SSL Addressbook-Service suddenly stopped working (OSX 10.7.5 Server)

Question

SSL Addressbook-Service suddenly stopped working (OSX 10.7.5 Server)

Hi,

i'm having problems with my Addressbook-Server. It suddenly stopped working with SSL. It work flawlessly for years and suddenly i can't reach it over SSL.

In the Browser I can reach the server with http://my.domain.at:8008/addressbooks/users/Lukas/ without a problem but as soon as i try it with the SSL URL https://my.domain.at:8443/addressbooks/users/Lukas/ it doesn't respond. T

he Calendar-Service works with and without SSL.

There are a few Konsol Messages

When trying to add an account.

05.10.15 09:02:30,831 accountsd[1031]: [CardDAVPlugin-ERROR] No 'AddlInfoKey' present to save: {

}

(CoreDAVHTTPStatusErrorDomain-Fehler 405.)

When an account it added via a profile. The 503 message commes every 30 seconds.

05.10.15 08:50:35,061 Contacts[715]: [CardDAVPlugin-ERROR] -getHomeInfo:[_controller containersAtURLs:{(

https://lukas@my.domain.at/addressbooks/__uids__/C098C3CC-6135-4E07-85F5-0693D35 074DD///lukas@my.domain.at/addressbooks/__uids__/C098C3CC-6135-4E07-85F5-0693D35074DD/

)}] Error Domain=CoreDAVHTTPStatusErrorDomain Code=405 "(null)" UserInfo={CoreDAVHTTPHeaders=<CFBasicHash 0x7fedfbc1fca0 [0x7fff7a86d890]>{type = immutable dict, count = 7,

entries =>

0 : Server = <CFString 0x7fedf9c4e570 [0x7fff7a86d890]>{contents = "Apache/2.2.26 (Unix) PHP/5.3.28 with Suhosin-Patch mod_ssl/2.2.26 OpenSSL/0.9.8za DAV/2"}

1 : Content-Type = <CFString 0x7fedf9c81210 [0x7fff7a86d890]>{contents = "text/html; charset=iso-8859-1"}

2 : Allow = <CFString 0x7fedf9c8a120 [0x7fff7a86d890]>{contents = "GET,HEAD,POST,OPTIONS"}

6 : Date = <CFString 0x7fedf9c96750 [0x7fff7a86d890]>{contents = "Mon, 05 Oct 2015 06:50:35 GMT"}

10 : Keep-Alive = <CFString 0x7fedf9cc4ab0 [0x7fff7a86d890]>{contents = "timeout=15, max=100"}

11 : Content-Length = 433

12 : Connection = <CFString 0x7fff7a811190 [0x7fff7a86d890]>{contents = "Keep-Alive"}

}

}

05.10.15 08:49:52,115 AddressBookSourceSync[933]: [CardDAVPlugin-ERROR] -getPrincipalInfo:[_controller supportsRequestCompressionAtURL:https://lukas@my.domain.at/principals/__uids__/C098C3CC-6135-4E07-85F5-0693D3507 4DD///lukas@my.domain.at/principals/__uids__/C098C3CC-6135-4E07-85F5-0693D35074DD/] Error Domain=CoreDAVHTTPStatusErrorDomain Code=503 "(null)" UserInfo={CoreDAVHTTPHeaders=<CFBasicHash 0x7f8f9b714270 [0x7fff7a86d890]>{type = immutable dict, count = 4,

entries =>

3 : Content-Length = 471

4 : Connection = close

5 : Content-Type = <CFString 0x7f8f9b55f6b0 [0x7fff7a86d890]>{contents = "text/html; charset=iso-8859-1"}

6 : Date = <CFString 0x7f8f9b5356f0 [0x7fff7a86d890]>{contents = "Mon, 05 Oct 2015 06:49:52 GMT"}

}

Since it gets 405 and 503 error messages it cant get to the server so there are no error messages on the server.

It is really strange that the calendar service is working and the contact service not via ssl.

Where should i look first. I haven't toughed any config files. Should i post any?

Thanks for for the support in advance

Posted on Oct 5, 2015 12:53 AM

Reply

Answer 1

jepping

Level 3

785 points

Oct 5, 2015 6:26 AM in response to luke__099486849888

Did you reboot the router already? Can the port 8843 at it's address be reached by using: http://www.yougetsignal.com/tools/open-ports/

Does it work locally?

Any changes in the configuration lately? Did you add any software or change services in web? Has the server been rebooted?

