Os x Server 3.1 breaks Profile Manager

Similar Messages

• Server 3.1 Breaks Profile Manager (PM won't start)

  Hi All,
  Updated to server 3.1 this am and now Profile manager will not start. When I go to turn it on via the server app, its simple hangs on "starting" for a few minutes then reverts to "Off".
  I tried reverting to my backup of 3.0.3, but of course the service updates that are done by 3.1 prevent this.
  I'm also not seeing any devicemgr logs in the console.
  Any suggestions?

  When starting devicemgr from the terminal I get the following errors:
  2014-03-18 09:30:40.264 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:30:42.294 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:30:44.334 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:30:46.366 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:30:50.800 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:30:52.834 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:30:55.487 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:30:57.514 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:30:59.563 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:31:01.588 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:31:03.600 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:31:05.613 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:31:07.625 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:31:09.642 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  2014-03-18 09:31:14.284 serveradmin[3097:4e1f] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9843)
  Thanks

• Mac Mini Server won't load Profile Manager

  My Mac Mini Server has stopped loading Profile Manager in a web browser, and gives me the following message:
  Caught exception "Connection to DB failed" [CSDatabaseError] executing route /auth/?redirect=https://stormforce.no-ip.biz/devicemanagement/api/authentication/callback:
  0 CoreFoundation 0x00007fff8f42d25c __exceptionPreprocess + 172
  1 libobjc.A.dylib 0x00007fff8f5b5e75 objc_exception_throw + 43
  2 CSService 0x0000000101f549bd -[CSConnectionPool openConnection] + 3309
  3 CSService 0x0000000101f5538a -[CSConnectionPool currentConnection] + 98
  4 CSService 0x0000000101fe313c -[CSAuthService _sessionForField:value:] + 96
  5 CSService 0x0000000101fd4bff +[CSHTTPRouteHelper setCurrentSessionForRequest:] + 150
  6 CSService 0x0000000101fdec09 __21-[CSAuthService init]_block_invoke + 367
  7 CSService 0x0000000101fd081a __53-[CSRoutingHTTPConnection httpResponseForMethod:URI:]_block_invoke + 95
  8 CSService 0x0000000101fd3d6c -[CSHTTPBackgroundResponse bounce:] + 286
  9 Foundation 0x00007fff8fa0e76b __NSThread__main__ + 1318
  10 libsystem_pthread.dylib 0x00007fff8d749899 _pthread_body + 138
  11 libsystem_pthread.dylib 0x00007fff8d74972a _pthread_struct_init + 0
  12 libsystem_pthread.dylib 0x00007fff8d74dfc9 thread_start + 13
  Anyone got any ideas how I fix this? My current plan is to try and re-install server.app, but I thought I'd post this to see if anyone had any ideas.

  I'm still trying to trace this fault - if anyone has any ideas they'd be much appreciated.

• Is it possible Messages Settings break Profile Manager?

  I've recently been playing about with the Messages app in ML and ML server.
  I've got everything working manually, as in going to each machine, logging in as the user and adding their credentials to the Messages app.
  I'm trying to automate this using profile manager, I've done simialr for Mail settings but the profile never succeeds. Always fails.
  Removing the Messages component from the Profile makes everything work again.
  Is this possible? I don't see how it could be any of the information that I am typing in the boxes that breaks it, I've been using %short_name% for the use names, this works for the Mail settings, could this be breaking it?

  Hi,
  Partner profile setting are actually soft configuration and you cannot transport them.
  You have to set partner profile in all stages.
  Nilesh

• OS X Server 4.0.3 Profile Manager Settings for Mobile Users problems

  OS X Yosemite 10.10.2 with Server 4.0.3
  We are using Profile Manager to control Settings for Mobile Users, and give homeSync to the users. Our problem is that the exclude / Skip items (Items matching any of the following will not sync" This setting is not working an example. I have put this folder to Skip Items ~/Downloads but the home Sync still Syncing items in the Downloads folder.
  I have this problem on all the 3 users/machines on that server. Every client is using os x 10.10.1 og 10.10.2 I have check that the profile from the server is on the client.
  Has any a solution to that?
  Regards
  Brian

  I have no solution but have experienced failing sync settings (quite often) in both 10.6 Server and 10.9 + Server 3 (upgraded from 10.6 Server) in the same way as you described, it syncs too much. We have given up on synched home folders and will cut them and use other backup methods since we’re not so dependant on switching between different devices. Our users usually have one computer, one iPhone, one iPad and stay with those until it’s time to exchange them.

