An error occurred while configuring your server

next: from the server machine's own browser, all I get is file not found/page 404 etc.

So I enter 127.0.0.1 (which I understand to mean "this machine") as DNS in sys prefs network advanced DNS and it works on external addresses (even without isp DNS entries, which now confuses me because it works and it shouldn't... ah, except that we are for now using DHCP on the server so it's likely picking up the external DNS that way).

ok, copied this from elsewhere so as not to hijack someone else's thread

here's how I just enabled server management of airport/time capsule:

(1) changed Time capsule Connection sharing to Share a public ip address
(which makes "advanced" "port mapping" appear.)
(2) set Time capsule Internet connection to connect to router on 192.168 network
(3) set Time capsule to offer DHCP in 10.0.1 range
(4) set Time capsule own address to be 10.0.1.1
PLUG in ethernet cable to Mac Mini and Time Capsule
Activate Ethernet and deactivate Airport
(5) set Mac Mini Server Manual ip address to 10.0.1.2
(6) set Mac Mini Server DNS addresses to 127.0.0.1, 10.0.1.1
(7) set Mac Mini Server / Server Admin / DNS / Zones / Machine name / IP Address = 10.0.1.2

and now I am seeing if anything still works - report back shortly.

So:

Server reads it's own web pages and surfs the internet
Client on the 10.0.1 network does not, it has DHCP DNS given as 10.0.1.1 (the Time Capsule "router"). I have added 10.0.1.2 and since that overwrote the DHCP provided entry also 10.0.1.1 and this client laptop now access both the server web pages and surfs the internet. edit: laptop NOT accessing server... it hits the 192.168 networked router (the one whose WAN faces the outside world) and one beyond the Time Capsule.

have to learn how DNS is routed through the network:

wan>routerwireless>wirelessclientbridge>ethernet>timecapsule>ethernet>macminiser ver
on 192.168.1.x gateway to 10.0.1.1 is TC and 10.0.1.2 is Mini Server: Manual

wan>routerwireless>wirelessclientlaptops
on 192.168.1.x by dhcp

wan>routerwireless>wirelessclient>ethernet>timecapsule>wirelessclientlaptops
on 10.0.1.x by dhcp

The key dialogues appear to be
1 the DNS entry in client sys prefs
2 the DNS entry in Server Admin / DNS /Zones /Machine
3 the DNS entry in server sys prefs / Network / DNS (especially 127.0.0.1 then 10.0.1.1)

1 is a possible series of DNS addresses to consult
2 is specifically the server's LAN ip address.
3 is special in telling the server to check with itself, then the router/gateway

in each case if the router/gateway doesn't know the answer it will refer (forward) upstream using entered DNS addresses.

What it can't do (afaics) is pass results back downstream once the consult has gone upstream.

The new experiences are:
having the Server Machine keep a mini name service basically for its own pages and
having sys prefs Network DNS entries that actually make a difference; because the local server knows very little so all enquiries go there and then get referred (forwarded)

client on 10.0.1 LAN looks for Server Pages > Instant ip hit.
or
client on 10.0.1 LAN looks for Google > Server refers to Gateway (TC) refers to Gateway2 (Linksys) refers to ISP DNS > replies with ip.

Observations: there's no DNS on the 192.168 LAN, so wonder if instead of entering 192.168.1.1 as DNS within GatewayTC, we can simply enter the ISP's DNS.

Does it make any difference either way?
Certainly if intention is to transport the TC LAN to another location with a different router but same ip 192.168.1.1 then not entering leap frog addresses will mean nothing has to be changed later.

hmmm. experiments required.

edit:
client on 10.0.1 LAN cannot resolve server pages from url, but can access from ip direct.
Change to dhcp and immediate access - difference must be the DNS being passed by DHCP.

OK, the two DNS ip addresses in play appear to be 10.0.1.1 (TC Gateway) and 10.0.1.2 (Mini Server) and entering both these in sys prefs DNS when set to manual, now seems to result in the same as when DHCP is set.

mm.

Message was edited by: Anthony Mellor

Hello Anthony

Accountants have always been nice to me when I have queries like "May I have my expenses now please?" and so on. I'm completely new here but will try to help.