Goodluck

Jeffrey

Reply

Answer 2

Oct 5, 2015 7:03 AM in response to jepping

thank you very much for the response!

Server has been rebooted multiple times and the router has also been checked.

Internally i can't reach the 8843 Port when i'm testing it with the network utility.

In recent times nothing has changed. I have a couple of sites and redirects to nginx machines but that is running for good 2 years now.

But i saw that the /etc/caldavd/caldacd.plist was modified a few days ago. I dont now why but i restored that file from a few month ago but it still doesnt work.

When i try to restart the service i get the following error also and the plist filed is modified:

intern:apache2 admin$ sudo serveradmin start calendar

2015-10-05 16:00:34.702 serveradmin[8324:907] xswebconfig failed: Exception:

undefined method `downcase' for nil:NilClass

2015-10-05 16:00:36.123 serveradmin[8324:907] xswebconfig failed: Exception:

undefined method `downcase' for nil:NilClass

2015-10-05 16:00:37.715 serveradmin[8324:907] xswebconfig failed: Exception:

undefined method `downcase' for nil:NilClass

2015-10-05 16:00:39.295 serveradmin[8324:907] xswebconfig failed: Exception:

undefined method `downcase' for nil:NilClass

calendar:state = "RUNNING"

calendar:setStateVersion = 1

calendar:readWriteSettingsVersion = 1

luke

Reply

Answer 3

jepping

Level 3

785 points

Oct 5, 2015 7:18 AM in response to luke__099486849888

Hi Luke,

What do you get from this command:

sudo serveradmin settings addressbook

and can you reach this address on your server itself: https://127.0.0.1:8843

When you restored that file, did you check for the correct permissions?

Has access to the contacts been limited by the new server.app? Go to the server.app, top left, select your server and go to access. Anything different there?

Goodluck

Jeffrey

Reply

Answer 4

Oct 5, 2015 7:46 AM in response to luke__099486849888

thanks again for the help!

I used Time-Machine to restore the file. The permissions are root:wheel rw-r-r. Same as the caldavd.plist.default file in the same directory.

I think i am blind regarding the server.app access pane. I only know that from the server_admin.app, but cant find it in the server.app. can you specify in there that you can only connect via http and not via https.

I can connect to the server without a problem with http but cant on https even on the server directly with the local IP https://127.0.0.1:8843/.

For the command "sudo serveradmin settings addressbook" im getting:

addressbook:MaxResourceSize = 1048576

addressbook:WebCalendarAuthPath = "/auth"

addressbook:DirectoryService:params:cacheTimeout = 1

addressbook:DirectoryService:params:node = "/Search"

addressbook:DirectoryService:type = "twistedcaldav.directory.appleopendirectory.OpenDirectoryService"

addressbook:Aliases = _empty_dictionary

addressbook:BindSSLPorts:_array_index:0 = 8443

addressbook:BindSSLPorts:_array_index:1 = 8843

addressbook:EnablePrincipalListings = no

addressbook:EnableDropBox = yes

addressbook:DocumentRoot = "/Volumes/ServerData/Library/Server/Calendar and Contacts"

addressbook:ConfigRoot = "/etc/caldavd"

addressbook:SSLPrivateKey = "/etc/certificates/intern.dolzer.at.3E8305035A77FF951926411713656293DA077B3E.ke y.pem"

addressbook:FreeBusyURL:AnonymousAccess = no

addressbook:FreeBusyURL:Enabled = yes

addressbook:FreeBusyURL:TimePeriod = 14

addressbook:ProcessType = "Combined"

addressbook:GlobalStatsSocket = "caldavd-stats.sock"

addressbook:UserName = "calendar"

addressbook:MaxInstancesForRRULE = 400

addressbook:Sharing:Enabled = yes

addressbook:BindHTTPPorts:_array_index:0 = 8008

addressbook:BindHTTPPorts:_array_index:1 = 8800

addressbook:EnableAnonymousReadRoot = no

addressbook:GroupName = "calendar"

addressbook:SSLAuthorityChain = "/etc/certificates/intern.dolzer.at.3E8305035A77FF951926411713656293DA077B3E.ch ain.pem"

addressbook:DSN = ":caldav:caldav:::"

addressbook:HTTPPort = 8008

addressbook:PIDFile = "caldavd.pid"

addressbook:ServerRoot = "/Volumes/ServerData/Library/Server/Calendar and Contacts"

