10.5.8 server open directoy replica to master

Similar Messages

• Creating Open Directory Replica fails with Server Admin Error Value 1127

  Hallo,
  I have seen a lot of similar threads here and they were helpful up to a certain point, but in the end, they did not solve my problem.
  Currently, it comes down to this. The Server Admin Error message ist really meaningless and I could not find a single for the error value on the whole wide web. As such, I switched to the command line versions of the tools involved to geht more meaningful results. It worked. Specifically, creating a replica of an openldap master means using slapconfig.
  When executing
  slapconfig -createreplica master.ourdomain.com diradmin
  as root on the prospective replica machine, I get the following error message:
  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  That makes perfect sense to me, but how is it meant to work then?
  Executing slapconfig as admin tells me that this tool is to be executed as root. On the other hand, root login via ssh is not allowed in Mac OS X by default, which seems fine to me. I even changed /etc/sshd_config on the Open Directory Master machine to "PermitRootLogin yes". However, neither reloading ssh using launchctl nor restarting the whole server made this setting operational. Trying to login from command line as root still tells me:
  root login is not permitted to this machine via public key authentication.
  While this is the current state where I need help urgently, I changed some other things before. I tell about to exclude these issues as possible reason of failure. I got this message for quite a while:
  Replica Setup failed : This machine does not have a valid computer name
  I was sure, this machine meant the target machine, the open directory master, because the domain had changed there once before I had taken over responsibility as an admin in this environment. And in fact, changeip disguised an issue there. The command proposed by changeip to fix the situation did not seem appropriate because this machine is multihomed with a public and a private IP adress. Proper name resolution is available for both interfaces including reverse lookup. I dont like this setup, but it was the only way to get mail service running smoothly. Running changeip on the machine itself using these arguments
  changeip /LDAPv3/127.0.0.1 internalIP internalIP old.ours.com current.ours.com
  reported success in updating password server, open directory, both interfaces, hostconfig (which in fact did not change) and samba. It reported an issue with kadmin which is related to Kerberos (we dont use Kerberos yet).
  Changing the hostname of the server using changeip did not solve the issue. I then found the hint to check with scutil. This showed that the Hostname was not set on the prospective replica machine. (A question aside: in how many place is the hostname stored? The traditional /etc/hostname has gone, but seems to be replaces with several other configuration files and databases. I cant see this as an advantage). Setting the hostname using scutil worked fine. However, it did not solve the problem either. At least, slapconfig now started to complain about not being able to log in as root instead of failing from the start.
  I also checked all log files on bboth machines that might have to do with openldap, as there are /var/log/slapd.log, /var/log/system.log and /Library/Log/slapconfig.log. I also checked the log of th layer on top of openldap which is /Library/Log/DirectoryService.server.log. None of them revealed anything noticeable beside a lot of of entries that I have googled in the last few hours and which all dont seem to be associated with the problem in question.
  I will take a break now, but I have to fix this until tomorrow and I hope to get the ultimate hint from you, dear reader.
  Thanks and bye, Christian Völker

  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  Initial OD replication takes place via 'ssh'. If you have 'sshd' configured on the OD Master to authenticate with public keys then the OD replica will not be able to communicate with the OD Master via 'ssh'. You must configure the OD Master to use 'ssh' with password authentication and root login enabled.
  Demote the replica back to standalone. Stop any services that you may have running on the primary network interface. Then stop any services that you may have running on the secondary network interface. In the 'Network' System Prefpane remove the IP number from the secondary interface then deactivate the secondary network interface.
  Assign the private IP address and hostname that you wish to use for the replica to the primary network interface. Assign the 'public' IP number to the secondary interface. Check the DNS to see that the IP address and hostname for the primary network interface resolve both forward and reverse for the hostname of the replica that you have chosen. If it does not, fix your DNS before proceeding.
  In the 'Sharing' System Prefpane, change the name of the machine to the hostname (server.domain.tld) of the replica that you have chosen. Then use 'changeip -checkhostname' to see if the IP/hostname matches. Fix it if it doesn't.
  Then configure the /etc/sshd_config file on the OD master like this:
  \# Authentication:
  PermitRootLogin yes
  PasswordAuthentication yes
  PubkeyAuthentication no
  and the /etc/ssh_config file on the OD replica like this:
  PasswordAuthentication yes
  PubkeyAuthentication no
  Then from the OD replica as the 'root' user issue:
  slapconfig -createreplica <ODMasterIPorFQDN> <diradmin user>
  Make sure that the 'diradmin' user's password contains only alpha-numeric characters -no 'option-characters' or symbols, change it first if it does. Once the process completes, reactivate the secondary interface for the 'public' IP and check the configuration of services that will be using that IP, then start your other services. Secure the 'ssh' service on both machines to disable password authentication and 'root' logins.

