Dalone55

Q: After OSX 10.11.6 and Server 5.1.7 Update No Longer Can connect via screen sharing

I did the updates using screen sharing, now screen sharing won't work. 2 servers, both with the same problems. I can connect to other computers on the network, just not the servers.

iMac, OS X El Capitan (10.11.1), iMac (20-inch, Mid 2007)

Posted on Jul 26, 2016 11:33 AM

Close

Q: After OSX 10.11.6 and Server 5.1.7 Update No Longer Can connect via screen sharing

  • All replies
  • Helpful answers

  • by paolofromkent,

    paolofromkent paolofromkent Jul 26, 2016 11:31 AM in response to Dalone55
    Level 1 (8 points)
    Jul 26, 2016 11:31 AM in response to Dalone55

    HI i need a new internet browser but i can't  dowload from any web site ,i got i mac early 2009

    10.7.5 can you help me ……sorry for my primitive english

  • by Linc Davis,

    Linc Davis Linc Davis Jul 26, 2016 12:12 PM in response to Dalone55
    Level 10 (207,926 points)
    Applications
    Jul 26, 2016 12:12 PM in response to Dalone55

    From the menu bar on the Screen Sharing server, please select

               â–¹ System Preferences... â–¹ Users & Groups â–¹ Login Options

    and check the box marked

              Allow network users to log in at the login window

    If there's a closed padlock icon in the lower left corner of the preference pane, you may need to click it to unlock the settings. Enter your login password when prompted.

    Note that this option is only available when the server is bound to a network directory server.

    See also:

    Screen Sharing with Open Directory Authentication

  • by Dalone55,

    Dalone55 Dalone55 Jul 26, 2016 2:20 PM in response to Linc Davis
    Level 1 (4 points)
    Servers Enterprise
    Jul 26, 2016 2:20 PM in response to Linc Davis

    The box was already checked, the entire line is greyed out.

     

    Did I mention that this screen sharing worked perfectly fine last week? Something in the update made a change to my setup, somehow.

  • by Linc Davis,

    Linc Davis Linc Davis Jul 26, 2016 2:31 PM in response to Dalone55
    Level 10 (207,926 points)
    Applications
    Jul 26, 2016 2:31 PM in response to Dalone55

    Logs?

  • by Dalone55,

    Dalone55 Dalone55 Jul 26, 2016 2:46 PM in response to Linc Davis
    Level 1 (4 points)
    Servers Enterprise
    Jul 26, 2016 2:46 PM in response to Linc Davis

    I appreciate your time.

     

    Which logs would you like to see, there are lots of them.

     

    BTW: I just installed Server 5.1.7 on my client (iMac) so I could remotely connect, and am unable to log in.

  • by Linc Davis,

    Linc Davis Linc Davis Jul 26, 2016 2:49 PM in response to Dalone55
    Level 10 (207,926 points)
    Applications
    Jul 26, 2016 2:49 PM in response to Dalone55

    A short extract (no more than ten lines) from All Messages on both the client and the server, corresponding to a failed connection attempt, would do.

  • by Dalone55,

    Dalone55 Dalone55 Jul 26, 2016 2:51 PM in response to Linc Davis
    Level 1 (4 points)
    Servers Enterprise
    Jul 26, 2016 2:51 PM in response to Linc Davis

    Quoting Apple:

    OS X Server basics

    With OS X Server, small organizations and workgroups without an IT department can take full advantage of the benefits of a server. A nontechnical user can easily set up and manage OS X Server for a group.

     

    I wouldn't say I am totally non-technical, but, I'm not an IT department either.

  • by Linc Davis,

    Linc Davis Linc Davis Jul 26, 2016 2:55 PM in response to Dalone55
    Level 10 (207,926 points)
    Applications
    Jul 26, 2016 2:55 PM in response to Dalone55

    I'm not sure how to respond to your last comment. Maybe you would be better served by contacting Apple Support. Click the link in the top right corner of this page. Good luck.