addressbook:EnableTimezoneService = yes

addressbook:UserQuota = 104857600

addressbook:EnableWebAdmin = yes

addressbook:GlobalSharedAddressBook:GroupShortName = "workgroup"

addressbook:EnableCalDAV = yes

addressbook:MaxCollectionsPerHome = 50

addressbook:MultiProcess:ProcessCount = 0

addressbook:EnableProxyPrincipals = yes

addressbook:Authentication:Digest:Algorithm = "md5"

addressbook:Authentication:Digest:Enabled = yes

addressbook:Authentication:Digest:Qop = ""

addressbook:Authentication:Kerberos:ServicePrincipal = ""

addressbook:Authentication:Kerberos:Enabled = yes

addressbook:Authentication:Wiki:UseSSL = no

addressbook:Authentication:Wiki:Enabled = yes

addressbook:Authentication:Wiki:Hostname = "127.0.0.1"

addressbook:Authentication:Basic:Enabled = no

addressbook:ErrorLogFile = "error.log"

addressbook:EnableMonolithicCalendars = yes

addressbook:DefaultLogLevel = "warn"

addressbook:MaxAttendeesPerInstance = 100

addressbook:SSLCertificate = "/etc/certificates/intern.dolzer.at.3E8305035A77FF951926411713656293DA077B3E.ce rt.pem"

addressbook:ReadPrincipals = _empty_array

addressbook:EnableSACLs = yes

addressbook:RunRoot = "/var/run/caldavd"

addressbook:DBType = "postgres"

addressbook:Notifications:CoalesceSeconds = 3

addressbook:Notifications:Services:XMPPNotifier:CalDAV:SubscriptionURL = "https://intern.dolzer.at:8080/subscription"

addressbook:Notifications:Services:XMPPNotifier:CalDAV:APSBundleID = "com.apple.calendar.XServer.6dabaeaf-13fa-4f1e-b651-2de7f4f28b07"

addressbook:Notifications:Services:XMPPNotifier:Host = "intern.dolzer.at"

addressbook:Notifications:Services:XMPPNotifier:CardDAV:SubscriptionURL = "https://intern.dolzer.at:8080/subscription"

addressbook:Notifications:Services:XMPPNotifier:CardDAV:APSBundleID = "com.apple.contact.XServer.fa0445e4-6902-4756-8b7f-d1cae0c4bb69"

addressbook:Notifications:Services:XMPPNotifier:JID = "com.apple.notificationuser@intern.dolzer.at"

addressbook:Notifications:Services:XMPPNotifier:Enabled = yes

addressbook:Notifications:Services:XMPPNotifier:Service = "twistedcaldav.notify.XMPPNotifierService"

addressbook:Notifications:Services:XMPPNotifier:Password = "khsZTE8sMhmT8kPh"

addressbook:Notifications:Services:XMPPNotifier:Port = 5218

addressbook:Notifications:Services:XMPPNotifier:ServiceAddress = "pubsub.intern.dolzer.at"

addressbook:EnableAnonymousReadNav = no

addressbook:ServerHostName = ""

addressbook:DataRoot = "Data"

addressbook:EnablePrivateEvents = yes

addressbook:BindAddresses = _empty_array

addressbook:AdminPrincipals = _empty_array

addressbook:RedirectHTTPToHTTPS = yes

addressbook:EnableSearchAddressBook = no

addressbook:EnableCardDAV = yes

addressbook:DirectoryAddressBook:params:queryPeopleRecords = no

addressbook:DirectoryAddressBook:params:queryUserRecords = no

addressbook:DirectoryAddressBook:Enabled = yes

addressbook:LogRoot = "/var/log/caldavd"

addressbook:SSLPort = 8443

addressbook:MaxResourcesPerCollection = 10000

addressbook:AccessLogFile = "access.log"

addressbook:RotateAccessLog = yes

addressbook:OpenDirectoryModule = "calendarserver.platform.darwin.od.opendirectory"

addressbook:EnableSSL = yes

addressbook:Scheduling:CalDAV:EmailDomain = ""

addressbook:Scheduling:CalDAV:HTTPDomain = ""

addressbook:Scheduling:CalDAV:AddressPatterns = _empty_array

addressbook:Scheduling:iMIP:Sending:Server = "localhost"

addressbook:Scheduling:iMIP:Sending:UseSSL = yes

addressbook:Scheduling:iMIP:Sending:Username = "com.apple.calendarserver"