• Synchronizing multiple Mac Mini Server Open Directories across branch offices

  Greetings from Central Asia -
  The non-profit that I work with has been undergoing a long-overdue IT upgrade and we recently purchased some Mac Mini Servers (still running Snow Leopard Server) to act as the core of our network across our 3 offices in 3 different cities.
  We have employees moving between offices regularly, so I'm hoping to find a way to synchronize our user database between our head office and our branch offices instead of creating separate databases in each location.  We use RADIUS and pfSense with a CaptivePortal for controlling who has internet access as well as have file shares, so keeping user database management to a minimum is an ideal.
  I come from a mostly Microsoft Domain background with regards to these things so I'm not entirely sure where to start.  Hopefully some hopeful folks here will steer me in the right direction!
  I have a (mostly) unrelated question though - OS X Server seems to have two separate user databases - the "local" DB and the LDAP/OpenDirectory DB.  Is there a way to make these function together? When creating users and assigning them to groups, which is best practice to use? How do I give an LDAP/OD user login rights to the server?
  Thanks in advance,
  Tim

  I would prefer to keep the two databases seperate, with the local database providing a few specific users with access when OD is inaccessable.
  The local database is basically a self-hosted LDAP server. 
  The local and OD databases do function with the appearance of one single user account presentation at login and for typical operations, too.
  Do keep all of the usernames unique; the local users, as well as the OD users.
  For your configuration, the usual pattern here is one or more open directory replicas in each lobe of the network.
  These replicas then coordinate with the master copy among themselves.  You'll have one distributed copy, but the lobes won't be tied to authentication across what may or may not be an entirely stable network; users authenticate off the local replica.
  There are also folks that use Microsoft Active Directory as the back-end for Mac OS X, as well; there are various means to this end, including what is known as the magic triangle configuration.
  As for learning more about OD, I'd read the Snow Leopard Server Open Directory administration documentation as a starting point.  The Lion Server documentation is thin.
  The Mac Enterprise Mailing List archives can also be enlightening; that's probably the most concentrated source of information on more complex management environments.