• OSX Server 10.8.5 (Server 2.2.1) Profile Manager

  Hello all, wondering if somebody can help.  I have a Mac Mini server (2011) running OSX Server 10.8.5 (Server 2.2.1).  I have a fully signed Certificate for the Web/OD services etc.. and its using the self assigned certificate for Profile manager.  Profile manager is running and I can add place holders for iPads, users/groups and apps etc...  Problem is the iPads running iOS6 and 7 simply will not enrol.  You goto the servers web page, then profile manager my devices and it downloads the trust certificate fine.  You click enroll and you see the browser access OTA BOOTSTRAP or something (it goes off way to quick) and does nothing.  If I try and use the Enrollment Profile I get "The Profile SECENROLL com.apple.ota blah blah blah .bootstrap could not be installed due to an unexpected error.  Can anybody help?

  Hello all, wondering if somebody can help.  I have a Mac Mini server (2011) running OSX Server 10.8.5 (Server 2.2.1).  I have a fully signed Certificate for the Web/OD services etc.. and its using the self assigned certificate for Profile manager.  Profile manager is running and I can add place holders for iPads, users/groups and apps etc...  Problem is the iPads running iOS6 and 7 simply will not enrol.  You goto the servers web page, then profile manager my devices and it downloads the trust certificate fine.  You click enroll and you see the browser access OTA BOOTSTRAP or something (it goes off way to quick) and does nothing.  If I try and use the Enrollment Profile I get "The Profile SECENROLL com.apple.ota blah blah blah .bootstrap could not be installed due to an unexpected error.  Can anybody help?

• Upgrade Server 4 - stalled at profile manager

  Am trying to upgrade to Server 4.0 from 3.2.1
  The server install process stalls at about halfway across the blue line - with the statement "updating profile manager service".
  This is odd because we don't use the profile manager service, and it was disabled in the 3.2.1 configuration (i.e. set to not start in the Server app)
  No obvious errors in the system log.
  Anyone got any suggestions about what I can do to kick it along?
  Thanks in advance for any help.

  Hi
  This is the last block of entries in a log called "ServerSetup_DeviceManager.log" in /Library/Logs.  Is this what you are looking for?  It contains an error at least...
  2014-10-17 20:32:22 deviceManagerCommon.sh: A postgres cluster appers to already exist at /Library/Server/ProfileManager/Config/ServiceData/Data/PostgreSQL
  2014-10-17 20:32:22 deviceManagerCommon.sh: Pre-flight starting postgres...
  2014-10-17 20:32:22 deviceManagerCommon.sh: Started xpostgres with PID 10294
  2014-10-17 20:32:22 XPG.10297:  Process parent is PID 10294
  2014-10-17 20:32:22 XPG.10297:  Excluding data directory.
  2014-10-17 20:32:22 XPG.10297:  Turning on archive logging.
  2014-10-17 20:32:22 XPG.10297:  Cleaning up any existing postmaster.pid file
  2014-10-17 20:32:22 XPG.10297:  Starting postgres.
  2014-10-17 20:32:22 XPG.10297:  Waiting for data directory: /Library/Server/ProfileManager/Config/ServiceData/Data/PostgreSQL
  2014-10-17 20:32:22 XPG.10297:  Data directory exists.
  2014-10-17 20:32:22 XPG.10297:  Spawning postgres now.
  2014-10-17 20:32:22 XPG.10297:  Waiting for socket to appear in socket directory: /Library/Server/ProfileManager/Config/var/PostgreSQL
  2014-10-17 20:32:23 deviceManagerCommon.sh: Stopping postgres pre-flight instance...
  2014-10-17 20:32:23 XPG.10297:  Decremented reference count. Count is now: 0
  2014-10-17 20:32:23 XPG.10297:  Reference count reached zero.  Shutting down.
  2014-10-17 20:32:23 XPG.10297:  Killing idle connections...
  2014-10-17 20:32:23 XPG.10297:  Spawning... ('/Applications/Server.app/Contents/ServerRoot/usr/bin/psql', '-q', '-h', '/Library/Server/ProfileManager/Config/var/PostgreSQL', '-d', 'postgres', '-c', "SELECT pid, (SELECT pg_terminate_backend(pid)) as killed from pg_stat_activity WHERE state LIKE 'idle';")
  pid | killed
  -----+--------
  (0 rows)
  2014-10-17 20:32:23 XPG.10297:  Socket available; starting should now be complete.
  2014-10-17 20:32:24 XPG.10297:  log receiver: pg_receivexlog: could not connect to server: FATAL:  the database system is shutting down
  pg_receivexlog: disconnected; waiting 5 seconds to try again
  2014-10-17 20:32:24 XPG.10297:  Postgres exited.
  2014-10-17 20:32:24 XPG.10297:  pg_receivexlog still running; terminating.
  2014-10-17 20:32:24 XPG.10297:  log receiver: pg_receivexlog: could not connect to server: could not connect to server: No such file or directory
    Is the server running locally and accepting
    connections on Unix domain socket "/Library/Server/ProfileManager/Config/var/PostgreSQL/.s.PGSQL.5432"?
  2014-10-17 20:32:24 deviceManagerCommon.sh: Starting postgres under launchd...
  2014-10-17 20:32:24 deviceManagerCommon.sh: Migrating PM SACL in OD...
  PM SACL group has already been migrated
  2014-10-17 20:32:24 deviceManagerCommon.sh: Preparing/migrating database...
  2014-10-17 20:32:29 deviceManagerCommon.sh: Done!
  Oct 17 20:32:55.009 Applying DeviceManager<7fca7144d750> Profile Manager
  Oct 17 20:32:55.010 DeviceManager<7fca7144d750> Running '/Applications/Server.app/Contents/ServerRoot/usr/libexec/deviceManagerCommon.s h'
  2014-10-17 20:32:55 deviceManagerCommon.sh: Starting...
  2014-10-17 20:32:55 deviceManagerCommon.sh: Ensuring Profile Manager services are unloaded and terminated...