  • by Dalone55,

    Dalone55 Dalone55 Jul 26, 2016 3:01 PM in response to Linc Davis
    Level 1 (4 points)
    Servers Enterprise
    Jul 26, 2016 3:01 PM in response to Linc Davis

    Under Password Service Error Log:

    Jul 26 2016 09:33:24 1375us    Requested SASL mechanism not loaded: PPS

    Jul 26 2016 09:33:24 51454us    Server received error -1 during startup.

    Jul 26 2016 09:33:24 51560us    Aborting Password Service.

    Jul 26 2016 09:34:41 721839us    Requested SASL mechanism not loaded: SMB-NT

    Jul 26 2016 09:34:41 721867us    Requested SASL mechanism not loaded: SMB-LAN-MANAGER

    Jul 26 2016 09:34:41 721886us    Requested SASL mechanism not loaded: OTP

    Jul 26 2016 09:34:41 721900us    Requested SASL mechanism not loaded: PPS

    Jul 26 2016 14:15:46 452595us    Registration is finished error: (10, -72000).

    Jul 26 2016 14:15:46 504360us    Registration is finished error: (10, -72000).

    Jul 26 2016 14:17:50 803700us    Requested SASL mechanism not loaded: PPS

    Jul 26 2016 14:17:50 849809us    Server received error -1 during startup.

    Jul 26 2016 14:17:50 849884us    Aborting Password Service.

    Jul 26 2016 14:18:54 766447us    Requested SASL mechanism not loaded: SMB-NT

    Jul 26 2016 14:18:54 766481us    Requested SASL mechanism not loaded: SMB-LAN-MANAGER

    Jul 26 2016 14:18:54 766503us    Requested SASL mechanism not loaded: OTP

    Jul 26 2016 14:18:54 766520us    Requested SASL mechanism not loaded: PPS

  • by Dalone55,

    Dalone55 Dalone55 Jul 26, 2016 3:04 PM in response to Dalone55
    Level 1 (4 points)
    Servers Enterprise
    Jul 26, 2016 3:04 PM in response to Dalone55

    Under Open Directory Log:

    2016-07-26 14:17:41.549891 MDT - AID: 0x0000000000000000 - Adjusting kernel ID cache (100 -> 250) and membership cache (100 -> 500)

    2016-07-26 14:17:41.566481 MDT - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/PlistFile.bundle'

    2016-07-26 14:17:41.940585 MDT - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/FDESupport.bundle'

    2016-07-26 14:17:42.541622 MDT - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleID.bundle'

    2016-07-26 14:17:42.542962 MDT - AID: 0x0000000000000000 - Registered subnode with name '/Local/Default'

    2016-07-26 14:17:42.549940 MDT - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ldap.bundle'

    2016-07-26 14:17:44.155770 MDT - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientLDAP.bundle'

    2016-07-26 14:17:44.159011 MDT - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientPWS.bundle'

    2016-07-26 14:19:02.316536 MDT - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/configure.bundle'

    2016-07-26 14:19:02.320428 MDT - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/keychain.bundle'

    2016-07-26 14:19:21.054215 MDT - AID: 0x0000000000000000 - 325.3606 - Client: servermgrd, UID: 0, EUID: 0, GID: 0, EGID: 0

    2016-07-26 14:19:21.054215 MDT - AID: 0x0000000000000000 - 325.3606, Node: /Local/Default, Module: PlistFile - unable to update FDE password - missing critical information

    2016-07-26 14:28:48.217787 MDT - AID: 0x000000000000136F - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ActiveDirectory.bundle'

    2016-07-26 15:08:43.081954 MDT - AID: 0x0000000000000000 - 457.9276 - Client: Server, UID: 507, EUID: 507, GID: 20, EGID: 20

    2016-07-26 15:08:43.081954 MDT - AID: 0x0000000000000000 - 457.9276, Node: /Local/Default, Module: PlistFile - unable to update FDE password - missing critical information