• BEA-000386 ..EmbeddedLDAPException:Unable to open initial replica url error

  Hi,
  We defined a admin server and many managed servers in one domain. There is a managed server (Primary server we called) located in one Windows2003 machine that hosting the admin server. All servers communicate with each other under SSL protocol and we made self-signed digit cert for them(There are two jks files to keep the keystore and certs). Those servers were already running for some days. Then there might be a bug to cause the Primary server stoped and atuomatically restarted several times. When it restarted again, there is an error just like below.
  <1255720121758> <BEA-090171> <Loading the identity certificate and private key stored under the alias weblogic from the JKS keystore file D:\oracle\ConfigurationChangeConsoleServer\bea\wls\server\lib\weblogicOCC.jks.>
  ####<Oct 16, 2009 3:08:41 PM EDT> <Notice> <Security> <nedccccorp1> <PrimaryServer> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1255720121899> <BEA-090169> <Loading trusted certificates from the JKS keystore file D:\oracle\ConfigurationChangeConsoleServer\bea\wls\server\lib\weblogicOCCTrust.jks.>
  ####<Oct 16, 2009 3:08:41 PM EDT> <Info> <WebLogicServer> <nedccccorp1> <PrimaryServer> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1255720121899> <BEA-000307> <Exportable key maximum lifespan set to 500 uses.>
  ####<Oct 16, 2009 3:08:41 PM EDT> <Notice> <Security> <nedccccorp1> <PrimaryServer> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1255720121915> <BEA-090169> <Loading trusted certificates from the jks keystore file D:\oracle\ConfigurationChangeConsoleServer\bea\wls\server\lib\weblogicOCCTrust.jks.>
  ####<Oct 16, 2009 3:09:29 PM EDT> <Critical> <WebLogicServer> <nedccccorp1> <PrimaryServer> <WrapperSimpleAppMain> <<WLS Kernel>> <> <> <1255720169322> *<BEA-000386> <Server subsystem failed. Reason: weblogic.ldap.EmbeddedLDAPException: Unable to open initial replica url: https://nedccccorp1.mycompanyname.com:8090/bea_wls_management_internal2/wl_management*
  weblogic.ldap.EmbeddedLDAPException: Unable to open initial replica url: https://nedccccorp1.mycompanyname.com:8090/bea_wls_management_internal2/wl_management
  at weblogic.ldap.EmbeddedLDAP.getInitialReplicaFromAdminServer(EmbeddedLDAP.java:1319)
  at weblogic.ldap.EmbeddedLDAP.start(EmbeddedLDAP.java:221)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  java.net.ConnectException: Tried all: 2 addresses, but could not connect over HTTPS to server: nedccccorp1.mycompanyname.com port: 8090
  at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:284)
  at weblogic.net.http.HttpsClient.openServer(HttpsClient.java:502)
  at weblogic.net.http.HttpsClient.New(HttpsClient.java:566)
  at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:339)
  at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:408)
  at weblogic.ldap.EmbeddedLDAP.getInitialReplicaFromAdminServer(EmbeddedLDAP.java:1296)
  at weblogic.ldap.EmbeddedLDAP.start(EmbeddedLDAP.java:221)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >
  You know, the https://nedccccorp1.mycompanyname.com:8090 is the host name and port for admin server.
  we want to know what does *<BEA-000386> <Server subsystem failed. Reason: weblogic.ldap.EmbeddedLDAPException: Unable to open initial replica url: https://nedccccorp1.mycompanyname.com:8090/bea_wls_management_internal2/wl_management* mean?
  Thanks in advance
  Eternal

  try starting the Managed Server this way..
  $ . startManagedServer.sh <Managed Server name>

• OSX 10.8 Server as a Replica of OpenLDAP on a Linux Box?

  Is it still possible to make OSX Server a replica of a Linux OpenLDAP Server?  I have a Linux Server which has always provided LDAP authentication to our macs (currently running 10.6).  We have two 10.6 servers which are replicas of that server, the macs then get their settings from those servers.  I just picked up a 10.8 server and when I try to set it up as a replica I get an error that states they aren't compatible versions of MacOS.  Has anyone successfully setup an OSX server as a replica of an OpenLDAP Server?
  Thanks in advance,
  John

  I will just warn you here that it is often very difficult to make an Open Directory server unless all computers are running identical version numbers of Open Directory.  So if you're having trouble with this make sure you are running the same version on all your platforms.
  This is not true for the client machines, just to make sure that the Master and Replicas all play nice with one-another.

• Keeping a simple server open/listening for more than one connection

  Can someone please help me with a problem I am having. I'm running a server that accepts requests and processes data from a client. This program works FINE for one connection but as soon as I send the info to the server the connection closes and I have to manually restart the server to receive another connection from a client. I want to be able to keep the server open and accept multiple requests from the client without having to restart the server.java. I've looked in the forum and found some useful stuff but I still get this same error:
  Address in use: JVM_Bind
  Error during serialization
  Press any key to continue...
  I have included the code to my server.java file below. Like I said, it works perfectly for one connection but then closes down. Can anyone tell me where I need to add the code to make it stay open or if I even can. Seems unlogical that it wouldn't be able to. I'm just at a dead end on how to do it. Thanks in advance.
  import javax.swing.*;
  import java.awt.*;
  import java.awt.event.*;
  import java.io.*;
  import java.net.*;
  import java.util.*;
  public class Server extends JApplet{
  * Create the serversocket and use its stream to receive serialized objects
  public void init(){
  ServerSocket ser = null;
  Date d = null;
  try {
  ser = new ServerSocket(8020,10);
  * This will wait for a connection to be made to this socket.
  Socket soc = ser.accept();
  InputStream o = soc.getInputStream();
  ObjectInput s = new ObjectInputStream(o);
  String str = (String) s.readObject();
  d = (Date) s.readObject();
  final String nametop = soc.getInetAddress().getHostName();
  name n = new name(nametop,str);
  n.name = soc.getInetAddress().getHostName();
  JOptionPane.showMessageDialog(null,"There is a problem at station " + n.name + ".\n\nProblem:\n" + n.problem + "." ,"Problem",JOptionPane.ERROR_MESSAGE);
  System.out.println(d);
  System.out.println(n.name);
  System.out.println(n.problem);
  s.close();
  catch (Exception e) {
  System.out.println(e.getMessage());
  System.out.println("Error during serialization");
  System.exit(1);
  }//end of server
  // Create a main method
  public static void main( String args[] )
  //String name = soc.getInetAddress().getHostName();
  // create a window in which applet will execute
  JFrame appWindow = new JFrame("Problem Report");
  // create an instance of the applet
  Server app = new Server();
  // set the window size
  appWindow.setSize( 400, 400 );
  // add applet to window
  appWindow.getContentPane().add( app );
  // Simulate the normal startup sequence for an applet
  app.init();
  app.start();
  appWindow.show(); //calls paint()
  // add window close event handler
  appWindow.addWindowListener(
  new WindowAdapter() {
  public void windowClosing( WindowEvent e ) {
  System.exit( 0 );
  }//end of main
  }