• Server 3.1 and Profile Manager woes

  I was hoping the 3.1 upgrade would resolve the Profile Manager not working with "real" Code Signing certificates, but it seems to have made things even worse. (I swear there's no Q/A on this product.)
  I readded my Digicert code signing certificate after upgrading (they have been amazing and have even issued me a special certificate to match all of the extensions and critical flags that the self-signed one Apple generates has).
  With 3.1, it lets me pick the Digicert certificate for Profile Manager, but silently doesn't actually honour the preference. The self-signed certificate continues to be used. The logs are full of errors that I believe are related:
  scep_helper.log after picking the certificate:
  0:: [738] [2014/03/18 10:39:44.942] EXCEPTION:  Error <NSData *ExportIdentityToPKCS12Data(SecIdentityRef, NSString *__strong) (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-864.18/Compiled/Fra mework-Base/Support/CryptoUtilities.m:483): "'((SecItemExport((__bridge CFTypeRef)items, kSecFormatPKCS12, 0, &keyParams, &pkcs12Data)))' error -25308">
  0:: [738] [2014/03/18 10:39:44.943] SCEPHELPERS_GetIdentity: Caught exception NSData *ExportIdentityToPKCS12Data(SecIdentityRef, NSString *__strong) (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-864.18/Compiled/Fra mework-Base/Support/CryptoUtilities.m:483): "'((SecItemExport((__bridge CFTypeRef)items, kSecFormatPKCS12, 0, &keyParams, &pkcs12Data)))' error -25308"
  2014-03-18 10:34:41.330 AM sandboxd[442]: ([67306]) xscertd(67306) deny file-read-metadata /Library/Preferences/com.apple.security.plist
  2014-03-18 10:34:41.352 AM sandboxd[442]: ([67306]) xscertd(67306) deny file-read-data /Library/Preferences/com.apple.security.plist
  2014-03-18 10:36:04.224 AM servermgrd[148]: servermgr_certs[148] -[CertsRequestHandler(HelperAdditions) certificateForIdentity:]:  SecIdentityCopyCertificate (err = -25304)
  And every 4 seconds:
  2014-03-18 10:30:36.155 AM devicemgrd[210]:  SecOSStatusWith error:[-25291] The operation couldn’t be completed. (com.apple.security.xpc error 3 - <connection: 0x7fd3ed309e40> { name = com.apple.securityd.xpc, listener = false, pid = 0, euid = 4294967295, egid = 4294967295, asid = 4294967295 }: Connection invalid)
  *sighs*