    2016-07-26 15:38:39.935806 MDT - AID: 0x0000000000000000 - 457.13257 - Client: Server, UID: 507, EUID: 507, GID: 20, EGID: 20

    2016-07-26 15:38:39.935806 MDT - AID: 0x0000000000000000 - 457.13257, Node: /Local/Default, Module: PlistFile - unable to update FDE password - missing critical information

    2016-07-26 15:38:41.038095 MDT - AID: 0x0000000000000000 - 457.13280 - Client: Server, UID: 507, EUID: 507, GID: 20, EGID: 20

    2016-07-26 15:38:41.038095 MDT - AID: 0x0000000000000000 - 457.13280, Node: /Local/Default, Module: PlistFile - unable to update FDE password - missing critical information

  • by Dalone55,

    Dalone55 Dalone55 Jul 26, 2016 3:08 PM in response to Linc Davis
    Level 1 (4 points)
    Servers Enterprise
    Jul 26, 2016 3:08 PM in response to Linc Davis

    Apple seems to have withdrawn from the Customer Support side of their business. Of course, I'm not sure how much customer support you can provide for a $20 program.

     

    All I was saying was that the program was intended to be easy to use, and it has been for the most part. It seemed odd to lose screen sharing at this time.

  • by Linc Davis,Solvedanswer

    Linc Davis Linc Davis Jul 26, 2016 3:40 PM in response to Dalone55
    Level 10 (207,926 points)
    Applications
    Jul 26, 2016 3:40 PM in response to Dalone55

    Many Open Directory problems can be resolved by taking the following steps. Please test after each one that you haven't already taken, and back up all data before making any changes.

    1. The OD master must have a static IP address on the local network, not a dynamic address. It must not be connected to the same network with more than one interface; e.g., Ethernet and Wi-Fi.

    2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.

    3. The primary DNS server used by the server must be itself, unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.

    4. If you have accounts with network home directories, make sure the URL's are correct in the user settings. A return status of 45 from the authorizationhost daemon in the log may mean that the URL for mounting the home directory was not updated after a change in the hostname or in the file-sharing protocol (from AFP to SMB or vice versa.) If the server and clients are all running OS X 10.10 or later, directories should be shared with SMB rather than AFP.

    5. Follow these instructions to rebuild the Kerberos configuration on the server.

    6. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.

    In the case of a self-signed certificate, create a trust profile in Profile Manager and deploy it on the clients. On the server, you may need to create the folder

    /etc/openldap/certs

    and put a copy of the server's certificate in it; for example:

    /etc/openldap/certs/server-name

    Also add a directive to the file

    /etc/openldap/ldap.conf

    of the form

    TLS_CACERT /etc/openldap/certs/server-name

    7. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.

    8. Reboot the master and the clients.

    9. Don't log in to the server with a network user's account.

    10. Disable any internal firewalls in use, including third-party "security" software.

    11. If you've created any replica servers, delete them.

    12. If OD has only recently stopped working when it was working before, you may be able to restore it from the automatic backup in /var/db/backups, or from a Time Machine snapshot of that backup.

    13. If there are slapd errors in the log, try the following steps.

    Turn off Open Directory in the Server app.

    Enter in a shell:

    cd /var/db/openldap
    sudo -s
    db_recover -c -h authdata
    db_recover -c -h openldap-data

    Turn Open Directory back on.

    14. Reset the password policy database:

    sudo pwpolicy -clearaccountpolicies

    15. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. In some cases, you may have to use the shell to delete the server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.

  • by Dalone55,

    Dalone55 Dalone55 Jul 26, 2016 4:03 PM in response to Linc Davis
    Level 1 (4 points)
    Servers Enterprise
    Jul 26, 2016 4:03 PM in response to Linc Davis

    The first clue you gave actually solved my problem. My client computer was connected with both ethernet and WiFi. I tested a connection from another client and it immediately connected. So I looked at  my own client computer and discovered the offense. Thank you.

     

    Now, I will go down the list and check all the other items to be on the safe side.

     

    Thanks again.