addressbook:Scheduling:iMIP:Sending:Address = "com.apple.calendarserver@intern.dolzer.at"

addressbook:Scheduling:iMIP:Sending:Password = "beZOSXJeruDgfrA5"

addressbook:Scheduling:iMIP:Sending:Port = 587

addressbook:Scheduling:iMIP:Enabled = yes

addressbook:Scheduling:iMIP:MailGatewayPort = 62310

addressbook:Scheduling:iMIP:Receiving:Server = "localhost"

addressbook:Scheduling:iMIP:Receiving:UseSSL = yes

addressbook:Scheduling:iMIP:Receiving:Username = "com.apple.calendarserver"

addressbook:Scheduling:iMIP:Receiving:PollingSeconds = 30

addressbook:Scheduling:iMIP:Receiving:Type = "imap"

addressbook:Scheduling:iMIP:Receiving:Password = "beZOSXJeruDgfrA5"

addressbook:Scheduling:iMIP:Receiving:Port = 993

addressbook:Scheduling:iMIP:AddressPatterns:_array_index:0 = "mailto:.*"

addressbook:Scheduling:iMIP:MailGatewayServer = "localhost"

addressbook:Scheduling:iSchedule:Enabled = no

addressbook:Scheduling:iSchedule:Servers = "servertoserver.xml"

addressbook:Scheduling:iSchedule:AddressPatterns = _empty_array

luke

Reply

Answer 5

jepping

Level 3

785 points

Oct 5, 2015 7:56 AM in response to luke__099486849888

You should resolve the reachability of https://127.0.0.1:8843. It that doesn't work, any other work will not help at all.

It could be a firewall rule, redirect in webservices or limited access due to restrictions setup in the server.app.

Go to the top left in the server.app, click on your server icon (a macmini for instance) en go to the tab on the right named access.

Verify access to the contacts services there.

Do you get a not allowed or another message when you try to reach your server.

Also please clean up the export of your settings, it has some passwords and perhaps will grant access to your server in them.

Goodluck

Jeffrey

Reply

Answer 6

Oct 5, 2015 8:46 AM in response to jepping

that is really strange that i cannot connect it directly on the server on port 8843/8443.

The browser acts like there is no httpd-service running on port 8843 "cannot connect to the server" no permissions error, but normal sites with the standard 443 ports work normal.

There is no firewall running on the server right now.

I am still blind. Can it be that because i'm still on lion 10.7 that i don't have that feature. I see it in the Server-Admin.app and there i have access to the contact service.

Reply

Answer 7

Oct 5, 2015 9:12 AM in response to luke__099486849888

i'm seeing that the server is not listening to the ports 8843/8443 now.

sudo lsof -i | grep LISTEN

launchd 1 root 9u IPv4 0xffffff803cf72c20 0t0 TCP localhost:31415 (LISTEN)

launchd 1 root 17u IPv6 0xffffff803cf78d80 0t0 TCP *:asip-webadmin (LISTEN)

launchd 1 root 18u IPv4 0xffffff803cf72500 0t0 TCP *:asip-webadmin (LISTEN)

launchd 1 root 23u IPv6 0xffffff803cf789c0 0t0 TCP localhost:ipp (LISTEN)

launchd 1 root 24u IPv4 0xffffff803cf71de0 0t0 TCP localhost:ipp (LISTEN)

launchd 1 root 94u IPv6 0xffffff803cf78600 0t0 TCP *:afpovertcp (LISTEN)

launchd 1 root 96u IPv4 0xffffff803cf716c0 0t0 TCP *:afpovertcp (LISTEN)

launchd 1 root 107u IPv4 0xffffff803cf70fa0 0t0 TCP *:dec_dlm (LISTEN)

launchd 1 root 108u IPv6 0xffffff803cf78240 0t0 TCP *:dec_dlm (LISTEN)

launchd 1 root 110u IPv4 0xffffff803cf70880 0t0 TCP *:rfb (LISTEN)

launchd 1 root 111u IPv6 0xffffff803cf77e80 0t0 TCP *:rfb (LISTEN)

launchd 1 root 113u IPv4 0xffffff803cf6ec00 0t0 TCP *:microsoft-ds (LISTEN)

launchd 1 root 114u IPv6 0xffffff803cf77ac0 0t0 TCP *:microsoft-ds (LISTEN)

launchd 1 root 116u IPv4 0xffffff803cf6e4e0 0t0 TCP *:22022 (LISTEN)

