Server Admin can't connect

Question

Level 1

63 points

Server Admin can't connect

Hello All,

Recently the server admin application connection stopped working on one of my servers. I'm running OS X Server 10.6 and trying to connect locally or from other 10.6 machines. No matter what it refuses the connection with the following error whether local or over the network.

"Could not connect to servername.local
Server Admin was unable to connect to the server at servername.local"

I have tried 127.0.0.1, localhost, servername.local, servername and everything fails.

The server is ping-able over the network and changeip -checkhostname reveals the DNS is setup correctly.

This use to work fine and the other day it just stopped working. I deleted and reinstalled the server admin software. I restarted the server and is it is still not working.

The server is running 10.6.2 and I am hesitant to upgrade to 10.6.3, I don't want to cause more issues by running this update and I don't even know if that will fix the issue.

Does anyone know what I can try to get server admin working again for this server?

Thank you very much!

Support all Mac machines, Mac OS X (10.6.2)

Posted on Apr 8, 2010 3:38 PM

Reply

Answer 1

Apr 8, 2010 3:59 PM in response to spraguga

Hi

Try deleting the com.apple.ServerAdmin.plist from /Uses/Home/Library/Preferences. Might do the trick? Can you telnet to port 311? Perhaps a firewall setting gone south?

Tony

Reply

Answer 2

spraguga Author

Level 1

63 points

Apr 9, 2010 7:39 AM in response to Antonio Rocco

Yeah the server admin plist didn't make a difference since I can't connect from any machine.

And the server is refusing a telnet connection over port 311. This is great, so how do I go about fixing this? I've never made any firewall changes in the past. Any ideas as to why this may have happened as well?

Thank you, thank you!!

Reply

Answer 3

Apr 9, 2010 11:51 AM in response to spraguga

Hi

I don't use OSX Server's Firewall Service so I don't really have an idea why. I do so a lot of threads regarding problems with it but they seem (to me) mostly self-inflicted due to a lack of understanding and misconfiguration. Perhaps you could browse/search the Forums for similar posted problems? Did you try telnet on a client or the Server? If you tried on a client and failed try it on the server itself.

HTH?

Tony

Reply

Answer 4

spraguga Author

Level 1

63 points

Apr 9, 2010 12:25 PM in response to Antonio Rocco

I don't use OS X's firewall either, that is why this is baffling!

Telnet from a client machine doesn't work over port 311. It just suddenly became inactive. I have no idea why or how to get it started again.

A restart and Apple's article are of no help:
http://support.apple.com/kb/TS2757

I assume that manually getting the 311 port activated again would work. But I don't want to create a custom firewall for this issue if I don't need to.

Reply

Answer 5

Apr 9, 2010 1:05 PM in response to spraguga

Hi

What do you see if you issue: "sudo ipfw list" on the server?

Tony

Reply

Answer 6

spraguga Author

Level 1

63 points

Apr 9, 2010 1:08 PM in response to Antonio Rocco

00001 allow udp from any 626 to any dst-port 626
01000 allow ip from any to any via lo0
01010 deny ip from any to 127.0.0.0/8
01020 deny ip from 224.0.0.0/4 to any in
01030 deny tcp from any to 224.0.0.0/4 in
12300 allow tcp from any to any established
12301 allow tcp from any to any out
12302 allow tcp from any to any dst-port 22
12302 allow udp from any to any dst-port 22
12303 allow udp from any to any out keep-state
12304 allow tcp from any to any dst-port 53 out keep-state
12304 allow udp from any to any dst-port 53 out keep-state
12305 allow udp from any to any in frag
12306 allow tcp from any to any dst-port 311
12307 allow tcp from any to any dst-port 625
12308 allow icmp from any to any icmptypes 8
12309 allow icmp from any to any icmptypes 0
12310 allow igmp from any to any
65534 deny ip from any to any
65535 allow ip from any to any

Reply

Answer 7

Apr 9, 2010 1:41 PM in response to spraguga

Hi

Interesting. On a 10.5.8 Server also not running the Firewall I get this:

01000 allow ip from any to any via lo0
01010 deny ip from any to 127.0.0.0/8
01020 deny ip from 224.0.0.0/4 to any in
01030 deny tcp from any to 224.0.0.0/4 in
12300 allow tcp from any to any established
12301 allow tcp from any to any out
12302 allow tcp from any to any dst-port 22
12302 allow udp from any to any dst-port 22
12303 allow udp from any to any out keep-state
12304 allow tcp from any to any dst-port 53 out keep-state
12304 allow udp from any to any dst-port 53 out keep-state
12305 allow udp from any to any in frag
12306 allow tcp from any to any dst-port 311
12307 allow tcp from any to any dst-port 625
12308 allow udp from any to any dst-port 626
12309 allow icmp from any to any icmptypes 8
12310 allow icmp from any to any icmptypes 0
12311 allow igmp from any to any
65534 deny ip from any to any
65535 allow ip from any to any

To me it looks different to yours? It can't hurt if you issue: "ipfw flush"

HTH?

