Previous 1 2 Next 26 Replies Latest reply: Oct 12, 2012 6:17 AM by Mark23
Mark23 Level 3 Level 3

should be to install the 10.7.3 Combo update found here OS X Lion Update 10.7.3 (Server) Combo or a newer version of the combo update.


I found that all problems I had with refusing services in Server Admin and were solved this way.


You should reboot afterwards....


I now still am having problems with Webmail, but this post helped me in the past and I'm sure it will now...


Hope this helps!

MacBook Pro (17-inch Early 2009), Mac OS X (10.7.2), 8GB, 2,93 GHz Intel Core 2 Duo
  • Mark23 Level 3 Level 3

    Today I made a backup of all my normal users by selecting them in Workgroup Manager and then click Server --> Export, then I demoted my Open Directory to stand alone via Server admin, only to promote it again to OD Master using's Manage --> Manage users menu item.


    After that I had to reset all passwords by hand, which is not a daunting task for a small organization, although I would like the option to reset the passwords to a their default value.


    After the OD-promotion through all certificates are back in place, only did I get the message "Diagnostic-code: smtp;530 5.7.0 Must issue a STARTTLS command first" in return when sending an e-mail to my server. That can be corrected by going to Server Admin: Mail: Settings: Advanced: Security and select use for SMTP SSL under Secure Sockets Layer (SSL).


    I'd set IMAP and POP SSL to Require if you've gotten a certificate from an external Certificate Authority.


    I did all this because my previous OD-master was put together through Server Admin, like I was used to in Snow Leopard, but that doesn't seem to do as much as in terms of configuring your system.

  • Mark23 Level 3 Level 3

    By the way, my webmail problems haven't been solved using the above link, so if someone has any suggestions I'd be glad to hear them.

  • Mark23 Level 3 Level 3

    Fixing webmail has been solved by someone else:


    1.  Turn off all services under Server app.

    2.  Under Hardware, settings, change SSL certificate to "none"

    3.  Under Hardware, network, reset host name again.

    4.  Under Hardware, settings, change SSL certificate back to correct one

    5.  Turn Web service ON.


    It may still say /var/empty.


    6.  Turn Wiki service ON

    7.  Recheck Web service.  It should be changed to /Library/Server/Web/Data/Sites/Default.

  • Mark23 Level 3 Level 3

    To get webmail working there is yet another huge step involved in the proces of fixing this:


    8. Turn mail on in and make sure Enable Webmail is ticked...



  • Mark23 Level 3 Level 3

    To get VPN working on Lion Server, please follow this guide:


  • Mark23 Level 3 Level 3

    Mac VPN Settings


    We have a lot of customers who use their Mac mini as a VPN server.This works great when you need an IP address in the US, or a secure internet connection on the road, or a number of other reasons. When Apple released Lion, they changed the setup a bit. By default, Lion Server VPN will distribute IP addresses in the same range the Mac itself uses. This doesn't work well in a facility like Macminicolo where each Mac mini has a static WAN IP address.

    This tutorial will show how to make the Mac mini an internet gateway that assigns a LAN IP range to connected VPN clients. This tutorial was created on Lion 10.7.1, and proven to continue working when upgraded to 10.7.2. Read over the steps below, and then follow each one closely.


    Before we start the process, be sure you have downloaded and installed the Server Admin Tools for Lion. Those can be found on the Apple Support site here.

    Open the network settings on the Mac mini and add a virtual interface:



    Once the interface is created as "LAN" then set the settings as below (ie,


    Open Server Admin and check the following services so they are available. The dots will remain grey as they are not yet active.:


    Choose the "NAT" service, be sure you are on the "Overview" tab and click "Gateway Setup Assistant":


    It will warn that you are going to overwrite the DHCP subnets. This is fine:


    Select Ethernet for the WAN interface:


    Check "LAN" as the LAN Interface (this is the virtual interface you setup earlier):


    Next we will enable the VPN server. Your Shared Secret will be shared with any of the clients that you allow to connect:


