Lion Server is killing me!!

Similar Messages

• Update to Mountain Lion Server kills Time Machine Backups

  Okay, here's the scenario:
  Client: 
  MacBook Pro running Mountain Lion
  Server: 
  Mac Mini running Mountain Lion Server using an SSD boot and Promise Pegasus Thunderbolt RAID
  Prior to updating the Mac Mini to Mountain Lion Server (previously just using regular Mountain Lion) I was happily backing up using Time Machine over AFP.  Since the update to Server I get the Time Machine message:
  "The network backup disk does not support the required AFP features."
  The network drive is also no longer available for selection within Time Machine (once it's been deselected).
  Any easy ideas on a fix?

  Time Machine won't back up to Mountain...: Apple Support Communities

• Many Lion Server Problems

  I think I have run into most of the Lion Server issues mentioned so far and perhaps a few self inflicted new ones.
  1) Upgrade from Snow Leopard worked except the migration failed.  Naturally I did not have a backup of the server configuration.
  2) Manual configuration has many problems related to the machine name.  I was using a linux box for DNS and a private LAN DNS name space.  My router is configured to forward many services to my OSX Server box.  Somehow I could not configure Lion Mail to operate.  The machine name, Internet name, local internet name, etc. are very confusing and different things happen depending upon using Server or Server Admin.  In Snow Leopard I could use a command line utility to set the return mail address to my MX record but under Lion I had to eliminate the private LAN name space, configure Lion to be the DNS before I could get e-mail to operate correctly from both IMAP and WEB mail.
  3) Once you attempt to use Open Directory the only way to correct a failed configuration is to re-install from scratch.
  4) If LDAP and the Password process fail to launch then they ping on/off every 10 seconds forever.  Only a re-install from scratch is the fix.  When this happens it appears that the permissions on the boot drive are hopelessly broken.  I do not mess with the permissions but now I am pondering a nightly permissions repair script.
  5) Using self signed certificates seems to cause many problems.  If I use them for the mail server everything is OK.  If I use them for Open Directory I cannot seem to get the other systems to connect.
  6) Under Snow Leopard I could see all users and their pictures on the remote Mac's.  I can't find this on Lion.
  7) Open Directory quit after a week of operation requiring a clean install from my backup.  I turned off Reserve Server Resources.  I hope this helps.
  8) Timeouts on Lion seem to be infinite.  Once one application falls into a timeout you eventually must power cycle the whole machine.
  9) The first time a user users mail I have to force kill it and restart before it performs the initial configuration.  This has happened 3 times so far.
  10) Manually editing user permissions from Finder within the Admin account (i.e. correcting my old user directories to match my new user ID's) is an exercise in futility.  Using the command line seems to be the only reliable way.
  11) I still cannot get profiles to work but I am afraid to try because the server seems to fragile.
  12) Carbon Copy Cloner is a required tool with Lion.  As soon as you have something working, make a fresh backup so you do not have to redownload everything.  I now make a nightly backup of the boot drive with CCC and cron.
  13) Some settings only take affect on a reboot, when you are making/testing changes this causes an interesting phase delay between making a change and observing an effect.
  My system is a Mac Mini with 8GB and 24TB of RAID storage on Firewire.
  It hosts home directories, e-mail, wiki's, etc for my wife & kids.  All data is on the Mini so the other macs at home are bare except for OS and Apps.
  This upgrade has caused more trouble than all other system upgrades I have ever done.  It is making me think seriously about making another stab at LDAP/OD on Linux for my home server.

  You might want to take a look at the much more functional AirPort Utility 5.6 for Mac OS X Lion on a "test" Mac to see if that works better for you. Oddly, 5.6 was released on the same day as AirPort Utility 6.0.
  You can keep both 5.6 and 6.0 on a Mac (You cannot delete 6.0).

• How do i install mysql on my mac mini lion server?

  How do i install mysql on my mac mini lion server?