postgres_ 98 _postgres 3u IPv4 0xffffff80404b3c20 0t0 TCP localhost:postgresql (LISTEN)

master 99 root 12u IPv4 0xffffff803cf6fa40 0t0 TCP *:smtp (LISTEN)

master 99 root 13u IPv6 0xffffff803cf76f80 0t0 TCP *:smtp (LISTEN)

master 99 root 26u IPv4 0xffffff803f34ade0 0t0 TCP *:submission (LISTEN)

master 99 root 27u IPv6 0xffffff803cf76440 0t0 TCP *:submission (LISTEN)

slapd 100 root 8u IPv4 0xffffff803f349fa0 0t0 TCP *:ldap (LISTEN)

slapd 100 root 9u IPv6 0xffffff803cf75cc0 0t0 TCP *:ldap (LISTEN)

named 103 root 20u IPv4 0xffffff803f34bc20 0t0 TCP localhost:domain (LISTEN)

named 103 root 21u IPv4 0xffffff803f34b500 0t0 TCP intern.dolzer.at:domain (LISTEN)

named 103 root 22u IPv4 0xffffff803cf6f320 0t0 TCP localhost:xns-ch (LISTEN)

named 103 root 23u IPv4 0xffffff803f3474e0 0t0 TCP 172.16.30.1:domain (LISTEN)

named 103 root 24u IPv4 0xffffff804292f320 0t0 TCP 192.168.82.1:domain (LISTEN)

dovecotd 104 root 14u IPv4 0xffffff80404b3500 0t0 TCP *:sieve (LISTEN)

dovecotd 104 root 15u IPv6 0xffffff803cf75540 0t0 TCP *:sieve (LISTEN)

dovecotd 104 root 16u IPv4 0xffffff80404b2de0 0t0 TCP *:callbook (LISTEN)

dovecotd 104 root 17u IPv6 0xffffff803cf75180 0t0 TCP *:callbook (LISTEN)

dovecotd 104 root 21u IPv4 0xffffff80404b26c0 0t0 TCP *:pop3 (LISTEN)

dovecotd 104 root 22u IPv6 0xffffff8040533d80 0t0 TCP *:pop3 (LISTEN)

dovecotd 104 root 23u IPv4 0xffffff80404b1fa0 0t0 TCP *:pop3s (LISTEN)

dovecotd 104 root 24u IPv6 0xffffff80405339c0 0t0 TCP *:pop3s (LISTEN)

dovecotd 104 root 29u IPv4 0xffffff80404b1880 0t0 TCP *:imap (LISTEN)

dovecotd 104 root 30u IPv6 0xffffff8040533600 0t0 TCP *:imap (LISTEN)

dovecotd 104 root 31u IPv4 0xffffff80404b1160 0t0 TCP *:imaps (LISTEN)

dovecotd 104 root 32u IPv6 0xffffff8040533240 0t0 TCP *:imaps (LISTEN)

cupsd 105 root 11u IPv6 0xffffff803cf789c0 0t0 TCP localhost:ipp (LISTEN)

cupsd 105 root 12u IPv4 0xffffff803cf71de0 0t0 TCP localhost:ipp (LISTEN)

cupsd 105 root 14u IPv4 0xffffff8041cf4fa0 0t0 TCP *:ipp (LISTEN)

cupsd 105 root 15u IPv6 0xffffff803cf75900 0t0 TCP *:ipp (LISTEN)

Python 107 root 24u IPv4 0xffffff8041cf4160 0t0 TCP *:http-alt (LISTEN)

Python 107 root 25u IPv4 0xffffff8041cf3a40 0t0 TCP *:sunwebadmin (LISTEN)

Python 112 _teamsserver 4u IPv4 0xffffff80404af4e0 0t0 TCP *:8089 (LISTEN)

PasswordS 127 root 12u IPv4 0xffffff8041cf2c00 0t0 TCP *:apple-sasl (LISTEN)

PasswordS 127 root 13u IPv4 0xffffff8041cf24e0 0t0 TCP *:3com-tsmux (LISTEN)

PasswordS 127 root 14u IPv4 0xffffff8041e39c20 0t0 TCP *:apple-sasl (LISTEN)