    Next will be a window where you can confirm the settings and continue. When it's done, it will be reported as complete:



    The Gateway Setup should now be done and the four services should be enabled with green dots. First, go to the Firewall setting and be sure your proper ports are open. This would include the ARD ports so you can access the machine remotely and check all the VPN L2TP ports so you can connect to the new VPN server you are setting up. Or, you can choose to allow all traffic. Then Save:


    Go to the DNS service in Server Admin and set the Forwarder IP Addresses to the DNS addresses that your Mac mini uses. (For Macminicolo customers, that is and


    You can now close Server Admin. Next, open up and go to the VPN service. The service will be running already but we need to make two changes. First, we will need to change the subnet. It will default to 192.168.1.x, but it must be 192.168.2.x. Next, you can decide the range of IPs that you want to assign. For instance, if you anticipate 50 users, you would use a range of fifty. (ie, - Below are two screenshots of how it will look at first, and then how it will look after you change it.



    At this point, disable the VPN Server, wait 20 seconds, and enable it again.

    Next, open up terminal so we can we can run one command. You'll be prompted for your admin password. This is the command:

    sudo serveradmin settings = ""


    Finally, return to the VPN service, disable it, wait 20 seconds, and enable it again. After that, your VPN server should be active and ready for connections.

    A couple notes:

    If you go back to your network settings, you'll see that the IP address has changed from what you originally set. Also, you'll see that it's 192.168.1.x and not 192.168.2.x. Both of these are correct changes. Don't alter them.


    If it doesn't connect right away, you may try the Terminal command again, and disabling/enabling the VPN service. Sometimes it takes a couple tries to rewrite the plist.

    This tutorial was done on a Mac mini with a clean install of the operating system. As you set it up, be sure it doesn't conflict with other services you may already have running.

    If you try to connect from behing an Apple router (Airport Extreme or Airport Express) it may report that the server is unreachable. I wish I could give you a fix for this, but it looks to be a bug with the way the AE handles NAT, Back to my Mac, VPNs, and the mix of them. Hoping this will be fixed with an AE firmeware update.)

    Mac OS X Client Configuration:

    Setting up the client in OS X is just like any other VPN, but here are a couple tips. First, it will be done in the Network Settings. Create a new VPN interface with the "+" button and put in your settings. (this will include your server address and VPN account name:


    In Authenication Settings, provide your account password, and the Shared Secret. Hit OK.


    Under Advanced, you'll be able to set for all traffic to be sent thru the VPN. There are other settings as well so you can connect in a way that works best in your situation.


    Finally, you just hit connect.

    This tutorial got a lot of help from Rusty Ross, a great consultant that works with some customers here at Macminicolo. (Let us know if you'd like to be referred.) If you have questions, you can find us on Twitter @macminicolo. And if you're looking for somewhere safe and connected to place a VPN server, checkout our prices to host a Mac mini with us.

    About, a Las Vegas colocation company, has been hosting Mac minis since their introduction in January 2005. They are the leaders in this niche market and are known for their personal service. They currently host hundreds of Mac minis for satisfied customers located in 31 different countries around the world. Get more info on our frequently asked questions page.

    More Information
    Pricing and Options

  • David Furland Level 1 Level 1

    This also solves the problem, where you can't acces Profile Manager frontend.

  • Mark23 Level 3 Level 3



    In order to get IPv6 working with the services Lion has to offer, please enter the following in @ your server (just replace the bold tekst with your IPv6 address or range):


    1. sudo -s
    2. ip6fw -f flush
    3. ip6fw -q add allow udp from any to {your IPv6 address or range} 5678,500,1701,4500
    4. ip6fw -q add allow tcp from any to {your IPv6 address or range} 8008,8443,2195,2196,5222,5223,5269,7777,139,548
    5. ip6fw -q add allow tcp from any to {your IPv6 address or range} 25,110,143,587,993,995,80,443,1640
    6. ip6fw -q add allow tcp from any to {your IPv6 address or range} 2195,2196,5223,625,22,311,5900,1723
    7. ip6fw -q add 65535 deny all from any to any

  • Mark23 Level 3 Level 3

    I had multiple IP's set on my server, which randomly seemed to switch. It seems like there is an incompatibility still between Server Admin and Since Apple is pressing developers to test server admin and I am confident those problems will resolve eventually, but for now I have deleted all-but-1 IPv4 and 1 IPv6 address (same interface), the networking interface overview for my server within Server Admin was updated and it looks like it works solid now, this was not by design I presume, so this must be another bug plaguing Lion...


