An error occurred while configuring your server

Question

An error occurred while configuring your server

The following actions failed or were not attempted:
Configuring network
Starting push notification server.
____________________________________________________________

DNS is killing me. I am an accountant.

I have a new out of the box mac mini server.
I want clients (real people with pcs and macs) to have external internet access to wiki, email and other nice services.

I do not want to serve DNS to the world; I just want to get past the installation configuration with a suitable DNS.

I am not at all clear whether I want Open Directory and from that whether I need DNS at all.

When this machine is set up it will be accessed only from outside on the public internet, including for admin matters by me; no "internal/local" users at all.

I do have a choice of domain names. I was trying papakilo.net and server as the machine name.

I can go in to change the papakilo.net domain records - though whether I can set up a reverse dns I am not clear.

I will buy a time machine if that is what it takes to have the firewall security managed by the server itself; I am assuming this would remove a level of expertise I do not want to acquire more than already.

I have spent many hours on here and in google, reading, watching videos etc looking for the answer to what to enter into "Primary DNS name"?

Where I am working right now has a dynamic IP but it doesn't change often and is fine for testing because I can keep checking what it is.
The final location will have (does have) a fixed ip address.

I bought Max Server many years ago, perhaps version one or two or whatever and had the same experience: within minutes I was unable to use the system.

So. The adverts said this was now easy. (I never learn).

If I knew what to type in to the DNS boxes and what to change on papakilo's domain DNS would I be further along?

I was looking forward to the joys of VPN set up and the like, not this.

Somewhat disappointedly as I had high hopes only to find extensive DNS reading is required to know what to type into the very first dialogue box.

Wonder if I should set up the canonical server.papakilo.net in the internet based DNS record so that the install routine can find it... is that the first problem?
And is the second problem to point the external i.p address back to the dynamic one in use at this location?
And will that facilitate the reverse lookup?
And will I have to wait for the propagation time to find out if this works -
or can I use actual i.p. addresses while I wait?

Some sympathetic help would be much appreciated please, and I promise I won't tell everyone how simple tax is.

Best wishes,

Anthony

Mac Mini Server, Mac OS X (10.6)

Posted on Mar 15, 2010 9:05 AM

Reply

Answer 1

Mar 15, 2010 9:56 AM in response to how do I delete this account?

meanwhile: I found news.papkilo.net is an existing canonical so no propagation time to wait. I am erasing the system and starting over and will enter new.papakilo.net into the Primary Domain Name dialogue box with news as the machine name requested below.

I have changed the papakilo.net ip address to the one at my location (and will monitor in case it changes, but it hasn't in all the time I have been here - ages)

That leaves the router/firewall - I have a time capsule and would like to use the automated protection, but meanwhile might just make the server the dmz to see if it works; even if I had to start over because it gets hacked in five minutes at least I would know it works.

now erasing old server (not data ) install from today with disk util. (last time used a write once erase all as a sector check)

edit: realised I changed the ip address so THAT will have to propagate.. so using the actual ns as a lookup would be good; if I can see where and if that can be entered into the system as a specific dns to use.

Reply

Answer 2

Mar 15, 2010 10:05 AM in response to how do I delete this account?

update:
Wonder if I should set up the canonical server.papakilo.net in the internet based DNS record so that the install routine can find it... is that the first problem? Update: NOW DONE
And is the second problem to point the external i.p address back to the dynamic one in use at this location? Update: NOW DONE - Changed i.p. address to router WAN ip

And will that facilitate the reverse lookup? open question

And will I have to wait for the propagation time to find out if this works -
or can I use actual i.p. addresses while I wait?

Update Looking to see if I can enter the dns where I entered the changed.

results not known, waiting for server to re-install for try number 3.

I do have apple support available, but they want 14 cents a minute and the first question was will I hold for ten minutes? That wasn't in the advert either.