  The private key already had the "Allow all applications to access this item". I went in there and hit Save anyway, and tried again. Still the same issue. Profile Manager lets me pick the certificate, but if leave the Profile Manager section and go back in, I find that it has been reverted.
  And interestingly enough, if I set the values from the command line:
  serveradmin settings devicemgr devicemgr:devicemgr:CodeSigningPrivateKey = /etc/certificates/Coverall\ Crew\ Corporation.5504F8C4DA768FC0253A9E8264EDAFC29AC75328.key.pem
  serveradmin settings devicemgr devicemgr:CodeSigningCertificate = /etc/certificates/Coverall\ Crew\ Corporation.5504F8C4DA768FC0253A9E8264EDAFC29AC75328.cert.pem
  serveradmin settings devicemgr devicemgr:CodeSigningAuthorityChain = /etc/certificates/Coverall\ Crew\ Corporation.5504F8C4DA768FC0253A9E8264EDAFC29AC75328.chain.pem
  It's as if it completely ignores any updates.
  I guess I may have to contact Apple for support.

• OS X Server 3.1.1 Profile Manager fails again

  Now profiles which contain variables such as %short_name% doesn't push at all.
  That's all folks.
  Thanks.

  I have recognized that profiles with variable %short_name% is pushed with the shortname of the local admin of my server. I thought it is a variable to use clients username ... Something went wrong in this place at apple. I tried using this variable %short_name% for VPN Profile.

• Lion Server Profile Manager Configuration

  Hi Guys,
  Currently have been testing Lion Server and Profile Manager Configuration.
  So Far Have setup
  Lion with Server App and Server Admin Tools
  Configured Open Directory Master and enabled SSL on LDAP
  Once Configured OD has created a CA Certificate can use for Profile Manager
  Have Enabled in Server.app Web and Profile manager
  In SSL Certificate Configuration have set CA Certificate for Web and Enabled Apple push notifications with my apple ID
  In Profile Manager Enabled Device Management and Enabled Sign configuration profiles and selected CA Open Directory Certificate Created when setting up OD Master.
  On Server Originally could install Trust Profile OK and Enroll Server OK with no issues, but on any other 10.7 Devices could install Trust Profile OK but would always say unsigned and Enroll would never work or just hang.
  Now Since Played around with settings on 10.7 Server can no longer enroll but trust OK.
  Questions have is
  For SSL and Profile Manager to work properly as well as Certificates do you require to purchase a proper SSL Certificate or can we use the OD Master Certificate that gets created. All we are testing is on the Local LAN so don't want to get a SSL certificate from the internet.
  Also why cannot 10.7 clients trust profile and enroll Devices Properly? How do I get this working properly?
  Any ideas?
  Regards,
  Shane

  taubmas wrote:
  Not sure if its that as finally got Lion Server working on a VM setup so network shouldn't be an issue...
  Had 1 OSX Lion Server VM and 1 OSX Lion Client VM and OSX Lion Server VM gets profile and enrolls device fine but again OSX client doesn't get enroll just sits again at installing..... even if set keychain to trust and make trust profile verified..
  any other ideas? I think need to somehow get the server to trust trust profile by default instead of going to keychain all the time.
  Shane
  Did you get this to work in an ESXI envrionment? If so, which version are you running?

• Profile Manager - Not Found  The requested URL /wiki was not found on this server.

  I have installed Lion Server with Web and Profile Manager services. When I log into the profile manager web page I receive the message "Not Found  The requested URL /wiki was not found on this server."  I followed the guide here for install http://krypted.com/iphone/setting-up-profile-manager-in-lion-server/.

  This was the fixed I found
  Fixing profile manager has been solved by someone else:
  1.  Turn off all services under Server app.
  2.  Under Hardware, settings, change SSL certificate to "none"
  3.  Under Hardware, network, reset host name again.
  4.  Under Hardware, settings, change SSL certificate back to correct one
  5.  Turn Web service ON.
  It may still say /var/empty.
  6.  Turn Wiki service ON
  7.  Recheck Web service.  It should be changed to /Library/Server/Web/Data/Sites/Default.

• Backup Server Settingd - Including Profile Manager

  We want to ensure that we have a backup of our server settings and also the network settings of the machine. We have experienced issues with TimeMachine in the past and want to ensure we are backing our server up including the Profile Manager database and active directory database.
  Thanks,
  James.

  The files are created by PostGreSQL and contain WAL (write-ahead-logging) data. It's still not clear why these files should be growing at more than 33 MB a day.
  Why is there no snapshot of the database taken, past WAL files deleted and new ones started every day/week/month? Can I do this myself? I'm now wasting 16GB of storage as an inefficient backup for PostgreSQL.