PasswordS 127 root 17u IPv4 0xffffff8041e39500 0t0 TCP *:3com-tsmux (LISTEN)

kpasswdd 136 root 3u IPv6 0xffffff803cf77340 0t0 TCP *:kpasswd (LISTEN)

kpasswdd 136 root 6u IPv4 0xffffff803f34a6c0 0t0 TCP *:kpasswd (LISTEN)

kdc 137 root 6u IPv6 0xffffff8040532e80 0t0 TCP *:kerberos (LISTEN)

kdc 137 root 8u IPv4 0xffffff8041012c20 0t0 TCP *:kerberos (LISTEN)

kadmind 138 root 4u IPv4 0xffffff803f349880 0t0 TCP *:kerberos-adm (LISTEN)

kadmind 138 root 5u IPv6 0xffffff803cf76bc0 0t0 TCP *:kerberos-adm (LISTEN)

ruby 152 _teamsserver 7u IPv4 0xffffff80404b0320 0t0 TCP localhost:8085 (LISTEN)

ruby 153 _teamsserver 6u IPv4 0xffffff80404afc00 0t0 TCP localhost:8094 (LISTEN)

collabd 154 _teamsserver 5u IPv4 0xffffff803cf70160 0t0 TCP localhost:krb524 (LISTEN)

collabd 154 _teamsserver 6u IPv6 0xffffff803cf77700 0t0 TCP localhost:krb524 (LISTEN)

ruby 156 _teamsserver 9u IPv4 0xffffff8042932c20 0t0 TCP localhost:8093 (LISTEN)

ruby 157 _teamsserver 9u IPv4 0xffffff8042932500 0t0 TCP localhost:8092 (LISTEN)

ruby 158 _teamsserver 9u IPv4 0xffffff80425b3c00 0t0 TCP localhost:8091 (LISTEN)

ruby 159 _teamsserver 9u IPv4 0xffffff80425b34e0 0t0 TCP localhost:8090 (LISTEN)

ruby 160 _webauthserver 7u IPv4 0xffffff8041010160 0t0 TCP localhost:8086 (LISTEN)

APNBridge 166 _jabber 5u IPv4 0xffffff8041010880 0t0 TCP *:http-alt (LISTEN)

APNBridge 166 _jabber 9u IPv6 0xffffff8040532ac0 0t0 TCP *:http-alt (LISTEN)

iStatServ 170 root 6u IPv4 0xffffff80425b5160 0t0 TCP *:5109 (LISTEN)

iStatServ 170 root 9u IPv6 0xffffff804745f9c0 0t0 TCP *:5109 (LISTEN)

router 402 _jabber 5u IPv4 0xffffff804100e4e0 0t0 TCP localhost:5348 (LISTEN)

c2s 403 _jabber 6u IPv6 0xffffff8040531f80 0t0 TCP *:5218 (LISTEN)

s2s 404 _jabber 7u IPv6 0xffffff8040531bc0 0t0 TCP *:5268 (LISTEN)

screensha 441 root 5u IPv4 0xffffff803cf70880 0t0 TCP *:rfb (LISTEN)

screensha 441 root 6u IPv6 0xffffff803cf77e80 0t0 TCP *:rfb (LISTEN)

AppleFile 443 root 4u IPv6 0xffffff803cf78600 0t0 TCP *:afpovertcp (LISTEN)

AppleFile 443 root 5u IPv4 0xffffff803cf716c0 0t0 TCP *:afpovertcp (LISTEN)

mysqld 557 _mysql 12u IPv4 0xffffff80410116c0 0t0 TCP *:mysql (LISTEN)

memcached 604 _calendar 16u IPv4 0xffffff804100fa40 0t0 TCP localhost:11211 (LISTEN)

Python 625 _calendar 6u IPv4 0xffffff80425b7500 0t0 TCP localhost:62309 (LISTEN)

imap-logi 683 _dovenull 7u IPv4 0xffffff80404b1880 0t0 TCP *:imap (LISTEN)

imap-logi 683 _dovenull 8u IPv6 0xffffff8040533600 0t0 TCP *:imap (LISTEN)

imap-logi 683 _dovenull 9u IPv4 0xffffff80404b1160 0t0 TCP *:imaps (LISTEN)

imap-logi 683 _dovenull 10u IPv6 0xffffff8040533240 0t0 TCP *:imaps (LISTEN)

ruby 1058 _devicemgr 9u IPv4 0xffffff8041e38de0 0t0 TCP localhost:officelink2000 (LISTEN)

ruby 1060 _devicemgr 9u IPv4 0xffffff8041e386c0 0t0 TCP localhost:vnsstr (LISTEN)

ruby 1062 _devicemgr 9u IPv4 0xffffff8041e37160 0t0 TCP localhost:3322 (LISTEN)

