PC Clients w/Yosemite Server

Similar Messages

• Connecting Ubuntu client to Yosemite server VPN

  i have searched for info on this and all I have found are other unanswered questions and links to non OSX server solutions.   Surely connecting a Ubuntu PC to an apple network via VPN is commonplace?  Not often you still find the Mac vs the rest of the world problem nowdays.  Thanks,  Alex

  Hello.  Apologies for bumping this question but there are quite a few unanswered questions on the internet relating to this.  I seems illogical to me that it is not straightforward to link a Linux machine to an OS X server network remotely?      Surely this is relatively easy and I have got the wrong end of the stick somewhere?  Thanks for your input.  Alex

• Can log into Yosemite server (4.0) VPN service with a Mavericks client, but not Yosemite client

  Sever Info:
  Yosemite Server 4.0 running on a late 2009 Mac Mini with 8 GB RAM with vpnd service enabled
  The server was upgraded to Yosemite - not clean install - this may not matter (see below)
  Airport extreme router with standard VPN UDP ports for L2TP forwarded to server (500, 1701, 4500)
  Client info:
  MB Air 13" early 2014 with 8 GB RAM
  Yosemite
  Mavericks 10.9.5 running as a Parallels virtual machine (don't ask - I need it to run an app for work that is not yet compatible with Yosemite)
  OD service is NOT running - no VPN connections ever occurred from ANY client with this service running - OD is not needed in my case fortunately
  With the OD service off, I can connect via the Mavericks virtual machine just fine, but not with Yosemite. With Yosemite, the ppp connection appears to occur, but server config requests appear to fall on deaf ears (client side doesn't appear to respond) until the connection times out. Can't figure out what triggers the client response to a server config request. Client side complains about no route to host and IP addresses don't get assigned to the connection.
  The connection happens successfully in an eyeblink with the Mavericks client. Same username/password/shared secret in both instances.
  Tried a generated .vpnconfig from the server, this also did not work.
  It's possible that it is an auth problem, but can't figure out how the process occurs or what may be going wrong. There does not seem to be an obvious way to increase the granularity of the logging such that it might give other hints - at least that I can find. I found plenty of references to VPN issues when people upgraded from Mountain Lion to Mavericks as well as work arounds for this. I tried the most promising looking of those - no love. I reverted everything back to stock install since I could at least connect with Mavericks.
  If log entries would be helpful, they are included below. I've stared at them long enough - perhaps a new set of eyes can provide a hint.
  In addition, I can find no documentation regarding the VPN service in Yosemite server so as to get a clue as to whether there have been changes in racoon since Mavericks.
  Thanks in advance for any suggestions. I would be glad to supply any other info needed for an accurate diagnosis .
  Pat
  ==
  Regarding the Yosemite client connection in the Yosemite server VPN Service log:
  2014-10-21 12:18:30 MDT
  Incoming call... Address given to client = 192.168.1.228
  Tue Oct 21 12:18:30 2014 : Directory Services Authentication plugin initialized
  Tue Oct 21 12:18:30 2014 : Directory Services Authorization plugin initialized
  Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
  Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
  Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
  Tue Oct 21 12:18:30 2014 : L2TP incoming call in progress from 'my.dotted.quad.address'...
  Tue Oct 21 12:18:30 2014 : L2TP received SCCRQ
  Tue Oct 21 12:18:30 2014 : L2TP sent SCCRP
  Tue Oct 21 12:18:30 2014 : L2TP received SCCCN
  Tue Oct 21 12:18:30 2014 : L2TP received ICRQ
  Tue Oct 21 12:18:30 2014 : L2TP sent ICRP
  Tue Oct 21 12:18:30 2014 : L2TP received ICCN
  Tue Oct 21 12:18:30 2014 : L2TP connection established.
  Tue Oct 21 12:18:30 2014 : using link 0
  Tue Oct 21 12:18:30 2014 : Using interface ppp0
  Tue Oct 21 12:18:30 2014 : Connect: ppp0 <--> socket[34:18]
  Tue Oct 21 12:18:30 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
  Tue Oct 21 12:18:33 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
  Tue Oct 21 12:18:36 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
  Tue Oct 21 12:18:39 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
  Tue Oct 21 12:18:42 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
  Tue Oct 21 12:18:45 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
  Tue Oct 21 12:18:48 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
  Tue Oct 21 12:18:51 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
  Tue Oct 21 12:18:54 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
  Tue Oct 21 12:18:57 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
  Tue Oct 21 12:19:00 2014 : LCP: timeout sending Config-Requests
  Tue Oct 21 12:19:00 2014 : Connection terminated.
  Tue Oct 21 12:19:00 2014 : L2TP disconnecting...
  Tue Oct 21 12:19:00 2014 : L2TP sent CDN
  Tue Oct 21 12:19:00 2014 : L2TP sent StopCCN
