Push Notification Issues - Lion Server 10.7

I'm not depending on push notifications, but I was happy it worked, and mildly unhappy when it broke. And it broke at about the same time as I had to renew my push certificate, which gave me a hint. What worked for me, and may work for you (but no guarantees since my sample size is 1):

· check what certificate your notification service thinks it's using:

mymac:~ waider$ sudo serveradmin settings notification:sslKeyFile notification:sslKeyFile = "/etc/certificates/mymac.mydomain.com.BADBADBADBADBADBADBADBADBAD.concat.pem" mymac:~ waider$ sudo serveradmin settings notification:sslCAFile notification:sslCAFile = "/etc/certificates/mymac.mydomain.com.BADBADBADBADBADBADBADBADBAD.chain.pem"

· check what cert files you've actually got:

mymac:~ waider$ ls -1 /etc/certificates/mymac.mydomain.com* /etc/certificates/mymac.mydomain.com.HEXHEXHEXHEXHEXHEXHEXHEXHEX.cert.pem /etc/certificates/mymac.mydomain.com.HEXHEXHEXHEXHEXHEXHEXHEXHEX.chain.pem /etc/certificates/mymac.mydomain.com.HEXHEXHEXHEXHEXHEXHEXHEXHEX.concat.pem /etc/certificates/mymac.mydomain.com.HEXHEXHEXHEXHEXHEXHEXHEXHEX.key.pem

· if the notification files don't match the ones in your /etc/certificates directory, update them:

mymac:~ waider$ sudo serveradmin settings notifications:sslKeyFile = "/etc/certificates/mymac.mydomain.com.E9A509E12E8D8CE04165291F2781DC44A85F1832.concat.pem" mymac:~ waider$ sudo serveradmin settings notifications:sslCAFile = "/etc/certificates/mymac.mydomain.com.E9A509E12E8D8CE04165291F2781DC44A85F1832.chain.pem"

· Reboot. I tried restarting a couple of things, but really, rebooting seems to be the key way of getting this to take.

Worked for me 🙂

Thanks Waider!

Hi,

I first got empty path:

• notification:sslCAFile = ""
• notification:sslKeyFile = ""

I did some cleaning in my /etc/certificates folder. It was full of rubbish/old revoked certificates.

I regenerated the push notification certificates, but the path to certificates remains empty...

I manually set the pat to the right certificates with sudo serveradmin settings notifications:sslKeyFile = command, but when checking the path, I get the same result as before...

• notification:sslCAFile = ""
• notification:sslKeyFile = ""

Even after reboot, no change...

Any idea?

Thanks

+1

Same thing for me. It seems that the logs on the server saying that push notification is not available have stopped but the outcome of "sudo serveradmin settings notification:sslKeyFile" is empty. Adding +1 results in "notification = _empty_dictionary". Any ideas will be highly appreciated.

I as many others for those empty notification:sslCAFile and notification:sslKeyFile. Tried to add them and rebooted the server and they are still empty. If I make a change to lets say calender on a Mac nothing happens on the phones calender or the other way around.

Id love some help on this I need to get the push thing working, it worked so nice under 10.6.8.

Eventually Apple admitted that they had a problem on their end re push notification certs. I had to go through a total wipe-out and reinstallation of my server - and then they said that they have a problem on their system, causing a "Unexpected error (-1) has occurred" message. After they fixed it, I was able to get the certs but *not* to get them working. Any ideas?

BTW, Apple support reps said that they can't support the above recommendation of a manual change of push notification certs. So if you have a support service - take that into consideration.

I finally got it working. I did something ugly...

I removed SSL all together. Well that did the trick.

Now I am gonna leave this for a while and when I am up to it I will look into the SSL buisness again.

Interesting. I notice that the commands I used - which I cut & pasted - used 'notifications', where it now looks like the relevant section is 'notification' (no trailing s) - this may be a 10.7.2 to 10.7.3 change as I've upgraded the server in the interim. I don't really have any suggestions for the apparently unsettable values - I figured out what to do by dumping the full config for notifications using serveradmin settings notifications and then looking for things that were out of place or incorrect.

Thanks for this -- after mucking with it once on 10.7.3, I finally have push working. Much appreciated!

Well, I spoke to soon. The push seems to still work, but the feedback server seems to randomly disconnect. I noticed that profile manager can push things to devices, but doesn't get feedback, which would seem to make sense given the feedback server is dropping the connection.

I've noticed that even with the certs corrected there seems to be a regular round of timeouts when talking to the server. This may well reflect the fact that I'm a casual user with no support contract, etc. and therefore no SLA. It may also be down to the fact that my broadband router isn't the most reliable piece of kit. I've found that since I made the cert correction, however, that when the system works it works without me having to do anything - in other words, that I've probably fixed all that can be fixed from the client side.

(also, if this helps you, a "worked for me!" vote on the original fix would be appreciated!)

What I found out is that when I disabled the IP firewall on the server, push notification started working. When I reenabled it, it stopped working. Unfortunately, I couldn't reproduce this behavior.

Apple support told me that I need the following ports open: TCP 1295 - APNS pushes, TCP 1296 - APNS feedbacks, and TCP 5223 for client connections. All ports are required for both outbound and inbound.

I tried opening the specified ports, and even opened 2195 and 2196 as the support expert had both versions in his response - with no success. Push notification doesn't work for me. Waiting for 10.8...

Guys, Push notification seems to be working. I can't really point out why this is working now while it didn't a few days ago, as I didn't do any change in the last few days. It could be that:

1. Apple had an issue on their end and they solved it

2. After I opened TCP ports 2195, 2196 and 5223 as described above, it took the server/service a few days in order to sync with APNS

3. The sevreal attempts to restart push notification service on the server took some time to effect

4. All of the above

5. All of the above, excluding #1

I do get the following error though:

3/16/12 12:32:00.010 AM com.apple.APNBridge: Opening connection to apn feedback server feedback.push.apple.com for topic com.apple.mail.XServer.5dc4d75c-9f8b-4ad0-92ac-ejhg859uhgu4
3/16/12 12:32:01.770 AM com.apple.APNBridge: Disconnected from apn feedback server feedback.push.apple.com for topic com.apple.mail.XServer.5dc4d75c-9f8b-4ad0-92ac-

ejhg859uhgu4: error (null)

Will continue to investigate w/ Apple support.

Certificates are now finally correctly assigned to each key, but pay attention to the command to (re)assign them...

mymac:~ waider$ sudo serveradmin settings notifications:sslKeyFile = "/etc/certificates/mymac.mydomain.com.E9A509E12E8D8CE04165291F2781DC44A85F1832. concat.pem"

mymac:~ waider$ sudo serveradmin settings notifications:sslCAFile = "/etc/certificates/mymac.mydomain.com.E9A509E12E8D8CE04165291F2781DC44A85F1832. chain.pem"

When typing the command "serveradmin settings notification:sslKeyFile" type notification without "s".

It worked for me... for the certificate part. I still get disconnections from apple servers.

Frédéric