  I have this error log
  May 27 07:06:35 server servermgrd[13454]: -[AccountsRequestHandler(AccountsSystemConfigurationObservation) registerForKeychainEventNotifications]: SecKeychainAddCallback() status: -25297
  May 27 07:06:35 server servermgrd[13454]: servermgr_ipfilter:ipfw config:Notice:Flushed IPv4 rules
  May 27 07:06:35 server servermgrd[13454]: servermgr_ipfilter:ipfw config:Notice:Flushed IPv6 rules
  May 27 07:10:35 server servermgrd[13454]: No requests in 300 seconds, shutting down
  May 27 07:20:29 server ScreensharingAgent[13999]: [CL_INVALID_DEVICE] : OpenCL Error : Failed to create context! Invalid device
  May 27 07:26:03 server login[14203]: USER_PROCESS: 14203 ttys000
  May 27 07:26:42 server SafariDAVClient[14233]: ServerNotifications: Setting delegate to APSD
  May 27 07:26:43 server SafariDAVClient[14233]: Subscription request completed
  May 27 07:27:58 server SafariDAVClient[14284]: ServerNotifications: Setting delegate to APSD
  May 27 07:27:59 server SafariDAVClient[14284]: Subscription request completed
  May 27 07:29:03 server login[14203]: DEAD_PROCESS: 14203 ttys000
  May 27 07:29:09 server login[14331]: USER_PROCESS: 14331 ttys000
  May 27 07:47:30 server com.mysql.mysqld[15000]: 120527 07:47:30 mysqld_safe Logging to '/usr/local/mysql/data/server.martinhedegaard.dk.err'.
  May 27 07:47:30 server com.apple.launchd[1] (0x7f82db634810.anonymous.nohup[15222]): Bug: launchd_core_logic.c:9394 (25693):0
  May 27 07:47:30 server com.apple.launchd[1] (0x7f82db634810.anonymous.nohup[15222]): Switching sessions is not allowed in the system Mach bootstrap.
  May 27 07:47:30 server com.apple.launchd[1] (0x7f82db634810.anonymous.nohup[15222]): _vprocmgr_switch_to_session(): kr = 0x44c
  May 27 07:47:30 server com.apple.launchd[1] (0x7f82dc9015d0.anonymous.nohup[15223]): Bug: launchd_core_logic.c:9394 (25693):0
  May 27 07:47:30 server com.apple.launchd[1] (0x7f82dc9015d0.anonymous.nohup[15223]): Switching sessions is not allowed in the system Mach bootstrap.
  May 27 07:47:30 server com.apple.launchd[1] (0x7f82dc9015d0.anonymous.nohup[15223]): _vprocmgr_switch_to_session(): kr = 0x44c
  May 27 07:47:30 server com.mysql.mysqld[15000]: 120527 07:47:30 mysqld_safe Starting mysqld daemon with databases from /usr/local/mysql/data
  May 27 07:48:31 server Safari[541]: IPCClient: Server port 0 is invalid; looking it up again...
  May 27 09:06:34 server servermgrd[18040]: -[AccountsRequestHandler(AccountsSystemConfigurationObservation) registerForKeychainEventNotifications]: SecKeychainAddCallback() status: -25297
  May 27 09:06:35 server servermgrd[18040]: servermgr_ipfilter:ipfw config:Notice:Flushed IPv4 rules
  May 27 09:06:35 server servermgrd[18040]: servermgr_ipfilter:ipfw config:Notice:Flushed IPv6 rules
  May 27 09:09:01 server ScreensharingAgent[18184]: [CL_INVALID_DEVICE] : OpenCL Error : Failed to create context! Invalid device
  May 27 09:09:08 server SafariDAVClient[18193]: ServerNotifications: Setting delegate to APSD
  May 27 09:09:09 server SafariDAVClient[18193]: Subscription request completed
  May 27 09:10:34 server servermgrd[18040]: No requests in 300 seconds, shutting down
  May 27 09:29:44 server System Preferences[581]: about to perform command
  May 27 09:29:48 server com.mysql.mysqld[15000]: 120527 09:29:48 mysqld_safe mysqld from pid file /usr/local/mysql/data/server.martinhedegaard.dk.pid ended
  May 27 09:29:48 server com.mysql.mysqld[19056]: 120527 09:29:48 mysqld_safe Logging to '/usr/local/mysql/data/server.martinhedegaard.dk.err'.
  May 27 09:29:48 server com.apple.launchd[1] (0x7f82db62da20.anonymous.nohup[19280]): Bug: launchd_core_logic.c:9394 (25693):9
  May 27 09:29:48 server com.apple.launchd[1] (0x7f82db62da20.anonymous.nohup[19280]): Switching sessions is not allowed in the system Mach bootstrap.
  May 27 09:29:48 server com.apple.launchd[1] (0x7f82db62da20.anonymous.nohup[19280]): _vprocmgr_switch_to_session(): kr = 0x44c
  May 27 09:29:48 server com.apple.launchd[1] (0x7f82dc800da0.anonymous.nohup[19281]): Bug: launchd_core_logic.c:9394 (25693):0
  May 27 09:29:48 server com.apple.launchd[1] (0x7f82dc800da0.anonymous.nohup[19281]): Switching sessions is not allowed in the system Mach bootstrap.
  May 27 09:29:48 server com.apple.launchd[1] (0x7f82dc800da0.anonymous.nohup[19281]): _vprocmgr_switch_to_session(): kr = 0x44c
  May 27 09:29:48 server com.mysql.mysqld[19056]: 120527 09:29:48 mysqld_safe Starting mysqld daemon with databases from /usr/local/mysql/data
  May 27 09:29:49 server System Preferences[581]: status= 0
  May 27 09:29:49 server System Preferences[581]: stat /usr/local/mysql/data
  May 27 09:33:54 server login[14331]: DEAD_PROCESS: 14331 ttys000
  May 27 09:34:12 server com.apple.launchd.peruser.501[456] (com.apple.talagent[494]): Exited: Killed: 9
  May 27 09:34:12 server com.apple.launchd.peruser.501[456] ([0x0-0x3a03a].com.apple.AppleSpell[15293]): Exited: Killed: 9
  May 27 09:34:12 server com.apple.launchd.peruser.501[456] (com.apple.mdworker.pool.0[18053]): Exited: Terminated: 15
  May 27 09:34:12 server loginwindow[98]: DEAD_PROCESS: 98 console
  May 27 09:34:12 server com.apple.dock.extra[19467]: Could not connect the action buttonPressed: to target of class NSApplication
  May 27 09:34:12 server com.apple.dock.extra[19467]: 2012-05-27 09:34:12.356 com.apple.dock.extra[19467:1707] Could not connect the action buttonPressed: to target of class NSApplication
  May 27 09:34:12 server com.apple.dock.extra[19467]: Could not connect the action buttonPressed: to target of class NSApplication