ruby 1064 _devicemgr 9u IPv4 0xffffff80425b5fa0 0t0 TCP localhost:3323 (LISTEN)

ruby 1066 _devicemgr 9u IPv4 0xffffff8041e37880 0t0 TCP localhost:3324 (LISTEN)

ruby 1067 _devicemgr 9u IPv4 0xffffff80425b6de0 0t0 TCP localhost:3325 (LISTEN)

ruby 1068 _devicemgr 9u IPv4 0xffffff803f349160 0t0 TCP localhost:sftu (LISTEN)

ruby 1069 _devicemgr 9u IPv4 0xffffff80404b0a40 0t0 TCP localhost:bbars (LISTEN)

ruby 1070 _devicemgr 9u IPv4 0xffffff80425b7c20 0t0 TCP localhost:egptlm (LISTEN)

ruby 1071 _devicemgr 9u IPv4 0xffffff8041e35c00 0t0 TCP localhost:hp-device-disc (LISTEN)

smbd 1956 root 5u IPv4 0xffffff803cf6ec00 0t0 TCP *:microsoft-ds (LISTEN)

smbd 1956 root 6u IPv6 0xffffff803cf77ac0 0t0 TCP *:microsoft-ds (LISTEN)

httpd 4963 root 5u IPv6 0xffffff804745c540 0t0 TCP *:https (LISTEN)

httpd 4963 root 7u IPv6 0xffffff8054a67cc0 0t0 TCP *:http (LISTEN)

odproxyd 5858 root 5u IPv4 0xffffff803cf70fa0 0t0 TCP *:dec_dlm (LISTEN)

odproxyd 5858 root 6u IPv6 0xffffff803cf78240 0t0 TCP *:dec_dlm (LISTEN)

httpd 12583 _www 5u IPv6 0xffffff804745c540 0t0 TCP *:https (LISTEN)

httpd 12583 _www 7u IPv6 0xffffff8054a67cc0 0t0 TCP *:http (LISTEN)

httpd 12585 _www 5u IPv6 0xffffff804745c540 0t0 TCP *:https (LISTEN)

httpd 12585 _www 7u IPv6 0xffffff8054a67cc0 0t0 TCP *:http (LISTEN)

postscree 12589 _postfix 6u IPv4 0xffffff803cf6fa40 0t0 TCP *:smtp (LISTEN)

postscree 12589 _postfix 7u IPv6 0xffffff803cf76f80 0t0 TCP *:smtp (LISTEN)

httpd 12612 _www 5u IPv6 0xffffff804745c540 0t0 TCP *:https (LISTEN)

httpd 12612 _www 7u IPv6 0xffffff8054a67cc0 0t0 TCP *:http (LISTEN)

httpd 12615 _www 5u IPv6 0xffffff804745c540 0t0 TCP *:https (LISTEN)

httpd 12615 _www 7u IPv6 0xffffff8054a67cc0 0t0 TCP *:http (LISTEN)

httpd 12616 _www 5u IPv6 0xffffff804745c540 0t0 TCP *:https (LISTEN)

httpd 12616 _www 7u IPv6 0xffffff8054a67cc0 0t0 TCP *:http (LISTEN)

httpd 12617 _www 5u IPv6 0xffffff804745c540 0t0 TCP *:https (LISTEN)

httpd 12617 _www 7u IPv6 0xffffff8054a67cc0 0t0 TCP *:http (LISTEN)

httpd 12618 _www 5u IPv6 0xffffff804745c540 0t0 TCP *:https (LISTEN)

httpd 12618 _www 7u IPv6 0xffffff8054a67cc0 0t0 TCP *:http (LISTEN)

httpd 12619 _www 5u IPv6 0xffffff804745c540 0t0 TCP *:https (LISTEN)

httpd 12619 _www 7u IPv6 0xffffff8054a67cc0 0t0 TCP *:http (LISTEN)

httpd 12620 _www 5u IPv6 0xffffff804745c540 0t0 TCP *:https (LISTEN)

httpd 12620 _www 7u IPv6 0xffffff8054a67cc0 0t0 TCP *:http (LISTEN)

httpd 12622 _www 5u IPv6 0xffffff804745c540 0t0 TCP *:https (LISTEN)

httpd 12622 _www 7u IPv6 0xffffff8054a67cc0 0t0 TCP *:http (LISTEN)

Reply

Answer 8

Oct 6, 2015 12:10 AM in response to luke__099486849888

OK now a really strange think is happening. This morning I'm suddenly able to connect to https://localhost:8843/. I can also connect from machines pre iOS9 and OSX 10.11.