Apologies for previous verbosity. If I understand your issue:

The task is to deploy a server accessible only from a wide area network eg the internet?

Something was misconfigured during setup, and the server is not behaving as expected?

Let's forget DNS for a while and think briefly about the broad kind of services you expect the server to deliver over the internet.

I'll come back at five hours from the time on this post, and around 10 hours after that.

regards

Good morning ps1borg,

Verbosity? I think you have been concise compared to my ramblings.

It is possible my system is working now. Inside the LAN it seems to work ok. From outside I have been waiting for my change to news.papakilo.net to propagate (this includes papakilo.net and various other canonicals). In fact you could try it, if you see my MACOSX server come up then it is working, if not, it isn't. If you see a welcome screen from "nodrog.net" then it has not propagated to your DNS yet.

The "something misconfigured" was DNS so I have re-installed a few times (say three or four), trying different entries each time and the last time was the worst, except that then I manually installed Open Directory when initialising group management, then I experimented with the ip numbers in various places to achieve an understanding of how they interact with each other (for example ip numbers in sys prefs and ip numbers in server DNS prefs). Finally I experimented with how ip addresses for dns lookups work together to progress from inside a LAN, inside another LAN and then on to the internet.

It seems that there is more than one way to do things. For example one can use 127.0.0.1 to indicate the machine itself, or one can enter it's own ip address. I am presuming that using 127.0.0.1 has the advantage of not being necessary to change it any time the machine's actual ip address changes (whether dhcp of manual).

Another example seems to be where if the WAN gateway is located on 192.168.1.1 one can use that as the DNS on machines on the LAN1, or one can use the ISP's external DNS numbers (like dhcp does). In addition a LAN2 is within LAN1, then (forwarder) DNS numbers could be the gateway router to LAN 1 (eg 10.0.1.1), or the gateway router to WAN (eg 192.168.1.1) or the ISP's external DNS ip numbers.

Where there is only one DNS within the LANs and that is the Server, then some leap frogging could be engaged, though entering ip numbers within each LAN feels tidier.

Doubtless my explanations are not too clear, but I hope you can discern what I am trying to describe without my resorting to debits and credits.

Best wishes

Anthony

Message was edited by: Anthony Mellor

and to answer your question ps1borg, what I am trying to achieve over the internet is:

(note: my use of "client" means people, not computers, though they may sometimes be viewed as the same)

the list of macosx server standard services, especially wiki and ical, to my clients or friends and family.

I would like to allow access via VPN, but that may be pushing the boat out.

Example if ical: I imagine to create a two person group consisting of me and client 1, then another group being me and client 2 and so on; each group probably having the name of the client.

That way me and client can have interaction using all the services available to us both.

For myself I would like my own ical to show ALL the ical contents for all clients, each as a separate calendar within my own. Currently I use google calendars for this, which works pretty well - each client has a google calendar and I have one, all synch with my mac book pro ical. Changes anywhere propagate to all the others (but not between clients).

My reason for wanting the MACOSX Server is primarily the Wiki.

Years ago we had files (paper ones) full of everything a client told us. These days it is all in email. Over time, emails become very difficult to keep track of as regards their content. So the client expects me to know everything he has ever said to me, which in a paper file is easy enough to review. In an "email-base" it is practically impossible without spending large amounts of time re-editing it all into a document. So there's the idea: we use wiki technology to create that document from the outset, we both know what is in there and I have time machine backups showing changes over time. The client can update content when he wishes to keep me up to date and (with RSS) I will know what he has written.

Sounds great to me.

Anthony

Hello

It is getting close to my bedtime here.

Perhaps there is no pleasant way to say your network is not working as you think it is.

As I understand from your posts you have a WAN gateway to which one or more routers are connected. The task is to have your server respond to requests from the WAN.

The server is presently in an indeterminate state (and your domain is unreachable for me. I expect it to remain so without intervention).

Alas,at this stage it is far better to start from scratch with a reinstall if the servers directory services have started and then stopped for some reason, than to wait for the reason to surface later on.

What you will need to accomplish the task is port forwarding. I skimmed a few articles on the subject that are public and I really hope that this one is comprehensible enough to begin a meaningful discussion that will help resolve your issue.

http://homepage.mac.com/car1son/staticport_fwdintro.html

Two things to consider. How many routers are between you and the WAN gateway? How will you configure your firewall?