  May 27 09:34:12 server com.apple.dock.extra[19467]: 2012-05-27 09:34:12.357 com.apple.dock.extra[19467:1707] Could not connect the action buttonPressed: to target of class NSApplication
  May 27 09:34:12 server com.apple.dock.extra[19467]: Could not connect the action buttonPressed: to target of class NSApplication
  May 27 09:34:12 server com.apple.dock.extra[19467]: 2012-05-27 09:34:12.357 com.apple.dock.extra[19467:1707] Could not connect the action buttonPressed: to target of class NSApplication
  May 27 09:34:12 server com.apple.dock.extra[19467]: Could not connect the action buttonPressed: to target of class NSApplication
  May 27 09:34:12 server com.apple.dock.extra[19467]: 2012-05-27 09:34:12.358 com.apple.dock.extra[19467:1707] Could not connect the action buttonPressed: to target of class NSApplication
  May 27 09:34:12 server shutdown[19471]: reboot by martinhedegaard:
  May 27 09:34:12 server shutdown[19471]: SHUTDOWN_TIME: 1338104052 753955
  rc.server[ 8 ]: Tuning server for 4 GB (rounded down).
  May 27 09:34:22 localhost bootlog[0]: BOOT_TIME 1338104062 0
  May 27 09:34:33 localhost UserEventAgent[30]: starting CaptiveNetworkSupport as SystemEventAgent built May 25 2011 12:27:35
  May 27 09:34:33 localhost UserEventAgent[30]: CertsKeychainMonitor: configuring
  May 27 09:34:33 localhost UserEventAgent[30]: WirelessAirPortDeviceNameCopy(): no BSD interface name found for object 12551
  May 27 09:34:33 localhost UserEventAgent[30]: CaptiveNetworkSupport:CaptiveSCCopyWiFiDevices:388 WiFi Device Name == NULL
  May 27 09:34:23 localhost com.apple.launchd[1]: *** launchd[1] has started up. ***
  May 27 09:34:32 localhost com.apple.launchd[1] (com.apple.powerd): Unknown value for key POSIXSpawnType: Interactive
  May 27 09:34:32 localhost com.apple.launchd[1] (com.apple.sandboxd): Unknown value for key POSIXSpawnType: Interactive
  May 27 09:34:32 localhost com.apple.launchd[1] (com.apple.xgridd.pcastserver): Bug: launchd_core_logic.c:5193 (25693):2
  May 27 09:34:32 localhost com.apple.launchd[1] (com.apple.xgridd.pcastserver): Path monitoring failed on "/var/pcast/server/xgridd/keepalive": No such file or directory
  May 27 09:34:36 localhost airportd[47]: _processDLILEvent: en1 attached (down)
  May 27 09:34:36 localhost mDNSResponder[31]: mDNSResponder mDNSResponder-320.16 (Mar 17 2012 21:31:16) starting OSXVers 11
  May 27 09:34:36 localhost UserEventAgent[30]: CaptiveNetworkSupport:CreateInterfaceWatchList:2788 WiFi Devices Found.
  May 27 09:34:36 localhost UserEventAgent[30]: CaptiveNetworkSupport:CaptivePublishState:1211 en1 - PreProbe
  May 27 09:34:36 localhost UserEventAgent[30]: CaptiveNetworkSupport:CaptiveSCRebuildCache:81 Failed to get service order
  May 27 09:34:36: --- last message repeated 1 time ---
  May 27 09:34:36 localhost UserEventAgent[30]: CaptiveNetworkSupport:CaptivePublishState:1211 en1 - PreProbe
  May 27 09:34:36 localhost UserEventAgent[30]: CaptiveNetworkSupport:CaptiveSCRebuildCache:81 Failed to get service order
  May 27 09:34:36: --- last message repeated 1 time ---
  May 27 09:34:36 localhost UserEventAgent[30]: CaptiveNetworkSupport:CaptivePublishState:1211 en1 - PreProbe
  May 27 09:34:37 server configd[35]: setting hostname to "server.martinhedegaard.dk"
  May 27 09:34:37 server configd[35]: network configuration changed.
  May 27 09:34:40 server systemkeychain[52]: done file: /var/run/systemkeychaincheck.done
  May 27 09:34:40 server configd[35]: network configuration changed.
  May 27 09:34:40: --- last message repeated 1 time ---
  May 27 09:34:40 server mDNSResponder[31]: D2D_IPC: Loaded
  May 27 09:34:40 server mDNSResponder[31]: D2DInitialize succeeded
  May 27 09:34:40 server com.apple.ucupdate.plist[83]: ucupdate: Checked 1 update, no match found.
  May 27 09:34:40 server com.apple.pfctl[92]: No ALTQ support in kernel
  May 27 09:34:40 server com.apple.pfctl[92]: ALTQ related functions disabled
  HeadlessStartup: Already setup or this is an upgrade so we will not set the password.
  May 27 09:34:40 server emond[108]: SetUpLogs: uid = 0 gid = 0
  May 27 09:34:40 server named[78]: starting BIND 9.7.3-P3 -f
  May 27 09:34:40 server named[78]: built with '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-dependency-tracking' '--prefix=/usr' '--sysconfdir=/private/etc' '--localstatedir=/private/var' '--enable-atomic=no' '--with-openssl=yes' '--with-gssapi=yes' '--enable-symtable=none' 'CFLAGS=-arch x86_64 -arch i386 -g -Os -pipe -gdwarf-2 -D__APPLE_USE_RFC_2292' 'LDFLAGS=-arch x86_64 -arch i386 ' 'CXXFLAGS=-arch x86_64 -arch i386 -g -Os -pipe '
  May 27 09:34:40 server emond[108]: SetUpLogs: opening /Library/Logs/EventMonitor/EventMonitor.error.log
  May 27 09:34:40 server com.apple.SystemStarter[84]: Starting MySQL database server
  May 27 09:34:40 server loginwindow[97]: Login Window Application Started
  May 27 09:34:40 server com.apple.usbmuxd[82]: usbmuxd-268.5 on Jan  5 2012 at 03:34:01, running 64 bit
  May 27 09:34:40 server UserEventAgent[30]: WebUserEventAgent: installed
  May 27 09:34:42 server UserEventAgent[30]: Registered Workstation service - Wellness Guiden Server [3c:07:54:72:75:94]._workstation._tcp.
  May 27 09:34:43 server PasswordService[93]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
  May 27 09:34:43 server PasswordService[93]: -[PasswordServerPrefsObject loadXMLData]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
  May 27 09:34:43 server PasswordService[93]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
  May 27 09:34:43 server PasswordService[93]: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server
  May 27 09:34:43 server named[78]: command channel listening on 127.0.0.1#54
  May 27 09:34:43 server mds[95]: (Normal) FMW: FMW 0 0