• How to Resolve Bitnami/MAMP Conflict with Profile Manager

  I've been working on a new Lion Server for several weeks, and most of my services work great. However, I want to set up several development environments for WP, Drupal, and Magento, among other things. I prefer to use something like MAMP Pro or, in this case, Bitnami stacks for my various environments. However, this machine currently is used for managing Wiki, Profile Manager, and Device Manager, among other things. Of course, if you activate the Bitnami MAMPstack, that poses an issue for Profile Manager, as both use the 80 and 443 ports, I presume. So, the question is how can I configure Lion Server to run Bitnami (or MAMP Pro, as an alternate possibility) and not break Profile Manager, Wiki, Device Manager, etc.?

  Let me edit the statement a bit. Device Manager is the term that I intuitively have attached to the link https://server/mydevices, which is nothing more than a web interface for adding profiles to your Mac and iOS devices. Apple doesn't call it that, but I have taken to doing so, so when I'm referring to it, that's what it is.
  Anyway, I haven't tried Wiki on its own, but I know that if I activate MAMP, or BitNami, and I run Profile Manager, it is inaccessible. Obviously, there is a conf setup, or something I am missing here, but I'm not finding it in the server documentation, if it exists at all.

• How to configure profile manager in Maverics when DNS is externally managed?

  Are there any guides to configuring Profile Manager as a MDM?
  Here is my story.
  Recently installed  Mac mini at a school where the DNS is externally managed by the Education departments IT group.  Upgraded to Maverics and installed Server app.  Configured profile manager to the point where we could generate a trust profile and enrolment profile.  Doesn't work because there is no DNS entry for Mac mini server.   Create entry but need to change host name and computer name and local machine name to match entry.  Suddenly profile manager not working at all.  Delete server app and it's configuration file in ~/Library/.  Reinstall.  Now Profile manager won't even activate.  Speak to Apple on phone, run various commands to reinitialise Open Directory and reset profile manager.  To no avail.  Apple say to reinstall Mavericks, Server and try again.
  Funny thing is I got profile manager to work as an MDM in a test environment, but changing DNS after doing so much configuration seems to have made a real mess of things.  Vowing to make a time machine backup as soon as Mavericks re-installs.
  Anyone know of any guides other than the one on krypted.com, which appears to be for the previous version of Profile Manager.
  Stom

  In general, either your OS X Server box has a DNS translation for its address, or it doesn't. 
  If you don't have valid DNS, you will have problems with various services, as DNS is fundamental to distributed authentication and encryption, among other uses. 
  OS X Server doesn't recover well from installations that start off with DNS errors, and the wipe and reinstallation suggested by Apple is usually easier than resolving the various issues that tend to arise within the configurations of the various services.
  If your server doesn't have a valid DNS translation, then either add the DNS translation into your organization's local DNS environment, or work to retrain or replace the folks that are unwilling or unable to administer and to properly maintain local DNS services, or (far less desirably) configure and start your own parallel DNS services.  There are other options, of course. 
  I'd escalate this discussion to management, and let them sort this out — at its core, this very likely isn't a technical issue.

• Can't log in to Profile Manager or My Devices with Active Directory logins

  I have an OSX Lion 10.7.4 Server set up with Profile Manager and it is joined to AD.
  I am able to see AD groups in the Profile Manager groups section.
  I can also see and add AD users and groups using the server app.
  I have enabled the "Can Enable Remote Management" check box for Domain Users through Profile Manager. I have also added Domain Admins to the Workgroup group in the Server app. I'm not sure that I want or need either of these options, but they were suggestions to try.
  I am not able to log on to the Profile Manager or My Devices pages with AD logins.
  I found these directions about nested groups in Workgroup Manager http://krypted.com/iphone/integrating-mac-os-x-lion-servers-profile-manager-with -active-directory/ but I don't have a com.apple.access_devicemanagement local group or any groups like are shown in the picture.
  Any ideas what I'm missing?
  Cheers,
  Ian

  I found the two pieces I was missing:
  1) Install the Lion Server Admin Tools
  Launch the Server Admin App
  Click on the server name in the left pane
  Click on the Access button in the upper part of the window
  Click on Profile Manager
  Either manually add specific groups to the list or if you're feeling brave choose the "Allow all users and groups" radio button
  2) Run the command line steps on this page to change the authentication to plain text to support AD authentication:
  http://support.apple.com/kb/HT4837
  Voila!