  Hi! I suggest you to use different thread to realize a server functionality.
  First one server.java that has a main method and create at least two threads. One thread listens to the incoming connection request and stores the locally generated socket object into an static vector. The second thread will always look into this static vector. If there are sockets object in the vector, the second thread will take it out and process the connection request. These two threads should always be alive. The first thread lives in a endless loop while listening to the incoming connection request. The second thread is either waiting on the static vector or processing incoming connection request.
  If the expected incoming connection request will be too many for only one thread to process, you can create more threads in server.java at the beginning and they will all swith between two status: looking in the static vector or processing incoming connection request!
  Hope this will be help for you!

• SSIS Package will only run as SQL Agent Job when I have remote desktop to server open.

  Hey guys, so I have another problem to add to the already massive 'SSIS/SQL Server Agent Job' pile. After days of searching, I can't seem to find anything specific to my problem though.
  The setup is as follows: a SSIS package that refreshes and saves excel files that are hosted on a server. The package runs fine on the local machine, using BIDS on the server, and will even work as a SQL Agent Job on the server IF there is a remote
  desktop connection to the server. To elaborate, if I simply run the job as you would normally do it will fail and give the below error. If I run the job while either myself, or a different machine, has a remote desktop connection to the server where the
  job is scheduled - it will run successfully.
  Below is the error from the History File of the job. Any help would be greatly appreciated.
    Source: Refresh Excel and Save      Description: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Runtime.InteropServices.COMException (0x8000401A): Retrieving
  the COM class factory for component with CLSID {00024500-0000-0000-C000-000000000046} failed due to the following error: 8000401a.     at ST_79772452677f4de1852d5ffbba3e5232.csproj.ScriptMain.ExcelRefresh(String FileName)    
  at ST_79772452677f4de1852d5ffbba3e5232.csproj.ScriptMain.Main()     --- End of inner exception stack trace ---     at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct&
  sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)     at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)    
  at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)     at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags
  invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     at System.RuntimeType.InvokeMember(String name, BindingFlags bindingFlags, Binder binder, Object target, Object[] providedArgs, ParameterModifier[] modifiers, CultureInfo
  culture, String[] namedParams)     at System.Type.InvokeMember(String name, BindingFlags invokeAttr, Binder binder, Object target, Object[] args, CultureInfo culture)     at Microsoft.SqlServer.Dts.Tasks.ScriptTask.VSTATaskScriptingEngine.ExecuteScript()
  UPDATE:
  In my previous post the Identity in DCOM Config file for Microsoft Excel was set as The Interactive User. The job was working only when I had a remote connection to the server open.
  If I set the Identity to 'This User' and use the username and password of the server login account, it will work as a scheduled job without needing an open remote connection to the server. So it works, great! but I have reservations setting this
  for all instances of Excel for the server. I'm sure other users have different accounts they use for running Excel. Any suggestions around this?