  May 27 09:34:44 server com.mysql.mysqld[117]: 120527 09:34:44 mysqld_safe Logging to '/usr/local/mysql/data/server.martinhedegaard.dk.err'.
  May 27 09:34:44 server com.apple.launchd[1] (0x7f82db403900.anonymous.nohup[359]): Bug: launchd_core_logic.c:9394 (25693):2
  May 27 09:34:44 server com.apple.launchd[1] (0x7f82db403900.anonymous.nohup[359]): Switching sessions is not allowed in the system Mach bootstrap.
  May 27 09:34:44 server com.apple.launchd[1] (0x7f82db403900.anonymous.nohup[359]): _vprocmgr_switch_to_session(): kr = 0x44c
  May 27 09:34:44 server com.apple.launchd[1] (0x7f82db62bfd0.anonymous.nohup[360]): Bug: launchd_core_logic.c:9394 (25693):0
  May 27 09:34:44 server com.apple.launchd[1] (0x7f82db62bfd0.anonymous.nohup[360]): Switching sessions is not allowed in the system Mach bootstrap.
  May 27 09:34:44 server com.apple.launchd[1] (0x7f82db62bfd0.anonymous.nohup[360]): _vprocmgr_switch_to_session(): kr = 0x44c
  May 27 09:34:44 server com.mysql.mysqld[117]: 120527 09:34:44 mysqld_safe Starting mysqld daemon with databases from /usr/local/mysql/data
  May 27 09:34:44 server com.apple.launchd[1] (0x7f82dd0023b0.anonymous.nohup[620]): Bug: launchd_core_logic.c:9394 (25693):0
  May 27 09:34:44 server com.apple.launchd[1] (0x7f82dd0023b0.anonymous.nohup[620]): Switching sessions is not allowed in the system Mach bootstrap.
  May 27 09:34:44 server com.apple.launchd[1] (0x7f82dd0023b0.anonymous.nohup[620]): _vprocmgr_switch_to_session(): kr = 0x44c
  May 27 09:34:44 server com.apple.launchd[1] (0x7f82dd0023b0.anonymous.nohup[621]): Bug: launchd_core_logic.c:9394 (25693):0
  May 27 09:34:44 server com.apple.launchd[1] (0x7f82dd0023b0.anonymous.nohup[621]): Switching sessions is not allowed in the system Mach bootstrap.
  May 27 09:34:44 server com.apple.launchd[1] (0x7f82dd0023b0.anonymous.nohup[621]): _vprocmgr_switch_to_session(): kr = 0x44c
  May 27 09:34:45 server freshclam[79]: Can't query current.cvd.clamav.net
  May 27 09:34:45 server freshclam[79]: Invalid DNS reply. Falling back to HTTP mode.
  May 27 09:34:46 server freshclam[79]: Can't get information about database.clamav.net: nodename nor servname provided, or not known
  May 27 09:34:46 server freshclam[79]: Can't read main.cvd header from database.clamav.net (IP: )
  May 27 09:34:47 server rpcsvchost[660]: sandbox_init: com.apple.msrpc.netlogon.sb succeeded
  May 27 09:34:47 server configd[35]: network configuration changed.
  May 27 09:34:48 server servermgrd[88]: servermgr_accounts: noteDirectorySearchPolicyChanged (reopening nodes)
  May 27 09:34:49 server ntpd[77]: proto: precision = 1.000 usec
  May 27 09:34:50 server loginwindow[97]: **DMPROXY** Found `/System/Library/CoreServices/DMProxy'.
  May 27 09:34:50 server com.apple.launchctl.LoginWindow[673]: com.apple.findmymacmessenger: Already loaded
  May 27 09:34:50 server loginwindow[97]: Login Window Started Security Agent
  May 27 09:34:50 server SecurityAgent[682]: Echo enabled
  May 27 09:34:51 server WindowServer[143]: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
  May 27 09:34:51 server freshclam[79]: Current functionality level = 61, recommended = 63
  May 27 09:34:53 server ScreensharingAgent[695]: [CL_INVALID_DEVICE] : OpenCL Error : Failed to create context! Invalid device
  May 27 09:34:54 server screensharingd[694]: 3891612: (connectAndCheck) Untrusted apps are not allowed to connect to or launch Window Server before login.
  May 27 09:34:54 server screensharingd[694]: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
  May 27 09:35:10 server sandboxd[713] ([712]): xscertd(712) deny job-creation
  May 27 09:35:10 server UserEventAgent[30]: CertsKeychainMonitor: ready to process keychain & timer events
  May 27 09:35:48 server servermgrd[88]: getting service list
  May 27 09:35:49 server servermgrd[88]: servermgr_ipfilter:ipfw config:Notice:Flushed IPv4 rules
  May 27 09:35:49 server servermgrd[88]: servermgr_ipfilter:ipfw config:Notice:Flushed IPv6 rules
  May 27 09:36:08 server SecurityAgent[682]: User info context values set for martinhedegaard
  May 27 09:36:08 server SecurityAgent[682]: Login Window login proceeding
  May 27 09:36:08 server loginwindow[97]: Login Window - Returned from Security Agent
  May 27 09:36:08 server loginwindow[97]: USER_PROCESS: 97 console
  May 27 09:36:08 server com.apple.launchd.peruser.501[703] (com.apple.ReportCrash): Falling back to default Mach exception handler. Could not find: com.apple.ReportCrash.Self
  May 27 09:36:08 server com.apple.launchctl.Aqua[757]: load: option requires an argument -- D
  May 27 09:36:08 server com.apple.launchctl.Aqua[757]: usage: launchctl load [-wF] [-D <user|local|network|system|all>] paths...
  May 27 09:36:09 server com.apple.launchd.peruser.501[703] (com.apple.launchctl.Aqua[757]): Exited with code: 1
  May 27 09:36:09 server ScreensharingAgent[773]: [CL_INVALID_DEVICE] : OpenCL Error : Failed to create context! Invalid device
  May 27 09:36:09 server UserEventAgent[30]: CaptiveNetworkSupport:CNSServerRegisterUserAgent:187 new user agent port: 17183
  May 27 09:36:10 server com.apple.dock.extra[802]: Could not connect the action buttonPressed: to target of class NSApplication
  May 27 09:36:10 server com.apple.dock.extra[802]: 2012-05-27 09:36:10.163 com.apple.dock.extra[802:1707] Could not connect the action buttonPressed: to target of class NSApplication
  May 27 09:36:10 server com.apple.dock.extra[802]: Could not connect the action buttonPressed: to target of class NSApplication
  May 27 09:36:10 server com.apple.dock.extra[802]: 2012-05-27 09:36:10.164 com.apple.dock.extra[802:1