Tony

Reply

Answer 8

spraguga Author

Level 1

63 points

Apr 9, 2010 2:40 PM in response to Antonio Rocco

I've already issued a flush, no difference.

I compared the ipfw list to another 10.6 server and they are exactly the same and server admin is working fine on that server.

Reply

Answer 9

Apr 9, 2010 2:56 PM in response to spraguga

Hi

Without being there I've not much left to offer I'm afraid. You could try lsof I suppose? Something like: "sudo lsof -i :311" and possibly "sudo lsof -i | grep LISTEN" TBH I've never seen the problem you're having that the suggestions offered could not fix. You don't see anything unusual in the logs? Unless someone else posts you might have to wait it out? Patience along with a restart or two sometimes fixes seemingly insoluble problems?

Sorry.

Tony

Reply

Answer 10

spraguga Author

Level 1

63 points

Apr 13, 2010 8:51 AM in response to Antonio Rocco

I restarted twice already, no difference either. There is nothing listening on 311. The ipfw list shows that it is setup like my other servers but I can't establish a connection for it.

Does anyone know of a way to have the port start listening again?

Thank you very much!

Reply

Answer 11

Apr 13, 2010 9:03 AM in response to spraguga

I am getting the same thing. Rebooting, changing the IP, issuing a "serveradmin stop ipfilter", reinstalling the Server Admin tools, creating a new Admin user, trying from root, trashing prefs, nothing works. Port 311 is blocked for some reason, no other port is blocked I can get into it with Remote Admin, the Workgroup Manager is running fine, it's just nothing can get to port 311. Servermgrd is running and I can use the command line to start and stop services.

Running 10.6.2 on a quad-core Xeon Xserve.

Reply

Answer 12

Apr 13, 2010 10:35 AM in response to GPW Joker

Can you describe the network configuration between the Server Admin box and the server box?
Where are you running Server Admin here; local to the box, or on another host?
If you're running Server Admin on another host, on the same LAN or on a remote network?
If you're running Server Admin directly on the box, are you using localhost as the path?
Anything relevant in the firewall logs on the server when the connection fails?
Are you running multiple controllers on your server?
Is your DNS environment established and verified?
(If you're not running running DNS somewhere on your network, then do go configure that.)
Can you telnet to port 311?

Reply

Answer 13

Apr 13, 2010 10:56 AM in response to MrHoffman

+Can you describe the network configuration between the Server Admin box and the server box?+
+Where are you running Server Admin here; local to the box, or on another host?+

I can't even get on when running SERVERNAME.local, let alone from another server. Any address you try to hit this server with be it SERVERNAME.local, SERVERIP, 127.0.0.1 fail.

+If you're running Server Admin on another host, on the same LAN or on a remote network?+

Same LAN when trying remotely, same subnet and vlan. Note that it can hit other servers accross all vlans just fine with serveradmin, it just can't see itself.

I+f you're running Server Admin directly on the box, are you using localhost as the path?+

Yes in various forms.

+Anything relevant in the firewall logs on the server when the connection fails?+

I have disabled ipfw, so no. There is nothing in the servermgrd.log either.

+Are you running multiple controllers on your server?+

No.

+Is your DNS environment established and verified?+

Yes, and changeip -checkhostname shows all good and nothing to change.

+Can you telnet to port 311?+

No.

Reply

Answer 14

Apr 13, 2010 11:05 AM in response to GPW Joker

What immediately leaps out from that reply?

With managed gear and VLANs, you can't trust your network to act like a plain piece of Ethernet cable.

Get an unmanaged switch, and see if that works.

Get that VLAN out of the picture.

Reply

Answer 15

spraguga Author

Level 1

63 points

Apr 13, 2010 11:08 AM in response to MrHoffman

{quote} Can you describe the network configuration between the Server Admin box and the server box? {quote}
Corporate LAN

{quote}Where are you running Server Admin here; local to the box, or on another host?{quote}
On a 10.6.2 Server, either local or from another 10.6 host doesn't work.

{quote}If you're running Server Admin on another host, on the same LAN or on a remote network?{quote}
Same LAN

{quote}If you're running Server Admin directly on the box, are you using localhost as the path?{quote}
I've tried everything localhost, 127.0.0.1, servername.local

{quote}Anything relevant in the firewall logs on the server when the connection fails?{quote}
No

{quote}Are you running multiple controllers on your server?{quote}
No

{quote}Is your DNS environment established and verified?{quote}
Yes

{quote}(If you're not running running DNS somewhere on your network, then do go configure that.)
Can you telnet to port 311?{quote}
No. The port is setup in ipfw, but not listening.

Reply