  Hi LiamSexton,
  It should be the server-side Automation of Office issue described in the following KB article:
  http://support.microsoft.com/kb/257757 
  Microsoft does not currently recommend, and does not support, Automation of Microsoft Office applications from any unattended, non-interactive client application or component (including ASP, ASP.NET, DCOM, and NT Services), because Office may exhibit
  unstable behavior and/or deadlock when Office is run in this environment.
  User Identity: Office applications assume a user identity when the applications are run, even when Automation starts the applications. The applications try to initialize toolbars, menus, options, printers, and some add-ins based on settings in the user
  registry hive for the user who launches the application. Many services run under accounts that have no user profiles (such as the SYSTEM account or the IWAM_[servername] accounts). Therefore, Office may not initialize correctly on startup. In this situation,
  Office returns an error on the CreateObject function or the CoCreateInstance function. Even if the Office application can be started, other functions may not work correctly if no user profile exists.
  To work around the issue, you can refer to the following alternative introduced in the article:
  Most server-side Automation tasks involve document creation or editing. Office 2007 supports new Open XML file formats that let developers create, edit, read, and transform file content on the server side. These file formats use the System.IO.Package.IO
  namespace in the Microsoft .NET 3.x Framework to edit Office files without using the Office client applications themselves. This is the recommended and supported method for handling changes to Office files from a service.
  Regards,
  Mike Yin
  TechNet Community Support

• "GlassFish Server Open Source Edition 3.1" ... When it will be available?

  I am planning to start my project on GlassFish I am desired in JSF2.0 which means OI need GlassFish v3.x & I need scalability & high-availability, i.e. clustering support which means GlassFish v3.1. "GlassFish Server Open Source Edition 3.1" ... When it will be available? Is there another commercial edition that covers both JSF2.0 & Clustering ?

  I am planning to start my project on GlassFish I am desired in JSF2.0 which means OI need GlassFish v3.x & I need scalability & high-availability, i.e. clustering support which means GlassFish v3.1. "GlassFish Server Open Source Edition 3.1" ... When it will be available? Is there another commercial edition that covers both JSF2.0 & Clustering ?

• Can't Connect OD Replicas to Master anymore

  I was running an OD Master with 2 Replicas fine for quite some time, all running Server 10.4.6. I needed to change the IP address on one of the Replicas, changed the ip address in the Network pane, then ran the changeip script, but the next time the replica synced with the Master, it brought down OD on the Master.
  Attempts to log in to the Master with Workgroup Manager failed with a -14002 error. I mistakenly thought that I had corrupted the Master and Replica as this error reoccurred after reboot (unfortunately I later discovered that I probably just had to run slapconfig -startldapserver and everything probably would have been fine) and in the interest of changing one of my Replicas into a Master (so I didn't lose all my user data), I demoted the original Master to Standalone, promoted the remaining/intact Replica to Master, attempted to replicate from the "new" Master and brought down the remaining [promoted] Replica in a similar manner.
  I demoted all servers to Standalone, re-promoted my original Master to Master, re-imported my user/group/computer data into Workgroup Manager on the Master, then demoted the original replicas to Standalone, re-promtoted them to Replica, then tried to connect to the Master and encountered the same problem (Replica would get part way through the replication process, specifically around the point where it shuts down the LDAP master, and the server would automatically be kicked down to Standalone status).
  I assumed that the original Replica whose IP address I had changed may be causing the problem, so I reformatted it with a clean copy of Server, promoted it to Replica and tried to connect with the Master, and had exactly the same problem.
  So, I am unable to connect Replicas to my original Master. The Master operates fine by itself, and I have now promoted the Replicas to Masters to host their local user data, which also works fine. I would however like to convert these back to Replicas so I don't have to manage 3 sets of user data.
  Not being a UNIX guru, my assumption is that there are some lingering replication config/data files on the original Master that are preventing Replicas from being connected. I have removed /var/db/authserver/authserverreplicas from the Master, there are still 4 other files left in the /var/db/authserver path - authservermain, authserverreplicas.local, and two syncfiles dated two months ago. I'm reluctant to remove them because I don't know whether they're used in the normal operation of my now-functional OD Master.
  If I eliminate these files (or any others, by your suggestions) can I start with a clean slate insofar as replication from my Master is concerned?
  2 x Power Mac G5 2.3 Dual Cores (Main & Replica) + Power Mac G4 (2nd Replica)   Mac OS X (10.4.6)  