• Mountain Lion Server 10.8 DNS ERROR READING SETTINGS

  Hi! Well I changed from windows 2008 server to Mountain Lion Server. So far, I have been able to set up website hosting for one website, and I must say works better than windows server 2008, maybe thats because the mac keeps the drive spun up, while in windows server it was an external drive, whatever the issue mac serves up the site much faster that it comes exploding onto the screen of the searcher.. Then I went to try to set up email, I was totally excited, but I think I did a no no in the dns settings, and now, I cant even see them, I just get "Error Reading Settings" Of course I see things in the log that I should undo, but I cant access the DNS settings at all. Any ideas how I can get to the dns settings so I can undo my booboo? Now it has streched its error self into the file sharing, and I cant access those settings anymore either, so that means I cant set up other websites because I cant give permission to view those folders. I also just got another err saying "Multiple errors occured on this server while processing commands. Just exactly what the heck did I do? I must have REALLY SCREWED THIS THING UP! Also strangely Safari browser no longer acceses the web from the server computer. I THINK I KILLED IT.
  Any Ideas?
  Thanks I really appreciate any tips, I havent got to calendar or vpn, or any fun stuff yet.. Or maybe it might not be fun at all? hahahahahaa!
  Thanks

  I've gotten into this mess as well and Apple solved it for me.
  The Server should be able too lookup itself so running DNS is a good thing, actually the server sets up DNS at install time if it can't find a server to serve it's DNS so it can lookup itself.
  The main error in my case was that there wasn't a NS record pointing the machine itself and that there were some firewall rules preventing DNS lookups. Since there is no way to edit the firewall rules via GUI the engineer manually changed some stuff, but wasn't sure where the problem lies exactly, so he passed it on to another engineer.
  At this point I was already forced to switch to Google Apps for Business and my website was already running at GoDaddy, at much lesser costs and to much lesser frustration I might add.
  Let's face it, Apple has to deliver a better product with the old Server Admin back into place for those who want it for the extra control.
  My servers were running great with Lion (eventually), but Apple just had to remove Server Admin from OS X Server... #their_loss

• Restore Lion OS from Lion Server Time Machine Backup?