  Tue Oct 21 12:19:00 2014 : L2TP disconnected
  2014-10-21 12:19:00 MDT
     --> Client with address = 192.168.1.228 has hungup
  ==
  Client side log for this connection using the Yosemite client:
  Tue Oct 21 14:32:08 2014 : publish_entry SCDSet() failed: Success!
  Tue Oct 21 14:32:08 2014 : publish_entry SCDSet() failed: Success!
  Tue Oct 21 14:32:08 2014 : L2TP connecting to server 'myserver.com' (my.dotted.quad.address)...
  Tue Oct 21 14:32:08 2014 : IPSec connection started
  Tue Oct 21 14:32:09 2014 : IPSec connection established
  Tue Oct 21 14:32:10 2014 : L2TP connection established.
  Tue Oct 21 14:32:10 2014 : L2TP set port-mapping for en0, interface: 4, protocol: 0, privatePort: 0
  Tue Oct 21 14:32:10 2014 : Using interface ppp0
  Tue Oct 21 14:32:10 2014 : Connect: ppp0 <--> socket[34:18]
  Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: 3fe4b3e8, Public Port: 0, TTL: 0.
  Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 inconsistent. is Connected: 1, Previous interface: 4, Current interface 0
  Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 initialized. is Connected: 1, Previous publicAddress: (0), Current publicAddress 3fe4b3e8
  Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 fully initialized. Flagging up
  Tue Oct 21 14:32:25 2014 : write: No route to host
  Tue Oct 21 14:32:25 2014 : write: Host is down
  Tue Oct 21 14:32:28 2014 : write: Host is down
  Tue Oct 21 14:32:28 2014 : write: Host is down
  Tue Oct 21 14:32:31 2014 : write: Host is down
  Tue Oct 21 14:32:31 2014 : write: Host is down
  Tue Oct 21 14:32:34 2014 : write: Host is down
  Tue Oct 21 14:32:34 2014 : write: Host is down
  Tue Oct 21 14:32:37 2014 : write: Host is down
  Tue Oct 21 14:32:37 2014 : write: Host is down
  Tue Oct 21 14:32:40 2014 : LCP: timeout sending Config-Requests
  Tue Oct 21 14:32:40 2014 : Connection terminated.
  Tue Oct 21 14:32:40 2014 : L2TP disconnecting...
  Tue Oct 21 14:32:40 2014 : L2TP error sending CDN (Host is down)
  Tue Oct 21 14:32:40 2014 : L2TP clearing port-mapping for en0
  Tue Oct 21 14:32:40 2014 : L2TP disconnected
  ==
  Pertinent client side log for connection of Mavericks client to Yosemite server:
  Tue Oct 21 13:29:13 2014 : Connect: ppp0 <--> socket[34:18]
  Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: 3fe4b3e8, Public Port: 0, TTL: 0.
  Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 inconsistent. is Connected: 1, Previous interface: 4, Current interface 0
  Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 initialized. is Connected: 1, Previous publicAddress: (0), Current publicAddress 3fe4b3e8
  Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 fully initialized. Flagging up
  Tue Oct 21 13:29:21 2014 : local  IP address 192.168.1.229
  Tue Oct 21 13:29:21 2014 : remote IP address 192.168.1.2
  Tue Oct 21 13:29:21 2014 : primary   DNS address 192.168.1.2
  Tue Oct 21 13:29:21 2014 : secondary DNS address 8.8.8.8
  Tue Oct 21 13:29:21 2014 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 10.0.1.38), current interface setting (name: ppp0, family: PPP, address: 192.168.1.229, subnet: 255.255.255.0, destination: 192.168.1.2).
  Tue Oct 21 13:29:21 2014 : Committed PPP store
  Tue Oct 21 13:29:21 2014 : Committed PPP store
  Tue Oct 21 13:52:32 2014 : [DISCONNECT]
  Tue Oct 21 13:52:32 2014 : Hangup (SIGHUP)
  Tue Oct 21 13:52:32 2014 : Connection terminated.
  Tue Oct 21 13:52:32 2014 : Connect time 23.4 minutes.
  Tue Oct 21 13:52:32 2014 : Sent 2674664 bytes, received 10680854 bytes.
  Tue Oct 21 13:52:32 2014 : L2TP disconnecting...
  Tue Oct 21 13:52:32 2014 : L2TP clearing port-mapping for en0
  Tue Oct 21 13:52:32 2014 : L2TP disconnected
  ==
  Regarding the Mavericks client connection in the Yosemite server VPN Service log:
  2014-10-21 12:09:48 MDT Incoming call... Address given to client = 192.168.1.226
  Tue Oct 21 12:09:48 2014 : Directory Services Authentication plugin initialized
  Tue Oct 21 12:09:48 2014 : Directory Services Authorization plugin initialized
  Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
  Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
  Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
  Tue Oct 21 12:09:48 2014 : L2TP incoming call in progress from ‘my.dotted.quad.address’…
  Tue Oct 21 12:09:48 2014 : L2TP received SCCRQ
  Tue Oct 21 12:09:48 2014 : L2TP sent SCCRP
  Tue Oct 21 12:09:48 2014 : L2TP received SCCCN
  Tue Oct 21 12:09:48 2014 : L2TP received ICRQ
  Tue Oct 21 12:09:48 2014 : L2TP sent ICRP
  Tue Oct 21 12:09:49 2014 : L2TP received ICCN
  Tue Oct 21 12:09:49 2014 : L2TP connection established.
  Tue Oct 21 12:09:49 2014 : using link 0
  Tue Oct 21 12:09:49 2014 : Using interface ppp0
  Tue Oct 21 12:09:49 2014 : Connect: ppp0 <--> socket[34:18]
  Tue Oct 21 12:09:49 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4bc40d9f> <pcomp> <accomp>]
  Tue Oct 21 12:09:49 2014 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x71598937> <pcomp> <accomp>]
  Tue Oct 21 12:09:49 2014 : lcp_reqci: returning CONFACK.
  Tue Oct 21 12:09:49 2014 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x71598937> <pcomp> <accomp>]
  Tue Oct 21 12:09:49 2014 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4bc40d9f> <pcomp> <accomp>]
