Previous 1 2 3 Next 34 Replies Latest reply: Nov 9, 2012 11:12 PM by hoops7 Go to original post
  • Matt Domenici Level 1 (115 points)

    That article is more in reference to the MDM/Profile Manager setup.  Push e-mail works on a different set of ports, and as far as I can tell, doesn't seem to work properly.

  • waider Level 1 (0 points)

    I'm not depending on push notifications, but I was happy it worked, and mildly unhappy when it broke. And it broke  at about the same time as I had to renew my push certificate, which gave me a hint. What worked for me, and may work for you (but no guarantees since my sample size is 1):


    · check what certificate your notification service thinks it's using:

    mymac:~ waider$ sudo serveradmin settings notification:sslKeyFile
    notification:sslKeyFile = "/etc/certificates/"
    mymac:~ waider$ sudo serveradmin settings notification:sslCAFile
    notification:sslCAFile = "/etc/certificates/"

    · check what cert files you've actually got:

    mymac:~ waider$ ls -1 /etc/certificates/*


    · if the notification files don't match the ones in your /etc/certificates directory, update them:

    mymac:~ waider$ sudo serveradmin settings notifications:sslKeyFile = "/etc/certificates/"
    mymac:~ waider$ sudo serveradmin settings notifications:sslCAFile = "/etc/certificates/"


    · Reboot. I tried restarting a couple of things, but really, rebooting seems to be the key way of getting this to take.

  • raha613 Level 1 (0 points)

    Worked for me


    Thanks Waider!

  • Fred de Gembloux Level 1 (10 points)



    I first got empty path:

    • notification:sslCAFile = ""
    • notification:sslKeyFile = ""


    I did some cleaning in my /etc/certificates folder. It was full of rubbish/old revoked certificates.


    I regenerated the push notification certificates, but the path to certificates remains empty...


    I manually set the pat to the right certificates with sudo serveradmin settings notifications:sslKeyFile = command, but when checking the path, I get the same result as before...

    • notification:sslCAFile = ""
    • notification:sslKeyFile = ""

    Even after reboot, no change...

    Any idea?



  • Xenolith Level 1 (25 points)


  • guillame Level 1 (10 points)

    Same thing for me. It seems that the logs on the server saying that push notification is not available have stopped but the outcome of "sudo serveradmin settings notification:sslKeyFile" is empty. Adding +1 results in "notification = _empty_dictionary". Any ideas will be highly appreciated.

  • mac_mattias Level 1 (0 points)

    I as many others for those empty notification:sslCAFile and notification:sslKeyFile. Tried to add them and rebooted the server and they are still empty. If I make a change to lets say calender on a Mac nothing happens on the phones calender or the other way around.


    Id love some help on this I need to get the push thing working, it worked so nice under 10.6.8.

  • guillame Level 1 (10 points)

    Eventually Apple admitted that they had a problem on their end re push notification certs. I had to go through a total wipe-out and reinstallation of my server - and then they said that they have a problem on their system, causing a "Unexpected error (-1) has occurred" message. After they fixed it, I was able to get the certs but *not* to get them working. Any ideas?

    BTW, Apple support reps said that they can't support the above recommendation of a manual change of push notification certs. So if you have a support service - take that into consideration.

  • mac_mattias Level 1 (0 points)

    I finally got it working. I did something ugly...

    I removed SSL all together. Well that did the trick.


    Now I am gonna leave this for a while and when I am up to it I will look into the SSL buisness again.

  • waider Level 1 (0 points)

    Interesting. I notice that the commands I used - which I cut & pasted - used 'notifications', where it now looks like the relevant section is 'notification' (no trailing s) - this may be a 10.7.2 to 10.7.3 change as I've upgraded the server in the interim. I don't really have any suggestions for the apparently unsettable values - I figured out what to do by dumping the full config for notifications using serveradmin settings notifications and then looking for things that were out of place or incorrect.

  • Matt Domenici Level 1 (115 points)

    Thanks for this -- after mucking with it once on 10.7.3, I finally have push working.  Much appreciated!

  • Matt Domenici Level 1 (115 points)

    Well, I spoke to soon.  The push seems to still work, but the feedback server seems to randomly disconnect.  I noticed that profile manager can push things to devices, but doesn't get feedback, which would seem to make sense given the feedback server is dropping the connection.

  • waider Level 1 (0 points)

    I've noticed that even with the certs corrected there seems to be a regular round of timeouts when talking to the server. This may well reflect the fact that I'm a casual user with no support contract, etc. and therefore no SLA. It may also be down to the fact that my broadband router isn't the most reliable piece of kit. I've found that since I made the cert correction, however, that when the system works it works without me having to do anything - in other words, that I've probably fixed all that can be fixed from the client side.


    (also, if this helps you, a "worked for me!" vote on the original fix would be appreciated!)

  • guillame Level 1 (10 points)

    What I found out is that when I disabled the IP firewall on the server, push notification started working. When I reenabled it, it stopped working. Unfortunately, I couldn't reproduce this behavior.

    Apple support told me that I need the following  ports open: TCP 1295 - APNS pushes, TCP 1296 - APNS feedbacks, and TCP 5223 for client connections. All ports are required for both outbound and inbound.

    I  tried opening the specified ports, and even opened 2195 and 2196 as the support expert had both versions in his response - with no success. Push notification doesn't work for me. Waiting for 10.8...

  • guillame Level 1 (10 points)

    Guys, Push notification seems to be working. I can't really point out why this is working now while it didn't a few days ago, as I didn't do any change in the last few days. It could be that:

    1. Apple had an issue on their end and they solved it

    2. After I opened TCP ports 2195, 2196 and 5223 as described above, it took the server/service a few days in order to sync with APNS

    3. The sevreal attempts to restart push notification service on the server took some time to effect

    4. All of the above

    5. All of the above, excluding #1


    I do get the following error though:

    3/16/12 12:32:00.010 AM Opening connection to apn feedback server for topic
    3/16/12 12:32:01.770 AM Disconnected from apn feedback server for topic

    ejhg859uhgu4: error (null)


    Will continue to investigate w/ Apple support.