  I am running a Intel Imac 2008 clean install SL then Lion upgrade, followed by Lion Server install.  I have multiple home macs, and intnded the server as a way to monitor and restrict kids internet use.  In short, it has changes/screwed up multiple programs, and complicated home sharing issues considerably.  Mail on the server machine has permission problems (cannot send mail, unable to sign), Spotlight in mail is non-functioning, finder spotlight searches are inconsistent, etc.  I want to revert to plain old Lion.
  I have done disk utility/verify disk and verified/repaired permissions, and have 'fiddled' (i'm not an expert) in the keychain/certificates areas, but I think the best solution is a clean install of Lion.  QUESTION:  When I backup to TIme Machine, is there a way to pull a 'Lion' version of my disk image back, and just not upgrade to Server?  I understand I can disable Server and turn off applications in Server, but it doesn't fix my buggy machine.  My options are to back up my 250GB of music, 100GB of photos, 100GB of movies, etc on to external drives, and clean install and then reimport everything, but even that will probably mean I cant reinstall my single user licesnse of MS office, VMware fusion, etc that I didn't buy on the App store.  I'd really love to be able to do this with Time machine.  Any chance?  or do I need to do the dark deed of 2 days of backup? 

  Sorry, I don't mean to be stupid, but I want to be sure.  My impresion of Time machine disk images (I'm not a computer genius, but I'm , lets say, an expert novice) is that disk images (my term for the 'total view' of a computers main disk), differ depending on the OS.  I assume that applications and preferences referenced under SL could not be seamlessly imported into a Lion environment.  I'm assumng that the upgrade to Lion server has irrevocaby altered my startup/main volume into a "Lion Server" volume, and that if I try to pull my applications/data/preferences/mailboxes back onto a fresh Lion interface, it won't work.  Are you saying I'm wrong, and that I can simply erase my disc, clean install Lion via an internet connection, and re-import my "lion Server- altered' stuff back from aLion-server Time Machine disk image, seamlessly, into a Lion OS environment?  Sorry to be so concrete, but my wife will kill me if I %$@ the bed on this.  I appreciatre your help.

• How To Add Second Website In Lion Server 10.7.3

  I currently have Lion Server Running on a Mac Mini, communicating on a  LAN (Intranet) with no Internet access intended at this time. I'd like to host a second website.
  Can that be done? And how?
  Lion Server 10.7.3
  Enabled - File Sharing, Wiki, Website
  Computer Name - apollo
  Host Network - lunar.local
  Server Website - lunar.local
  Thank you

  I'm in the same boat.  No clue why this error keeps popping up but its driving me nuts and appears to be killing my ability to get the OD setup.

• Lion Server and mail push notifications stop after reboot

  Hi, I have a Lion Server mail server setup with push notifications to iOS devices.  Everything works fine until I reboot the server.  At that point none of the iOS devices receive push notifications until I kill their Mail app; once I relaunch it, push notifications start working again to that device until the next reboot.  Has anyone else seen this, and know how to solve it?  Thanks.

  You don't believe me but I just start to close the tons of opened in background apps on my iPhone and when I close all apps the mail push start working just great! Checked it several times!

• How To Install A (Almost) Working Lion Server With Profile Management/SSL/OD/Mail/iCal/Address Book/VNC/Web/etc.