  Tue Oct 21 12:09:49 2014 : sent [LCP EchoReq id=0x0 magic=0x4bc40d9f]
  Tue Oct 21 12:09:49 2014 : sent [CHAP Challenge id=0x73 <074a110a5e0620296b1937345c34090e>, name = “myserver.private”]
  Tue Oct 21 12:09:49 2014 : rcvd [LCP EchoReq id=0x0 magic=0x71598937]
  Tue Oct 21 12:09:49 2014 : sent [LCP EchoRep id=0x0 magic=0x4bc40d9f]
  Tue Oct 21 12:09:49 2014 : rcvd [LCP EchoRep id=0x0 magic=0x71598937]
  Tue Oct 21 12:09:49 2014 : rcvd [CHAP Response id=0x73 <dfed1e41e1fb8c1132387c3d7792b1880000000000000000b2b163259cbe410aae792093680ba7 a89da3b46737c0d8d200>, name = "somelocaluser"]
  Tue Oct 21 12:09:54 2014 : sent [CHAP Success id=0x73 "S=00EDB07933CE697641E2263A2A76386389512329 M=Access granted"]
  Tue Oct 21 12:09:54 2014 : CHAP peer authentication succeeded for somelocaluser
  Tue Oct 21 12:09:54 2014 : DSAccessControl plugin: User 'somelocaluser' authorized for access
  Tue Oct 21 12:09:54 2014 : sent [IPCP ConfReq id=0x1 <addr 192.168.1.2>]
  Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfReq id=0x1]
  Tue Oct 21 12:09:54 2014 : rcvd [CHAP Response id=0x73 <dfed1e41e1fb8c1132387c3d7792b1880000000000000000b2b163259cbe410aae792093680ba7 a89da3b46737c0d8d200>, name = "somelocaluser"]
  Tue Oct 21 12:09:54 2014 : sent [CHAP Success id=0x73 "S=00EDB07933CE697641E2263A2A76386389512329 M=Access granted"]
  Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
  Tue Oct 21 12:09:54 2014 : ipcp: returning Configure-NAK
  Tue Oct 21 12:09:54 2014 : sent [IPCP ConfNak id=0x1 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
  Tue Oct 21 12:09:54 2014 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::021c:42ff:febf:bf66>]
  Tue Oct 21 12:09:54 2014 : Unsupported protocol 0x8057 received
  Tue Oct 21 12:09:54 2014 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 02 1c 42 ff fe bf bf 66]
  Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfReq id=0x1 <route vers 16777216> <domain vers 16777216>]
  Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfRej id=0x1 <route vers 16777216>]
  Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfAck id=0x1 <addr 192.168.1.2>]
  Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfAck id=0x1]
  Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfReq id=0x2 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
  Tue Oct 21 12:09:54 2014 : ipcp: returning Configure-ACK
  Tue Oct 21 12:09:54 2014 : sent [IPCP ConfAck id=0x2 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
  Tue Oct 21 12:09:54 2014 : ipcp: up
  Tue Oct 21 12:09:54 2014 : found interface en0 for proxy arp
  Tue Oct 21 12:09:54 2014 : local  IP address 192.168.1.2
  Tue Oct 21 12:09:54 2014 : remote IP address 192.168.1.226
  Tue Oct 21 12:09:54 2014 : Received acsp/dhcp dictionaries
  Tue Oct 21 12:09:54 2014 : Received acsp/dhcp dictionaries
  Tue Oct 21 12:09:54 2014 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.1.2), current interface setting (name: ppp0, family: PPP, address: 192.168.1.2, subnet: 255.255.255.0, destination: 192.168.1.226).
  Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfReq id=0x2 <domain vers 16777216>]
  Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfAck id=0x2 <domain vers 16777216>]
  Tue Oct 21 12:09:54 2014 : Received protocol dictionaries
  Tue Oct 21 12:09:54 2014 : Committed PPP store
  Tue Oct 21 12:09:54 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
      <domain: name private>
      <domain: name local>]
  Tue Oct 21 12:09:54 2014 : rcvd [IP data <src addr 192.168.1.226> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
  Tue Oct 21 12:09:54 2014 : sent [IP data <src addr 192.168.1.2> <dst addr 192.168.1.226> <BOOTP Reply> <type ACK> <server id 0xc0a80102> <domain name "local">]
  Tue Oct 21 12:09:57 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
      <domain: name private>
      <domain: name local>]
  Tue Oct 21 12:10:00 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
      <domain: name private>
      <domain: name local>]
  Tue Oct 21 12:10:03 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
      <domain: name private>
      <domain: name local>]
  Tue Oct 21 12:10:06 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
      <domain: name private>
      <domain: name local>]
  Tue Oct 21 12:10:09 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
      <domain: name private>
      <domain: name local>]
  Tue Oct 21 12:10:09 2014 : rcvd [LCP TermReq id=0x2 "User request"]
  Tue Oct 21 12:10:09 2014 : LCP terminated by peer (User request)
  Tue Oct 21 12:10:09 2014 : ipcp: down
  Tue Oct 21 12:10:09 2014 : sent [LCP TermAck id=0x2]
  Tue Oct 21 12:10:09 2014 : l2tp_wait_input: Address deleted. previous interface setting (name: en0, address: 192.168.1.2), deleted interface setting (name: ppp0, family: PPP, address: 192.168.1.2, subnet: 255.255.255.0, destination: 192.168.1.226).
  Tue Oct 21 12:10:09 2014 : L2TP received CDN
  Tue Oct 21 12:10:09 2014 : Connection terminated.
  Tue Oct 21 12:10:09 2014 : Connect time 0.4 minutes.
  Tue Oct 21 12:10:09 2014 : Sent 1003 bytes, received 646 bytes.
  Tue Oct 21 12:10:09 2014 : L2TP disconnecting...
  Tue Oct 21 12:10:09 2014 : L2TP disconnected
  2014-10-21 12:10:09 MDT   --> Client with address = 192.168.1.226 has hungup