    After upgrading Postgres to 9.1.3 and upgrading webmail (upgrade: usr/share/webmail) from, making a new site with the files stored in /Library/Server/Web/Data/Sites/CustomSitesDefault/webmail/ I made a symbolic link from that 'directory' to the actual built in webmail facility found in /usr/share/webmail by entering the following in terminal.

    ln -s -i /usr/share/webmail/ /Library/Server/Web/Data/Sites/CustomSitesDefault/webmail/


    By doing this it will ask to remove a directory, if you didn't put any important files in there, which I presume you didn't, confirm with the letter y and press enter.


    Webmail now works every time the way I want it Profile Manager is happy too... for now

  • jaygao168 Level 1 Level 1

    How do I fix Wiki "error reading settings" problem. I followed your instructions by resetting host name, it only fixed "Profiles Manager" issue. Wiki service window still keep showing "error reading settings". THANKS

  • Mark23 Level 3 Level 3

    First, please backup your now working Profile Manager database (device_management) using pgAdmin3 (found here:


    You'll need to run the following before pgAdmin3 can contact the PostgreSQL database:


    sudo nano /System/Library/LaunchDaemons/org.postgresql.postgres.plist


    and change the "listen_addresses" property. Then restart postgres (serveradmin stop postgres, serveradmin start postgres) and you'll have port 5432 open to connect with pgAdmin3 so you can access and back up your PostgreSQL database locally.


    Now for the wiki: after you've started Terminal from the utilities folder, run:


    sudo /System/Library/ServerSetup/CommonExtras/PostgreSQLExtras/CoreCollaborationPost


    NOTE that when you copy the command into terminal it will probably have a white space between "CoreCollaborationPost" and "" and thus will generate an error if you hit enter.


    That will build the roles and set up the database for use with wiki.

    If that doesn't help, please install MediaWiki (found here:, it was very simple to set up and it just works...


    Apple just didn't make the implementation of Postgres as user-friendly as they should have. Oh well, soon we'll have 10.7.4 (the new update to Lion) and a little later 10.8 (Mountain Lion; OS X's new version).



    Hope this helps.

  • Mark23 Level 3 Level 3

    After "and change the 'listen_addresses' property" I meant to say "to", but discussions wouldn't let me change any longer...

  • Mark23 Level 3 Level 3

    Thank you for asking me your question. I now found out that the web server shouldn't really be on the same server serving the wiki, so I'll change that.


    Shut down the Web-portion in while keeping the Wiki-portion intact. All problems should be gone now. I'm so happy

  • m3astwood Level 1 Level 1

    I have the same issue as jaygao168 where my Wiki is displaying "Error Reading Settings". I've had this issue in the past, and managed to fix it then but can't do it this time.


    I desperately need to get my wiki up and running because it has heaps on there. I have backed it up, but it didn't migrate into a new install of Lion Server...


    Every time I try to rebuild the CoreCollaboration SQL Extras sh it says:


    Is the server running locally and accepting connections on Unix domain socket "/var/pgsql_socket/.s.PGSQL.5432"?
    createdb: could not connect to database postgres: could not connect to server: No such file or directory


    It says that 4 times and does nothing. I've googled madly but can't get it to work. I feel like the postgres server is not running properly. Terminal says it is, but in logs and in my example its continually reports that it couldn't connect, or had incorrect permissions.


    I've fixed permissions a hundered times, but to no avail. Please help.

Previous 1 2 Next