  I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
  Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
  Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
  Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
  DVD>Disk Utility>Erase Disk  [or Recovery Partition>Disk Utility>Erase Partition]
  DVD>Install Lion
  Reboot, hopefully Lion install kicks in
  Update, update, update Lion (NOT Lion Server yet) until no more updates
  System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
  Terminal>$ sudo scutil --set HostName server.domain.com
  App Store>Install Lion Server and run through the Setup
  Download install Server Admin Tools, then update, update, update until no more updates
  Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
  System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
  A few DNS set-up steps and these most important steps:
  A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
  B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
  C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
  D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
  E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
  F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
  G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
  H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
  I. Test from web browser server.domain.com/mydevices: Lock Device to test
  J. ??? Profit
  12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
  You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
  Firewall
  Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
  SSH
  Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
  PermitRootLogin no
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
  Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
  client$ ssh-keygen -t rsa -b 2048 -C client_name
  [Securely copy ~/.ssh/id_rsa.pub from client to server.]
  server$ cat id_rsa.pub > ~/.ssh/known_hosts
  I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
  $ diff denyhosts.cfg-dist denyhosts.cfg
  12c12
  < SECURE_LOG = /var/log/secure
  > #SECURE_LOG = /var/log/secure
  22a23
  > SECURE_LOG = /var/log/secure.log
  34c35
  < HOSTS_DENY = /etc/hosts.deny
  > #HOSTS_DENY = /etc/hosts.deny
  40a42,44
  > #
  > # Mac OS X Lion Server
  > HOSTS_DENY = /private/etc/hosts.deny
  195c199
  < LOCK_FILE = /var/lock/subsys/denyhosts
  > #LOCK_FILE = /var/lock/subsys/denyhosts
  202a207,208
  > LOCK_FILE = /var/denyhosts/denyhosts.pid
  > #
  219c225
  < ADMIN_EMAIL =
  > ADMIN_EMAIL = [email protected]
  286c292
  < #SYSLOG_REPORT=YES
  > SYSLOG_REPORT=YES
  Network Accounts
  User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
  2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
       User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
  Oh well.
  Email
  Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
  root:           myname
  admin:          myname
  sysadmin:       myname
  certadmin:      myname
  webmaster:      myname
  my_alternate:   myname
  Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
  cd /etc/postfix
  sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
  sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
  sudo serveradmin stop mail
  sudo serveradmin start mail
  Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
  If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
  iCal Server
  Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
  Web
  The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
  $ diff httpd.conf.default httpd.conf
  95c95
  < #LoadModule ssl_module libexec/apache2/mod_ssl.so
  > LoadModule ssl_module libexec/apache2/mod_ssl.so
  111c111
  < #LoadModule php5_module libexec/apache2/libphp5.so
  > LoadModule php5_module libexec/apache2/libphp5.so
  139,140c139,140
  < #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  < #LoadModule encoding_module libexec/apache2/mod_encoding.so
  > LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  > LoadModule encoding_module libexec/apache2/mod_encoding.so
  146c146
  < #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  > LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  177c177
  < ServerAdmin [email protected]
  > ServerAdmin [email protected]
  186c186
  < #ServerName www.example.com:80
  > ServerName domain.com:443
  677a678,680
  > # Server-specific configuration
  > # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
  > Include /etc/apache2/mydomain/*.conf
  I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
  Alias /eyetv /Users/uname/Sites/EyeTV
  <Directory "/Users/uname/Sites/EyeTV">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
  <Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
  Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
  One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
  Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
  User-agent: *
  Disallow: /
  Misc
  VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.

  Privacy Enhancing Filtering Proxy and SSH Tunnel
  Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
  If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
  $ ./ssht 8080:[email protected]:3128
  $ ./ssht 8080:alice@:
  $ ./ssht 8080:
  $ ./ssht 8018::8123
  $ ./ssht 5901::5900  [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
  $ vi ./ssht
  #!/bin/sh
  # SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
  USERNAME_DEFAULT=username
  HOSTNAME_DEFAULT=domain.com
  SSHPORT_DEFAULT=22
  # SSH port forwarding specs, e.g. 8080:localhost:3128
  LOCALHOSTPORT_DEFAULT=8080      # Default is http proxy 8080
  REMOTEHOST_DEFAULT=localhost    # Default is localhost
  REMOTEPORT_DEFAULT=3128         # Default is Squid port
  # Parse ssh port and tunnel details if specified
  SSHPORT=$SSHPORT_DEFAULT
  TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
  while [ "$1" != "" ]
  do
    case $1
    in
      -p) shift;                  # -p option
          SSHPORT=$1;
          shift;;
       *) TUNNEL_DETAILS=$1;      # 1st argument option
          shift;;
    esac
  done
  # Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
  shopt -s extglob                        # needed for +(pattern) syntax; man sh
  LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
  USERNAME=$USERNAME_DEFAULT
  HOSTNAME=$HOSTNAME_DEFAULT
  REMOTEHOST=$REMOTEHOST_DEFAULT
  REMOTEPORT=$REMOTEPORT_DEFAULT
  # LOCALHOSTPORT
  CDR=${TUNNEL_DETAILS#+([0-9]):}         # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      LOCALHOSTPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEPORT
  CDR=${TUNNEL_DETAILS%:+([0-9])}         # delete shortest trailing :+([0-9])
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEHOST
  CDR=${TUNNEL_DETAILS%:*}                # delete shortest trailing :*
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEHOST=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # USERNAME
  CDR=${TUNNEL_DETAILS#*@}                # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%@}                            # delete @
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      USERNAME=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # HOSTNAME
  HOSTNAME=$TUNNEL_DETAILS
  if [ "$HOSTNAME" == "" ]                # no hostname given
  then
      HOSTNAME=$HOSTNAME_DEFAULT
  fi
  ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
      && echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
      || echo "SSH tunnel FAIL."

• How do I best share an iPhoto library to several users on a Lion Server?

  I am considering setting up a Lion Server to use for our family of five. The one thing I struggle to understand from searching for information here, and throughout the Internet is: Can I set up a Lion server to have shared libraries for iTunes and iPhoto, and what is the best way to set it up? I would also like to understand if such a shared setup would create any issues with reduced functionality and/or performance?
  Today we share libraries across several accounts on one computer, and that works mostly fine, although with some restrictions (only one account can have iPhoto open at a time, which is not much of an issue if on same computer; iTunes can share music but not Apps, ...)