Anthony

Reply

Answer 3

Mar 15, 2010 1:03 PM in response to how do I delete this account?

seem to have some progress with the above.
Forgot to set the server machine as dmz (wanting to limit the time as such) so blocked the/any incoming reference from the external DNS where I have changed the ip address related to papakilo.net (if you do www.papakilo.net and get this: "Welcome Nodog to Your New Virtual Private Server !" that's the default page hosted online, not my server's default page (I am not even sure it has one yet, presumably the usual Apache page)

anyway, brain fade has taken over as the night draws in (euro time) so tomorrow I will have another go with a another fresh re-install and set DMZ to this server at manual 192.168.1.5 or maybe using DHCP at 192.168.1.105 (the router tends to maintain, but whatever it is it seems to allows Safari to work whereas everything esle I do results in loss of DNS lookup for web browsing (which is presumably a symptom of my ineptitude so far).

edit: current error message is this: User Creation failed: The server reported the error "OPen Directory error 4001 occurred" while trying to create the user.
New users and groups remain persistently greyed out - perhaps an open directory config error. This install said network config failed, but it did do all the other things it appeared.

edit: I found this: kODErrorRecordPermissionError = 4001, from here: Open Directory Error Codes

Pointers as to what to explore over breakfast would be great, in any case best wishes all.

Anthony

Reply

Answer 4

Mar 15, 2010 1:22 PM in response to how do I delete this account?

good news: on 192.168.1.105:80 the web pages come up offering wiki etc

Brilliant, this works as I had hoped 🙂

Maybe I am "there" in spite of myself. Next question is whether access from outside using papakilo.net will become possible as the dns propagates ...

I guess I could open port 80 on the firewall instead of dmz ing it.

interesting, the web page doen't just ask for login details, it presents a default page showing possibilities and offering temptation to log in.

so, will I have to re-install again or not?

If it is working it's not because of me! 🙂

Anthony

Reply

Answer 5

Mar 15, 2010 1:23 PM in response to how do I delete this account?

adding new users and groups is still grayed out.

Reply

Answer 6

ps1borg

Level 1

0 points

Mar 15, 2010 5:24 PM in response to how do I delete this account?

A Domain Name Server provides services to resolve internet names eg aserver.aDomain.aTopLevelDomain to internet protocol numbers eg 222.111.000.111 and vice-versa.
While you have to resolve private ip numbers on your network such as 192.168.x.x your ISP will have a DNS to do that for the public internet.
For example I connect via PPoE through a gateway, and for DNS lookup outside my private network I use my ISP's DNS server eg myISP.com and the ip number of my gateway. You can see that configuration on any gateway connected mac in System Preferences->Network-> an active ethernet port. The worksheets which come with the server install will help to organize things.

ps Am no expert but don't believe you should be using private ip numbers for public DNS.

pps if adding new users and groups is greyed out there is no directory service running.

Reply

Answer 7

Mar 16, 2010 12:42 AM in response to how do I delete this account?

good morning.
It seems overnight everything has developed the following:

The Service has encountered an error.

Try to refresh the view (news.local/iChat). (kGotAuthenticationFailure)

It seems I can't get to first base with this system.

Anthony

Reply

Answer 8

Mar 16, 2010 12:56 AM in response to ps1borg

hi ps1borg, thanks very much for your reply; it's good to have some company in my little adventure here.

I am not using internal ip addresses where they should be public and I am familiar with the purpose of a dns (to the extent it's like a phone book, not much more).

I would love it if this server would simply use my isp's dns and I could ignore the matter completely, but upon install the system demands I answer two questions before it will proceed. I have given three sets of answers so far, once per fresh install, and each time I end up with a system that does not work.

My very humble understanding is that this is not about needing to be able to have DNS addresses where to look up ip numbers (i.e. my isp's dns addresses), but a locally based name server itself ("computer phone book") for local network use - it being possible to provide a public service, but like most others I absolutely do not want to do that. Whether I am trying to do that in error I do not know.

I've tried the worksheets, they ask questions but do not provide any answers that I need to answer these two first setup questions.

Your pps hits one thing I was wondering: if user and group creation are greyed out it suggests that function is disabled (no surprise there) and yes, if these rely on directory service then that must not be running - thanks for that confirmation as I was wondering about that, and indeed why it is not running. Presumably it needs DNS for something (local machines reference).

I guess a question I could ask is what do you use for DNS lookup inside your private network?

You probably gathered I am no expert in this either. 🙂

Anthony

Reply

Answer 9

Mar 16, 2010 1:37 AM in response to how do I delete this account?

ok, so here I am. Been reading these docs:

http://www.wazmac.com/serversnetwork/fileservers/osxserver_setup/osxserver106setup.htm

looking for salvation; whoever wrote these isn't paid enough (and my thanks for them). Seems to have all the patience and organisation I do not have.