I will check back in around 10 hours from the time this message is posted.

regards

hi,

Where are you? I am in Switzerland.

If you now try http://news.papkilo.net you will arrive at my Server - until sometime today this was not possible as the DNS changes were still propagating, but I gather they now work. Port 80 is forwarded through gateway 1 to gateway 2 and from there to the server.

Indeed you (or anyone) can log in as user2 and password " a " and leave me a note. The whole system is for test (including the domain) and not connected to anything else.

Your remark about my server not working as I think it is lands directly on my most frequent question to myself: how will I know when it is working correctly?

I have re-installed a number of times so I am quite happy to do it again. However if I am to do that I want to understand what needs to be done differently - and for that I need to know what is not working. Full circle.

Right now I can't find anything wrong with my installation. Should I be worried?

Anthony

I can connect to www.papakilo.net but not news.papakilo.net. Glad that port forwarding worked. I only mentioned a fresh install because you weren't sure what had stopped directory services.

I'm in Australia. Its early am and I am off to pick up my own mac mini server, which I must deploy on a network I look after today and tomorrow.

Glad your issue is resolved.

Regards

that's interesting: Australia. My brother in GB connected to news.papakilo.net earlier today, the fact you cannot suggests the propagation hasn't reached your side of the planet yet - I'm fascinated to practically see the progress of the process.

the www will be the old nodrog server default, not my macosx server.

Best of luck with your mini server deployment; for my part I can say it isn't what the adverts say, but can't say I am surprised.

if you know how to make group calendars show up in a users's list of available calendars do sing out.

Anthony

Your remark about my server not working as I think it is lands directly on my most frequent question to myself: how will I know when it is working correctly?

If we're discussing wholesale inaccessibility, that's easy. You can use pingdom or another uptime pinger and watch reachability, or you watch for gaps with no crawlers and no web attacks in the logs, or both. If Googlebot and the other bots go quiet or if the web site attacks and web site defacement attempts stop (or if you get a notification from a remote monitor), then you have a problem.

If you want to know if the server continues to work correctly, get a feel for what gets written into the log files. And for what files should be in the web-facing directories. And what your (regular) backups look like (with an occasional test recovery of same), as these are a key part of any recovery strategy.

DNS can take a day or so to propagate updates, depending on the default settings.

Your server was fairly slow, but was accessible from here.

"(with an occasional test recovery of same), as these are a key part of any recovery strategy."

if only I had a cent for every time I have given that advice (accounting systems always fail when restored from backup - it's a law of nature.)

Nevertheless thank you for the timely reminder - wonder if SuperDuper! works with OSX Server. I use it all the time so as to be running what was in fact the last backup, but live - as well as time machine. Only introduced to it recently.

Looks like tailing some logs would be the thing; however I can never remember the syntax and have zero idea for OSX. Any chance of some clues please?

I quite like watching logs and looking for interesting stuff - but perhaps I should not admit that too loudly.

Propagation wise we are at day three now, so Aus should be seeing it very soon. My TTLs are 1 day if that's the right number to quote. My own bio clock is a bit skew after three days of Server bashing to get even this far.

(with an occasional test recovery of same), as these are a key part of any recovery strategy.

With a web server, the archives are also the path back from breaches and defacements and related. XSS and SQL injection attacks are very common, and I've gotten called into decontaminate various servers.

Looks like tailing some logs would be the thing; however I can never remember the syntax and have zero idea for OSX. Any chance of some clues please?

The bash syntax is pretty much the same everywhere; more (Mac OS X translates that to less), and tail. Start with the Mac OS X Server manuals, and also with Console.app, and, well, start reading.

is it my imagination or are the logs being tailed within the gui?

it's all looking a bit academic now. seems ical (server) can't do group shared calendars; I was wanting to use osx to replace my google calendars which pc and mac users can both use together.

it says it can on the box, but I don't think so, not without specialised expertise and if I can't do it, we don't do it.

having visions of mac mini server hardware as a mirrored iTunes library instead, much more useful! 🙂

maybe tomorrow... 2am here so wish all a good night.