User profile for user: czarcub
czarcub Author
User level: Level 1
5 points

VNC SSH and services do not start unless a user logs in

Running a fresh install of OS X 10.11 with server version 5.1.5


For some reason the mac mini will not show up on the network or allow any remote administration until you login with a user account.


VNC and SSH specifically do not work and report time outs.


The web service is accessible regardless of login status.


When I shut off filevault encryption on the mac the problem seems to go away. I manage about 8 other mac servers and have never seen this behaviour before on any of them with similar setups. Anyone have any ideas as to what might be going on?

Mac mini, OS X El Capitan (10.11.5), OS X Server 5.1.5

Posted on May 24, 2016 3:00 PM

Reply
2 replies
User profile for user: Strontium90
Strontium90
User level: Level 5
5,529 points

May 25, 2016 6:14 PM in response to czarcub

If I am reading your description correctly, I believe you stated that you enabled file vault encryption on the server's boot volume. This would explain the part about services not starting up until you "log in" as well as the eventual shutdown of the device if disk unlock is not completed. If you really have the drive encrypted, you are actually not logging in at this stage. You are authorizing the disk to unlock. Apple makes the disk unlock and eventual login seamless, but there are two steps going on. EFI hands the unlock credentials to login window and drop the authorized account to it's Desktop.


Now the one piece that is throwing me in your description is that you claim web ports respond during this period. That is not in line with typical behavior. An encrypted Mac will not initialize the ethernet (or wireless) until the disk is unlocked and a true boot sequence occurs. If you are able to boot an encrypted Mac and get a reply for web servers, that is new to me.


Generally, a server volume would not be encrypted. It produces a number of challenges for any administrator and normal deployment choices would physically secure the device. Some examples include the need to remotely reboot the server. If the device is encrypted, you will physically need to be in front of the machine to unlock the drive to complete the boot process. Failure to do this will result in the device powering off. Next, a server is usually physically secured in a way that limits access. In these circumstances, added disk encryption only hinders remote service as noted above. Also, disk encryption is protecting data at rest. A server should never be resting, so once the disk is unlocked and the device is booted, any exploit will have full access to your data.


Not sure if this answers your question. But it seems that disk encryption on your server is the cause of your issues.


Reid

Apple Consultants Network

Author - "El Capitan Server – Foundation Services"

Author - "El Capitan Server – Control & Collaboration"

Author - "El Capitan Server – Advanced Services"

:: Exclusively available in Apple's iBooks Store

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

VNC SSH and services do not start unless a user logs in

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up