Previous 1 2 3 Next 79 Replies Latest reply: Mar 14, 2013 6:34 AM by MrHoffman
spraguga Level 1 Level 1 (50 points)
Hello All,

Recently the server admin application connection stopped working on one of my servers. I'm running OS X Server 10.6 and trying to connect locally or from other 10.6 machines. No matter what it refuses the connection with the following error whether local or over the network.

"Could not connect to servername.local
Server Admin was unable to connect to the server at servername.local"

I have tried 127.0.0.1, localhost, servername.local, servername and everything fails.

The server is ping-able over the network and changeip -checkhostname reveals the DNS is setup correctly.

This use to work fine and the other day it just stopped working. I deleted and reinstalled the server admin software. I restarted the server and is it is still not working.

The server is running 10.6.2 and I am hesitant to upgrade to 10.6.3, I don't want to cause more issues by running this update and I don't even know if that will fix the issue.

Does anyone know what I can try to get server admin working again for this server?

Thank you very much!

Support all Mac machines, Mac OS X (10.6.2)
  • Antonio Rocco Level 6 Level 6 (10,390 points)
    Hi

    Try deleting the com.apple.ServerAdmin.plist from /Uses/Home/Library/Preferences. Might do the trick? Can you telnet to port 311? Perhaps a firewall setting gone south?

    Tony
  • spraguga Level 1 Level 1 (50 points)
    Yeah the server admin plist didn't make a difference since I can't connect from any machine.

    And the server is refusing a telnet connection over port 311. This is great, so how do I go about fixing this? I've never made any firewall changes in the past. Any ideas as to why this may have happened as well?

    Thank you, thank you!!
  • Antonio Rocco Level 6 Level 6 (10,390 points)
    Hi

    I don't use OSX Server's Firewall Service so I don't really have an idea why. I do so a lot of threads regarding problems with it but they seem (to me) mostly self-inflicted due to a lack of understanding and misconfiguration. Perhaps you could browse/search the Forums for similar posted problems? Did you try telnet on a client or the Server? If you tried on a client and failed try it on the server itself.

    HTH?

    Tony
  • spraguga Level 1 Level 1 (50 points)
    I don't use OS X's firewall either, that is why this is baffling!

    Telnet from a client machine doesn't work over port 311. It just suddenly became inactive. I have no idea why or how to get it started again.

    A restart and Apple's article are of no help:
    http://support.apple.com/kb/TS2757

    I assume that manually getting the 311 port activated again would work. But I don't want to create a custom firewall for this issue if I don't need to.
  • Antonio Rocco Level 6 Level 6 (10,390 points)
    Hi

    What do you see if you issue: "sudo ipfw list" on the server?

    Tony
  • spraguga Level 1 Level 1 (50 points)
    00001 allow udp from any 626 to any dst-port 626
    01000 allow ip from any to any via lo0
    01010 deny ip from any to 127.0.0.0/8
    01020 deny ip from 224.0.0.0/4 to any in
    01030 deny tcp from any to 224.0.0.0/4 in
    12300 allow tcp from any to any established
    12301 allow tcp from any to any out
    12302 allow tcp from any to any dst-port 22
    12302 allow udp from any to any dst-port 22
    12303 allow udp from any to any out keep-state
    12304 allow tcp from any to any dst-port 53 out keep-state
    12304 allow udp from any to any dst-port 53 out keep-state
    12305 allow udp from any to any in frag
    12306 allow tcp from any to any dst-port 311
    12307 allow tcp from any to any dst-port 625
    12308 allow icmp from any to any icmptypes 8
    12309 allow icmp from any to any icmptypes 0
    12310 allow igmp from any to any
    65534 deny ip from any to any
    65535 allow ip from any to any
  • Antonio Rocco Level 6 Level 6 (10,390 points)
    Hi

    Interesting. On a 10.5.8 Server also not running the Firewall I get this:

    01000 allow ip from any to any via lo0
    01010 deny ip from any to 127.0.0.0/8
    01020 deny ip from 224.0.0.0/4 to any in
    01030 deny tcp from any to 224.0.0.0/4 in
    12300 allow tcp from any to any established
    12301 allow tcp from any to any out
    12302 allow tcp from any to any dst-port 22
    12302 allow udp from any to any dst-port 22
    12303 allow udp from any to any out keep-state
    12304 allow tcp from any to any dst-port 53 out keep-state
    12304 allow udp from any to any dst-port 53 out keep-state
    12305 allow udp from any to any in frag
    12306 allow tcp from any to any dst-port 311
    12307 allow tcp from any to any dst-port 625
    12308 allow udp from any to any dst-port 626
    12309 allow icmp from any to any icmptypes 8
    12310 allow icmp from any to any icmptypes 0
    12311 allow igmp from any to any
    65534 deny ip from any to any
    65535 allow ip from any to any

    To me it looks different to yours? It can't hurt if you issue: "ipfw flush"

    HTH?

    Tony
  • spraguga Level 1 Level 1 (50 points)
    I've already issued a flush, no difference.

    I compared the ipfw list to another 10.6 server and they are exactly the same and server admin is working fine on that server.
  • Antonio Rocco Level 6 Level 6 (10,390 points)
    Hi

    Without being there I've not much left to offer I'm afraid. You could try lsof I suppose? Something like: "sudo lsof -i :311" and possibly "sudo lsof -i | grep LISTEN" TBH I've never seen the problem you're having that the suggestions offered could not fix. You don't see anything unusual in the logs? Unless someone else posts you might have to wait it out? Patience along with a restart or two sometimes fixes seemingly insoluble problems?

    Sorry.

    Tony
  • spraguga Level 1 Level 1 (50 points)
    I restarted twice already, no difference either. There is nothing listening on 311. The ipfw list shows that it is setup like my other servers but I can't establish a connection for it.

    Does anyone know of a way to have the port start listening again?

    Thank you very much!
  • GPW Joker Level 1 Level 1 (0 points)
    I am getting the same thing. Rebooting, changing the IP, issuing a "serveradmin stop ipfilter", reinstalling the Server Admin tools, creating a new Admin user, trying from root, trashing prefs, nothing works. Port 311 is blocked for some reason, no other port is blocked I can get into it with Remote Admin, the Workgroup Manager is running fine, it's just nothing can get to port 311. Servermgrd is running and I can use the command line to start and stop services.

    Running 10.6.2 on a quad-core Xeon Xserve.
  • MrHoffman Level 6 Level 6 (13,175 points)
    Can you describe the network configuration between the Server Admin box and the server box?
    Where are you running Server Admin here; local to the box, or on another host?
    If you're running Server Admin on another host, on the same LAN or on a remote network?
    If you're running Server Admin directly on the box, are you using localhost as the path?
    Anything relevant in the firewall logs on the server when the connection fails?
    Are you running multiple controllers on your server?
    Is your DNS environment established and verified?
    (If you're not running running DNS somewhere on your network, then do go configure that.)
    Can you telnet to port 311?
  • GPW Joker Level 1 Level 1 (0 points)
    +Can you describe the network configuration between the Server Admin box and the server box?+
    +Where are you running Server Admin here; local to the box, or on another host?+

    I can't even get on when running SERVERNAME.local, let alone from another server. Any address you try to hit this server with be it SERVERNAME.local, SERVERIP, 127.0.0.1 fail.

    +If you're running Server Admin on another host, on the same LAN or on a remote network?+

    Same LAN when trying remotely, same subnet and vlan. Note that it can hit other servers accross all vlans just fine with serveradmin, it just can't see itself.

    I+f you're running Server Admin directly on the box, are you using localhost as the path?+

    Yes in various forms.

    +Anything relevant in the firewall logs on the server when the connection fails?+

    I have disabled ipfw, so no. There is nothing in the servermgrd.log either.

    +Are you running multiple controllers on your server?+

    No.

    +Is your DNS environment established and verified?+

    Yes, and changeip -checkhostname shows all good and nothing to change.

    +Can you telnet to port 311?+

    No.
  • MrHoffman Level 6 Level 6 (13,175 points)
    What immediately leaps out from that reply?

    With managed gear and VLANs, you can't trust your network to act like a plain piece of Ethernet cable.

    Get an unmanaged switch, and see if that works.

    Get that VLAN out of the picture.
Previous 1 2 3 Next