Anyway. I forgot my username and password so have to re-install regardless.
How my username got to be anything other than one of my standards just shows me how confusing I find mac server - I think it changes my personality.

so here we go:

Use English - click
preparing installation....
Utilities - Disk Utility - Click Server HD - Click Erase - Click Erase (challenge dialogue)
Quit Disk Utility
Click Continue
Click Agree
Click Server HD
Click Install
... this takes a while .. will edit this post when ready to proceed..

Reply

Answer 10

Mar 16, 2010 2:08 AM in response to Anthony Mellor

ok, had a shower, got dressed, the blue "fuel gauge" is about 1/3 the way across, lots of DVD accessing in the drive (ah yes, no drive in a server, this is an external MacBook Air external drive bought for this purpose, just in case - what a good idea that proved to be.)

Also worthy of note is that it seems that the Server Snow Leopard install DVD allows a fresh install to a blank drive without insisting on the presence of an existing edition for upgrade; so it is like the "retail" versions of Snow Leopard Client and not like the historically "delivered with machine" Mac OSX DVDs that won't work on a blank drive and insist on a certain type of machine (this Server edition MAY indeed do that, I haven't tested it).

install fuel gauge now 50% ....

at this time of writing a fresh install will immediately find a 2 point increase in available software updates from 10.6 to 10.6.2 which then means the install disk cannot be used to re-install without an erase (I have not tried a fresh install over itself at 10.6 as a clean erased disk seems a more wise approach)

install fuel gauge now 2/3 ....

after the first "install" (the one on first boot) so it's really a completion not an installation, I erased the HD with a "write once" option to update the bad sector table if necessary; all erases since then have been what I characterise as "quick erase", which is disk utility's default.

install fuel gauge now 75% ....

Disk utility says that the basic/quick erase simply disconnects the files and leaves them available to be undeleted by specialist software. I imagine that is like the old File Allocation Table having it's initial character overwritten and so "deleting" the file, yet leaving the content available to be traced sector by sector (logical or even physical)eithet by software or manually with sector reading software.

install fuel gauge now 90% ....

time remaining about 12 minutes, it said thirty at the start and the above post was 1.37am and this post is .. we'll see

Reply

Answer 11

Mar 16, 2010 2:33 AM in response to Anthony Mellor

- edit it says 2.08 and in the time it took to post end edit this the install completed and auto reboot commenced.

dinggggg

30 mins was about right, only a few minutes under.

Not sure what to do different this time.
I guess Primary DNS will have to be news.papakilo.net (an externally registered domain with ip address pointed to my location - ah! must remember to DMZ the internal ip at the firewall ...

a few clicks and enter serial number yet again

continue

set up new servere - continue
registration - leave blank - continue
a few more questions - leave blank - continue
time zone - Zurich - continue
name - admin
short - admin
pword - usual for test
password hint - entered username to remind me - continue
network - make inactive all except airport -
Manually
192.168.1.40 ip address
255.255.255.0 mask
192.168.1.1 router
192.168.1.40 dns server
(this is a change, per instruction in school work above, using own machine ip address as dns for itself
search domains - left blank as I have no users
Click Continue
go back - want to enable DMZ first
that now done

Click continue

news.papakilo.net as Primary DNS
news as Computer name

Click continue

Users and Groupd
Create users and groups for small office (that's me)
Import - no
Configure manually - Advanced options for configuring directory services...

Now, I have been having trouble with Dir Services, but the above machines's own ip as DNS is a big change.. so will run this time with the first option as previously.

Click continue
Services - accept all - Click continue
Client Bckup - untick (do not allow) - Click continue
Mail options - ignore for the time being - Click continue
Review - Click setup
Setting up.... setting serial number
network
computer name
date and time
creating adnin a/c
config users and groups
config services
lower left corner see a spinning grey wheel and remarks about activities in hand e.g. setting mail domain, starting various services

and we get:

Setting up
An error occurred while configuring your server (DMZ now switched off)
big yellow / white exclamation mark
The following actions failed or were not attempted:
Creating Open Directory Master
Configuring services
Configuring roles
Configuring service access controls
Starting Push Notification Server

Whoever wrote that had a sense of humour as the next available button to click is "Proceed".

time for a cuppa...

Anthony

Reply

Answer 12

Mar 16, 2010 2:51 AM in response to Anthony Mellor

right, now then. On the desktop (yes I pressed proceed) is a file called next steps and it does seem to be personalised to each installation, even seemed to spot I had set DMZ (tells me to enable firewall).