  If you ever change the ip address again, make sure to get old and new DNS records set up properly, then run the 'changeip' command, then change the IP in network prefs.
  I was running an OD Master with 2 Replicas fine for
  quite some time, all running Server 10.4.6. I needed
  to change the IP address on one of the Replicas,
  changed the ip address in the Network pane, then ran
  the changeip script, but the next time the replica
  synced with the Master, it brought down OD on the
  Master.
  MacBook Pro   Mac OS X (10.4.6)  

• Modify vendor number when replicating vendor master data from ECC to SRM

  Hi,
  Is there a way  to modify vendor number(manually input vendor number e.g. from a file) when replicating vendor master data from ECC to SRM using the vendor master data user exit (SAPMF02K)?
  Does anyone have documentation on the user exit, how do I use it??
  Thanks and Regards'
  David

  Hi David,
  Please go through the link below:
  [Enhancement SAPMF02K Vendor Master Data  - question about LIFNR;
  Regards
  Anirban

• Open Directory Replica Over VPN

  Hey All,
  I've got two servers, one in the office running as our Open Directory Master and one that I've placed in a remote data centre as our new web/e-mail box that I'm hoping to make a OD Replica before I move these services out to it.
  After a lot of blood/sweat/tears/coffee I was able to get it connected back to the office over site-to-site VPN with our Linksys RV082 in the office and using raccoon on the remote Tiger Server with the help of s2svpnadmin.
  I've got DNS configured on both and can ping back and forth, resolve back and forth, the VPN tunnel is running quite beautifully as if they were right beside each other on the same switch.
  The remote is on the 192.168.4.x subnet and our internal is on the local 192.168.1.x subnet. Really works well.
  But...
  When I try to make the remote box a replica of our OD Master things seem to go well, but shortly after it's done the initial 'replication' the remote box reverts back into standalone mode and I can't login to it using any directory users. (The local OD Master stays humming along just fine)
  I've found this post that mentions a very similar situation:
  http://discussions.apple.com/thread.jspa?threadID=1173913&tstart=221
  Basically it appears that the Directory Service doesn't like to talk over Tiger Server's own VPN implementation.
  I tried replicating the issue on a remote client's Tiger xServe connecting to their SonicWall and I was able to replicate over to them just fine and it sticks, so it makes me think it's definitely something about the VPN service on Tiger Server.
  This remote box is in a data centre so I want to avoid having to buy and install a dedicated hardware device to solve this problem if I can (not even sure if they'd let me). It seems silly that they wouldn't have tested this configuration as I have to expect that it would be a common one.
  Any help or insight you could offer would be invaluable! Thanks!

  Hey Leif,
  The remote box has a public IP and then I've created an internal duplicate running at 192.168.4.1 with itself as the 'router/gateway'. This seems to work.
  I can ping 'to' the remote box from the office side over the VPN tunnel by pinging '192.168.4.1'.
  And from the remote box I can ping back to the office but only after I add a route:
  route add -net 192.168.1.0/24 192.168.4.1
  ...on the remote machine.
  After that I can get traffic back and forth. It seems to work perfectly.
  I can connect using just about any service I want over the VPN, ex. AFP and things work as if the box was in the office, it's nice.
  My OD Master on the local side is also my Primary DNS Server, the remote box doubles as a Secondary DNS Slave.
  I use views in my DNS to handle both private and public traffic (we're a small business so getting the most out of our gear is important), I can ask both boxes about themselves in both public and private views and they respond correctly.
  Box A: (In The Office)
  (Internal)
  boxa.domain.com has address 192.168.1.170
  170.1.168.192.in-addr.arpa domain name pointer boxa.domain.com.
  (External)
  boxa.domain.com has address 215.25.xx.xx
  xx.xx.25.215.in-addr.arpa domain name pointer boxa.domain.com.
  (Testing Localhost)
  localhost has address 127.0.0.1
  1.0.0.127.in-addr.arpa domain name pointer localhost.
  Box B: (In The Datacentre)
  (Internal)
  boxb.domain.com has address 192.168.4.1
  1.4.168.192.in-addr.arpa domain name pointer boxb.domain.com.
  (External)
  boxb.domain.com has address 216.46.xx.xx
  xx.xx.46.216.in-addr.arpa domain name pointer boxb.domain.com.
  (Testing Localhost)
  localhost has address 127.0.0.1
  1.0.0.127.in-addr.arpa domain name pointer localhost.
  I'm convinced it's something on the remote box as I can get the replication to work reliably when trying another box whose VPN is handled by a dedicated device. I've seen posts like this one:
  http://blog.aaronmarks.com/?p=31
  That seem to discuss similar issues.

