0 Replies Latest reply: Sep 17, 2012 11:10 PM by Alex33
Alex33 Level 1 Level 1 (25 points)

Hi All,

 

I'm having some difficulties with OS X Server's (v10.8) Profile Manager. I had a perfectly working Profile Manager setup in Lion Server and then upgraded from 10.7 to 10.8 and installed the Server app, it migrated all services and I thought it's allright. However, it looks like that although Profile Manager is up and running, knows all groups, users and devices, it's not able to communicate correctly. Profile Manager needs a bunch of ports open and although they should be all open, a port scan reveils that they are not.

 

Profile Manager needs the following ports open to work properly:

 

http://support.apple.com/kb/HT5302

 

When I run a portscan over our mdm server running Profile Manager, it gives me only these ports open:

           Open TCP Port:           22                         ssh

           Open TCP Port:           25                         smtp

           Open TCP Port:           53                         domain

           Open TCP Port:           80                         http

           Open TCP Port:           88                         kerberos

           Open TCP Port:           106                        3com-tsmux

           Open TCP Port:           143                        imap

           Open TCP Port:           311                        asip-webadmin

           Open TCP Port:           389                        ldap

           Open TCP Port:           443                        https

           Open TCP Port:           445                        microsoft-ds

           Open TCP Port:           464                        kpasswd

           Open TCP Port:           548                        afpovertcp

           Open TCP Port:           587                        submission

           Open TCP Port:           625                        dec_dlm

           Open TCP Port:           636                        ldaps

           Open TCP Port:           749                        kerberos-adm

           Open TCP Port:           993                        imaps

           Open TCP Port:           1640                       cert-responder

           Open TCP Port:           2000                       callbook

           Open TCP Port:           3659                       apple-sasl

           Open TCP Port:           4190                       sieve

           Open TCP Port:           5900                       rfb

 

So what's obviously missing is port 2195, 2196, and 5223. Playing around with pfctl I'm not seeing success in enabling the ports. Is anybody around that is familiar with PFCTL in OS X Server and has had the issue before? I just need to know how to add these ports as a rule to PF. I suspect that the update didn't work 100% fine and thus disabled the ports.

 

Thanks,

 

Alex