9 Replies Latest reply: Aug 12, 2012 11:15 PM by Mark23
Subrunner7 Level 1 (0 points)

I'm running 10.7.4 on my Mac Mini and my iMac.  I administer my Mac Mini server from my iMac.  I am unable to connect using fully qualified domain name. Even after checking the items in this article. 

I am able to connect if I use the internal network ip address or the servername.local name.

Has anyone had this problem and what was done to fix it.  Thanks

Mac mini, Mac OS X (10.7.4)
  • Mark23 Level 3 (975 points)

    Is the external interface configured with your static IP, asuming that you indeed have one as any server should?

    If so, the first thing that comes to mind is af firewall issue. What services are you tying to reach and are the associated port numbers open to be accessed from the outside?

  • Subrunner7 Level 1 (0 points)

    I think I have in essence what you are asking. I do have the ability to access a website I host on my Lion Server through a fully qualified domain name (FQDN).  Typing the url into my browser pulls up the website without problems. I have also cleared browser cache and reloaded pages w/o issue.   I use dyndns for dynamically updated external ip address.

    I also have VPN services working w/o issue from my iMac.

    But when I try to access it via Server app I get the log in dialog and when I select the listed server that I want to access (it's listed name is my FQDN with local ip address) and fill in my password it shakes like I have the wrong log in info.

    If I use the Server App and enter the local ip address it connnects with the same user name and password that I used before.

    Note my server and the computer I am using to administer it are on the same internal network and I'm trying to get this to work so I can install the Server App on my macbook which I will use to adminsiter the server when I am away from my home network.


    I have also tried to connect via the VPN without success when using the FQDN.

    I don't know what the specific port is for Server App.

  • Mark23 Level 3 (975 points)

    It's port 687 (TCP) that needs to be opened.

    For L2TP VPN you'd need port 1701 (UDP) to be opened.

    For PPTP VPN you'd need port 1723 (TCP) to be opened/

    (source: Well known TCP and UDP ports used by Apple software products)


    The server being located on the same subnet should not be a problem, however do make sure all the ports needed are forwarded from your modem and router to your server. If you choose to forward all incomming traffic to your server, please make sure you have the firewall enabled and configured to allow only access to the ports you want to as listed in the document above at least from the "any" group within server admin's firewall section.

  • Mark23 Level 3 (975 points)

    I believe I read your post wrongly... Lion Server sets up it's own DNS server if it can't find one at install time, so adding the internal IP as a DNS server to your client's network preferences should enable you to access the machine by it's FQDN, provided that the DNS service lists the FQDN.


    You can access the DNS server via Server Admin.

  • Subrunner7 Level 1 (0 points)

    Mark23 thank you for engaging on my challenge. 

    I did fwd port 687 to my server but I have the same inability to access the server via Server App. 

    I also ensured my server is set up with a static ip address and all requisite ports for FTP are properly forwarded.

    I tested FTP and it work fine and had been okay.

    I also verified that the lion server's DNS server is set with the same ip address as itself.


    I have noticed that when I try to connect using the internal ip address I don't  see the certificate verification warning come up. 


    Could I have a bad certificate that is not popping up for verification?


    Again thank you for the time you have expended in trying to help me.

  • Mark23 Level 3 (975 points)

    The certificate verification warning isn't supposed to come up if:

    - you connect through to a connection that isn't supposed to be encrypted, or

    - you have a valid certificate set up that has been issued by an official certificate authority.


    I have noticed that when I try to connect using the internal ip address I don't  see the certificate verification warning come up.


    Could I have a bad certificate that is not popping up for verification?


    Since you are administering the server from the same subnet behind a firewall, I guess there's no need for an encrypted connection


    Did you enter your server's IP as an additional DNS server in your client's network preferences?

  • Subrunner7 Level 1 (0 points)

    I do not have a certificate provided by a certificate authority.  I noticed that when I first installed Lion Server I received a push notification email from Apple regarding certs.


    I have the server IP address as an additional DNS server but it still does not allow me to access the server via the server app.

  • Subrunner7 Level 1 (0 points)

    Mark23, I think I have solved the problem based on your first recommendation regarding the external interface being configured with my static ip.

    I wasn't sure what that meant but after looking at the dyndns Updater, I found the interface drop down and selected my static ip.  I am now able to connect using the server app on my client computer.


    My apologies for not catching that earlier but your first recommendation was truely the solution to the whole issue.


    Thank you very much!!

  • Mark23 Level 3 (975 points)

    It was a joy helping you out