• OS X Server Open Directory Remote Login

  In short, I can't bind a remote machine to authenticate users at the remote location. I can get the machine to initially setup using RFC2307 search and mappings. Once I let that, "marinate" for a bit. I can then go in, change the mappings to Open Directory, and all will work. However, that doesn't persist across reboots. The only thing that will persist across reboots is RFC2307 search and mappings. But with only RFC2307, I don't get home directory access. In the above scenario, when I switch it to Open Directory, I can get home directory access. But, again, not feasible if doesn't persist across reboot.
  It works flawlessly in house / local LAN so far. Although this environment is being built from ground up as we speak. So much testing has yet to be done. This is just one big hurdle that came along.
  I sincerely appreciate any one's help or advice that could point me in the right direction to achieve this goal.
  I should note, I have check all DNS records, connectivity, but am willing to try anything again.
  Thanks in advance!!!

  Describe for me your network.  When you say remote location, do you mean two physical locations separated by distance that are connected via a VPN tunnel?  or do you mean that you punched some holes in a firewall to attempt to allow the clients to bind to the server?  I am hoping the first option.
  If you have a VPN tunnel between the two locations and DNS is available on both sides of the fence, you likely don't need to define the mappings.  I tend to leave the option set to "from server" and I've never run into any issues. 
  When you are binding, are you using the simple bind via System Preferences or are you using Directory Utility?  Are you performing authenticated binds or unauthenticated binds?
  If you have two locations, Main office 10.0.0.0/24 and Remote office 10.0.10.0/24.  Make sure that the Remote side is using DNS that resolve to devices in Main.  For example, if the server is at 10.0.0.10 and it is the DNS server, then the clients on the 10.0.10.0/24 network should be hitting 10.0.0.10 for name resolution (unless you have replicated DNS to the 10.0.10.0/24 network.
  Since you are building this from scratch, you might want to consider using two OD servers, Master and Replica, placing a replica in the remote office and then using OD Locales to better direct your clients.
  Reid
  Apple Consultants Network
  Apple Professional Services
  Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

• Server migration - updating Replica Tree?

  Dear All,
  I've just moved our server to a new location and new IP, and have made all the neccessary changes (dns, etc) to get all functioning fine and connected to the web - but now that I'm onto network configuration, I see that the IP/hostname entry in the Server Administrator's "Open Directory/General/replica tree" tab are still the old ones. Is there any easy way to change this - without losing user information?

  Answering my own question again. The 'usual' linux way of removing old replica addresses is to use "slapconfig -removereplica xx.xx.xx.xxx", but Leopard's binding LAPD to the passwords directory (managed by Workgroup Manager) makes doing this without further authentification impossible.
  My problem was twofold because after we had moved our server from one place/IP to another, someone forgot to rebuild Open Directory, so I had to find all instances of our old IP address within and replace it with the new one. The server was still operating till then thanks to DNS lookups, but the extra lookup time when OD came to the inactive old addresses probably slowed things down.
  Caution: for one not familiar with the workings of Open Directory, this is not a task easy for the queasy. Read everything below before trying anything.
  So we have to use Workgroup Manager. Login as the Directory Administrator, then go to Preferences and activate the 'Show "All Records" tab and inspector. A 'target' tab should appear.
  In the drop-down menu just underneath the (selected) target tab, select 'Config'. Inspect everything in the lefthand column for traces of your old IP/Hostname and remove/update them - I found entries in both XML files under 'Kerberos Client', on the top-level (appearing to the right); ;in both XML files under 'ldapreplicas'; towards the bottom of both XML files under 'macosxodconfig'; on the top-level under 'password' server, but pay particular attention to the entries in both XML files there - not only do you have to update the old IP addresses there, you have to ensure that the DNS <key> (under <dict>) in both reflect the actual hostname. Of course you have to hit save after every modification above.
  ======
  I took my depart from the this piece of advice - but as I am NO Open Directory expert, and I am not sure of the importance of the XML files modified above (I get the impression that a few are just preferences that will be re-generated anyways), I would still appreciate any advice or critiques about the steps above - It worked for me until now (the old IP/hostnames are gone and lookups seem to have quickened), but I do not want to mislead anyone reading this.
  Thanks, best.