But on iOS9 and El Capitan it doesn't work.

Reply

Answer 9

Oct 7, 2015 2:16 AM in response to luke__099486849888

I think, that it might be possible, that also in OS X 10.7.5 Server the calendar and the addressbook server still use SSLv3, but iOS 9 and OS X 10.11 El Capitan require at least TLSv1.

I needed to change this here on our Mac OS X 10.6.8 Server also to ensure, that clients which use iOS 9 and OS X 10.11 can still connect to those services.

I changed all SSLv3 and SSLv23 configurations to use TLSv1 only.

I stopped iCal and Addressbook Servers and then I used TextWrangler to do a multi file search for "SSLv3" and "SSLv23" in the folders:

/usr/share/caldav/lib/python

/usr/share/carddav/lib/python

I replaced "SSLv3" and "SSLv23" with "TLSv1" in all .py files accordingly (be careful - don't use "Replace all" !!! - AND: be sure, to have a backup !!!) and then started the services again. Since I made those changes, all clients can connect without a problem.

Hope, this helps.

Reply

Answer 10

Oct 7, 2015 5:44 AM in response to MacPro_de

hello,

thanks very much for the tip. I think that is the problem. Because when i try to connect with firefox i get an encryption mismatch error.

i changed "SSLv3_METHOD" to "TLSv1_METHOD" in 2 files

twistedcaldav/stdconfig.py
twext/internet/ssl.py

but it still doesn't work. i think I will bite the bullet and upgrade to Yosemite Server later this week.

Reply

Answer 11

Oct 7, 2015 6:21 AM in response to luke__099486849888

Patching just 2 files will not work.

I think, that I needed to patch the following files in Mac OS X Server 10.6.8:

/usr/share/caldavd/lib/python/twext/internet/ssl.py

/usr/share/caldavd/lib/python/twisted/internet/_sslverify.py

/usr/share/caldavd/lib/python/twisted/internet/ssl.py

/usr/share/caldavd/lib/python/twisted/test/ssl_helpers.py

/usr/share/caldavd/lib/python/twisted/test/test_ssl.py

/usr/share/caldavd/lib/python/twisted/test/test_sslverify.py

/usr/share/caldavd/lib/python/twistedcaldav/config.py

/usr/share/carddavd/lib/python/twistedcaldav/config.py

/usr/share/caldavd/lib/python/twisted/mail/imap4.py

/usr/share/caldavd/lib/python/twisted/mail/pop3client.py

/usr/share/caldavd/lib/python/twisted/mail/protocols.py

/usr/share/caldavd/lib/python/twisted/mail/smtp.py

/usr/share/caldavd/lib/python/twisted/mail/test/pop3testserver.py

The folder structure in OS X 10.7.5 might be different.

Reply

Answer 12

jepping

Level 3

785 points

Oct 7, 2015 7:42 AM in response to luke__099486849888

Lion Server will not receive any updates or security patches from Apple, so perhaps an upgrade is not a bad choice. Today addressbook with an SSL mismatch, tomorrow could be another component not functioning correctly.

Keeping those changes going, documenting them and creating backups, might not be worth all the effort.

If it works for now, great. But if new issues arise, I would recommend upgrading to the latest and greatest.

Goodluck

Jeffrey

Reply

Answer 13

Oct 7, 2015 8:12 AM in response to jepping

You are right, Jeffrey,

basically I would also suggest to Luke to make the upgrade to a more recent version of the Server software.

The fun part is, that migrating an old (and working) Mac OS X Server 10.6.8 or OS X Server 10.7.5 to the latest and greatest version - especially in regard to OS X Server 5.x - perhaps solves some issues, but also will cause "a few" new issues 😉 (depending on the intended application of the server)...

In any case, you are right - an upgrade needs to be done. The above mentioned patches can only be a preliminary solution.

Reply

Answer 14

Oct 7, 2015 2:54 PM in response to MacPro_de

Great! It worked!

Thank you very much!

Reply

Answer 15

Oct 7, 2015 3:01 PM in response to MacPro_de

First off i wanna thank jf and Jeffrey for there time and help.

I successfully updated to 10.11 (i risked it 😝) and now everything is working besides device manager, but that problem I'm tackling another day.

greetings

luke

Reply