Also says about DNS:

Configure DNS
The domain servers you're using don't have an entry for the domain papakilo.net, and therefore your clients won't be able to access your server using the name news.papakilo.net. To fix this, purchase a domain name through your isp (I already did this and have owned it for many years so it was propagated) or from a public domain name registrar, and ask them to configure the domain to point to your server.

(I did this myself yesterday, changed the ip address found by dns lookup of papakilo.net and canonicals to the external ip address (wan) of my router at this location 217.79.196.99 instead of the old one.)

To provide easier access to your services, create an entry for the name www.papakilo.net that points to your server.

(This already exists as a canonical)

So what.. I think the changes I made have not yet propagated, but where does that actually locate the Domain Name Server ? Is it that my Mac Mini Server will act as its own DNS and when fails to find an entry will refer to ... to where? My ISP's servers? But it doesn't know their addresses.
DO I add a second set of DNS servers somewhere (Network settings)?

We'll see..

Anthony

Anthony

Reply

Answer 13

Mar 16, 2010 2:58 AM in response to Anthony Mellor

ENtering my ip address here gets:

(A username and password are being requested by http://2 1 7 . 7 9 . 196.99. The site says: “WRT54G”)

I'm surprised that works from inside the LAN. Anyway, perhaps I should change the port for remote access, or switch it off even for now.

edit to stop the ip address being quite so active

Reply

Answer 14

Mar 16, 2010 3:59 AM in response to Anthony Mellor

Special thanks to JeroenHolland for this post

http://discussions.apple.com/thread.jspa?threadID=2357325&start=0&tstart=15

where he says this: (I have edited in my own data to replace previous content)
______________________________________________________________________________
So:

< External DNS server of your ISP >

------------Time Capsule--------------

< Local DNS server running on your Mac Mini >

______________________________________________________________________________
I think the above is truly brilliant for its clarity of presentation. It is simple, but attempt writing that description in words and see how the caveats make it look complex.

______________________________________________________________________________

snip/snip/ I haven't done the time capsule stuff yet. Clearly I need DNS set up and here below is the clearest description I have found:
______________________________________________________________________________

Then the next step is to setup the DNS Service in Server Admin.

First the Settings tab:
"Accept recursive queries" basically is a whitelist of which computers are allowed to use the DNS server. In a local DNS server, 'localnets' is okay. Localnets allows all IP adresses in the same range as the IP adress of the DNS server to access it.

______________________________________________________________________________
Actually all that was already entered by default, so ok was all I needed click.
______________________________________________________________________________

"Forwarder IP Adresses" are the IP addresses of the DNS servers that should be used if the requested URL-name (hostname/domainname/etc) is NOT in the list of the DNS server.
(So if the DNS server gets a request for "www.google.com", and the zone "google.com" isnt in its Zone list, the request gets forwarded to those Forwarder DNS servers.)
______________________________________________________________________________
Again sheer simplicity or presentation in words I understand (and not Dutch 🙂 this is where I understand that I can use my isp's DNS numbers from standard Network setup in system prefs, so this is the link between internal DNS and external DNS - I just could not see it before. "Forwarder" means "my isp's DNS numbers".
______________________________________________________________________________

The last thing is the Zones.

I understand that you're setting up your own webserver. With subdomains.

Primary Zone Name should be: papakilo.net.
Nameserver Zone should be: papakilo.net.
Nameserver Hostname should be: news.papakilo.net
Machine:

* Machinename: new.papakilo.net.
* Ip Address: 192.168.1.103

CNAME Alias:

* Alias name: www
* Destination: news.papakilo.net.

______________________________________________________________________________
Clearly I have populated the quotation with my own data to see if I can and for later reference.
______________________________________________________________________________

So with my broken system I have no Open Directory so when I click Groups it says I have to set up Open Directory first and now with the above entered I do that and create some users.

The only thing remaining seems to me external access as I can access using local ip addresses.

Anthony

Message was edited by: Anthony Mellor

Reply

Answer 15

Mar 16, 2010 4:11 AM in response to how do I delete this account?

next: to make my server come up on my local network by entering url news.papakilo.net instead of the ip address 192.168.1.103

So I enter into sys prefs network on client machine, advanced, DNS and add 192.168.1.103 as a DNS.

Then http://news.papakilo.net takes me straight to server page.

notice external urls seems to be accessed slightly more slowly.

Reply