  I followed Apple's support team's instruction to create iPhoto on the new external hard drive (My Passport) - and then drag and drop the existing iPhoto library onto it from the Master file.
  Don't know who told you that but it would be difficult to be more wrong.
  Make sure the drive is formatted Mac OS Extended (Journaled)
  1. Quit iPhoto
  2. Copy the iPhoto Library from your Pictures Folder to the External Disk.
  3. Hold down the option (or alt) key while launching iPhoto. From the resulting menu select 'Choose Library' and navigate to the new location. From that point on this will be the default location of your library.
  4. Test the library and when you're sure all is well, trash the one on your internal HD to free up space.
  Regards
  TD

• I'm trying to use Mountain Lion Server so my family can have separate logins via Screen Share to their iTunes.

  Using Mountain Lion Server so my family can have separate logins and connect via Screen Share.
  Works great, each has their own home directory and permissions are perfect.
  Now setting up iTunes for each with their own Library (not shared), thus keeping multiple Libraries.
  I get this;
  This Computer is already associated with an Apple ID.
  If you download past purchases with your Apple ID, you
  cannot auto-download past purchases with a different
  Apple ID for 90 days.
  What!
  So what it is on the same computer, they are completely separate Libraries never to be mixed.
  If this works, I only need to keep one computer up and running, instead of three.
  Each can do their syncing/backup and connect to the various Airplay/AppleTVs I have around the house.
  How do I fix this.
  Thanks

  Bottom line is you can't - easily.
  You need to make sure that you log out of the server each time otherwise the ID is running. To explain, if you had a laptop with different people using it, your solution works fine. Each time someone logs in, the iTunes ID is different so it works as you can only have one person using the laptop at any one time.
  Now, turning your problem inside-out, you want people to be able to log into iTunes concurrently to use their own version of the program with their own library. This does not seem to work and you get the conflicted ID error message. Even though iTunes is running under their own login ident, I have never been able to get this working reliably and was told that iTunes is NOT a network-aware application as it is designed to be single user.
  The way I got around this was to login as XYZ and to make sure that the ID was changed in iTunes accordingly. However, it did not always work so I gave up with the whole thing.

• Photoshop CS6 can't save to server after upgrading to Mac OS Yosemite Server from Mac Lion Server

  We recently upgraded our server from a Mac Pro 2008 with OS X Lion Server to a Mac Mini 2014 with LaCie 20TB 5Big Thunderbolt 2 RAID drive. Everything is working fine with the exception of Photoshop. It does it intermittently but once it happens it will continue to do so. We get message like "Can't save to disk because of disk error" and "Can't save file because of program error" . Sometime we are able to do a "save as" and save over it. Most of the time we have to "save as" with a different file name and then rename and recopy the file. We have check permission on all the file as well as the server HD has ignore ownership checked. Again only three things changed. 1) Sever hardware change from Mac Pro to Mac Mini. 2) Server software upgraded from 10.7 Lion to 10.10 Yosemite(both have the latest update). 3) Drive when from internal on Mac Pro to External Thunderbolt 2 LaCie drive. We have no problem with Illustrator or Indesign. Only Photoshop. Anyone with any suggestion is greatly appreciated.

  Unfortunately you seem to be using Photoshop in a way that Adobe discourages, so you may not be getting a lot of helpful advice.
  Networks, removable media | Photoshop | CS4 and later

• How do I add a wildcard domain to Additional Domains in Websites on Mac OS Mountain Lion Server?

  I could do this in Lion Server, but I can't in Mountain Lion (when I try to type * it doesn't type anything). Is there a file I can change with emacs to get this working? I've added the wildcard domain to /var/named/db.mydomain.TLD (see the wildcard domain section) but I need it in the web server as well for this to work.

  I found the answer here:
  /Library/Server/Web/Config/apache2/sites/0000_any_<port>_example.com.conf
  And just before </VirtualHost> put the line:
  ServerAlias *.example.com

• How do I get my airport extreme to show up under hardware in my Lion server app.

  My airport extreme is not showing up in Hardware in my lion server app. How do i configure the settings on my airport extreme to work with the lion server app?

  Hi there, it's pretty easy, see this link & check back if you have any problems...
  http://email.about.com/od/macosxmailtips/qt/et_gmailosxmail.htm

• Unable to add/remove users in Mountain Lion Server (Options are greyed out)

  For some reason, im unable to add/remove users in Mountain Lion server. The + and - are greyed out. It seems like something is wrong with the permissons because it looks like it cant write the the Ldav3 file (although that may be speculation). Does anyone have any advice for me? I URGENTLY need to add users.
  Maybe theres a way to restore default permssions for the boot drive (if that in fact is the issue). Hopefully there is a way that I can fix this while leaving all users, groups, their permissions and shares intact.

  Anything interesting and relevent in the server logs?
  Anything interesting in the server alerts?
  Since it's far and away the most common cause of problems with OS X Server and with distributed authentication (Open Directory is entirely based on network encryption and digital certificates and on responses from your local DNS server(s)), verify your local DNS configuration is working and requires no changes with the following Terminal.app (Applications > Utilities) harmless, diagnostic command:
  sudo changeip -checkhostname
  sudo requires an administrative password.  You might get a one-time warning about the sudo, and that can safely be ignored.  The command will display some details, and indicate whether the local configuration appears valid and no changes are required, or further diagnostics for (most) common errors that can arise.