• Why does a link to zip file on server open a blank web page?

  Using CS6, I created this page:  J & B Computers - Projects I've uploaded 2 zip files and linked them from this page with this code:  <a href="Zip Files/CheckIPApp.zip" target="_blank">Download a zip file of the IP Checking utility</a> When this link is clicked, it opens up a blank tab instead of prompting for a download. I've tried it with and without the target=blank, I've also tried target=new... I've tried it in Chrome and Firefox. I've tried it on different computers. I've searched for an answer for hours...  what the heck is going on? I want the link to open up the save/download box and it just won't... TIA if you have a resolution!

  Since it's a file download, there's no reason to add the target="_blank", I'm guessing your file is 404 for some reason which would give you a blank window per the target.
  Make sure the case structure of the file and link are identical. Servers are case sensitive, a server sees CheckIPApp.zip and checkIPApp.zip as totally different files. Your local OS sees them as the same thing so during local testing it will work, when uploaded, it won't.
  Make sure you've loaded the file onto the server at the exact location specified by the link. It should be in a folder called "Zip Files" that resides on the same directory level as the page that the link is on.
  You may also want to normalize your file names. They should be all lower case alpha-numerics without any spaces (use hyphens or underscores instead) and without special characters ($%&*). You can use DW's Files window to change names and DW will fix the links automatically.

• How to delete the Generated files from application server(open hub)?

  hi experts,
  when i try to execute process chain the DTP it is giving below dump. Exception CX_RSBK_REQUEST_LOCKED logged.
  when i execute the DTP manually and trying to delete the previous request, it is giving for dump ITAB_DUPLICATE_KEY.
  so to delete the generated file from application server, how to delete it for specific dates?
  Information on where terminated
  Termination occurred in the ABAP program "GPD6S3OE0BCVGC6L9DBNVYQARZM" - in
  "START_ROUTINE".
  The main program was "RSBATCH_EXECUTE_PROZESS ".
  In the source code you have the termination point in line 2874
  of the (Include) program "GPD6S3OE0BCVGC6L9DBNVYQARZM".
  The program "GPD6S3OE0BCVGC6L9DBNVYQARZM" was started as a background job.
  and when i check the dump it is point out at below code
  " Populate the lookup table for 0STOR_LOC
  SELECT * from /BI0/TSTOR_LOC
  into CORRESPONDING FIELDS OF table L_0STOR_LOC_TEXT
  FOR ALL ENTRIES IN SOURCE_PACKAGE WHERE
  STOR_LOC = SOURCE_PACKAGE-STOR_LOC.
  but the programme is syntactically correct only.
  how to rectify the issue.
  regards
  venuscm
  Edited by: venugopal vadlamudi on Sep 28, 2010 1:59 PM

  hi experts,
  We have written start routine to get the storage location text and sending to File located at Application server through OPEN HUB.
  here is the code written in the Transformations
  In the global section
  Text for 0STOR_LOC
      DATA: l_0stor_loc_text TYPE HASHED TABLE OF /bi0/tstor_loc
            WITH UNIQUE KEY stor_loc.
      DATA: l_0stor_loc_text_wa TYPE /bi0/tstor_loc.
  and in the code to get the text
  " Populate the lookup table for 0STOR_LOC
      *SELECT * from /BI0/TSTOR_LOC*
        into CORRESPONDING FIELDS OF table L_0STOR_LOC_TEXT
        FOR ALL ENTRIES IN SOURCE_PACKAGE WHERE
                STOR_LOC = SOURCE_PACKAGE-STOR_LOC.
  im sure there is problem with the Routine only. i think i need to change the code if so please provide me the modified one.
  thanks
  venuscm
  Edited by: venugopal vadlamudi on Sep 29, 2010 9:37 AM