 7, 2015 5:44 AM in response to MacPro_de
    Level 1 (0 points)
    Oct 7, 2015 5:44 AM in response to MacPro_de

    hello,

     

    thanks very much for the tip. I think that is the problem. Because when i try to connect with firefox i get an encryption mismatch error.

     

    i changed "SSLv3_METHOD" to "TLSv1_METHOD" in 2 files

    • twistedcaldav/stdconfig.py
    • twext/internet/ssl.py

     

    but it still doesn't work. i think I will bite the bullet and upgrade to Yosemite Server later this week.

  • by MacPro_de,

    MacPro_de MacPro_de Oct 7, 2015 6:21 AM in response to luke__099486849888
    Level 1 (51 points)
    Servers Enterprise
    Oct 7, 2015 6:21 AM in response to luke__099486849888

    Patching just 2 files will not work.

    I think, that I needed to patch the following files in Mac OS X Server 10.6.8:

     

    /usr/share/caldavd/lib/python/twext/internet/ssl.py

    /usr/share/caldavd/lib/python/twisted/internet/_sslverify.py

    /usr/share/caldavd/lib/python/twisted/internet/ssl.py

    /usr/share/caldavd/lib/python/twisted/test/ssl_helpers.py

    /usr/share/caldavd/lib/python/twisted/test/test_ssl.py

    /usr/share/caldavd/lib/python/twisted/test/test_sslverify.py

    /usr/share/caldavd/lib/python/twistedcaldav/config.py

    /usr/share/carddavd/lib/python/twistedcaldav/config.py

    /usr/share/caldavd/lib/python/twisted/mail/imap4.py

    /usr/share/caldavd/lib/python/twisted/mail/pop3client.py

    /usr/share/caldavd/lib/python/twisted/mail/protocols.py

    /usr/share/caldavd/lib/python/twisted/mail/smtp.py

    /usr/share/caldavd/lib/python/twisted/mail/test/pop3testserver.py

     

    The folder structure in OS X 10.7.5 might be different.

  • by jepping,

    jepping jepping Oct 7, 2015 7:42 AM in response to luke__099486849888
    Level 2 (430 points)
    Oct 7, 2015 7:42 AM in response to luke__099486849888

    Lion Server will not receive any updates or security patches from Apple, so perhaps an upgrade is not a bad choice. Today addressbook with an SSL mismatch, tomorrow could be another component not functioning correctly.

    Keeping those changes going, documenting them and creating backups, might not be worth all the effort.

    If it works for now, great. But if new issues arise, I would recommend upgrading to the latest and greatest.

    Goodluck

     

    Jeffrey

  • by MacPro_de,

    MacPro_de MacPro_de Oct 7, 2015 8:12 AM in response to jepping
    Level 1 (51 points)
    Servers Enterprise
    Oct 7, 2015 8:12 AM in response to jepping

    You are right, Jeffrey,

    basically I would also suggest to Luke to make the upgrade to a more recent version of the Server software.

    The fun part is, that migrating an old (and working) Mac OS X Server 10.6.8 or OS X Server 10.7.5 to the latest and greatest version - especially in regard to OS X Server 5.x - perhaps solves some issues, but also will cause "a few" new issues (depending on the intended application of the server)...

    In any case, you are right - an upgrade needs to be done. The above mentioned patches can only be a preliminary solution.

  • by giorgiosca,

    giorgiosca giorgiosca Oct 7, 2015 2:54 PM in response to MacPro_de
    Level 1 (0 points)
    Oct 7, 2015 2:54 PM in response to MacPro_de

    Great! It worked!

    Thank you very much!

Page 1 Next