  1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
  Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
  2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
  There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
  3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
  You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
  In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
  You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
  Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
  4. Here's a summary of what you need to do, if you choose to proceed:
  ☞ Copy a line of text in this window to the Clipboard.
  ☞ Paste into the window of another application.
  ☞ Wait for the test to run. It usually takes a few minutes.
  ☞ Paste the results, which will have been copied automatically, back into a reply on this page.
  The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
  5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
  6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
  7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
  Triple-click anywhere in the line of text below on this page to select it:
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*genieo\* \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n   "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n   [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|(Bo|PO).+ sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n   ...and %s more line(s)\n",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */   /;' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test osascript\ -e );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'|tr , \\\n" 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|corru|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:|suhel| VALI|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '/S*/*/Ca*/*xpc* >&- ||echo No' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,Ex}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,In{p,ter},iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents XPC\ cache Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "${s[63]}"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 62 42;D12 34 43 53 44;D12 22 20 32 25;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 37 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  8. Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
  9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
  exec bash
  and press return. Then paste the script again.
  10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return  three times at the password prompt. Again, the script will still run.
  If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
  11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
  [Process completed]
  to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
  12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
  At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
  If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
  13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
  14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
  Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

• Yosemite server: no CardDAV-Sync with Yosemite clients

  Hi everybody,
  this drives me really mad:
  We had a Lion server (older Mac mini) with Calendar and Contacts services running with no issues. We used global accounts to share company's events and contacts between Macs and iOS devices.
  We started using Yosemite on the clients. Even two new clients (iMac and MacBook Air) came into place with Yosemite already pre-installed. Again: Everything works together.
  We bought a new Mac mini to switch to Yosemite and OS X Server 4. We didn't any migration and started from scratch: DNS, Open Directory etc.. On one client machine (Yosemite) we just exported the calendars into *.ics-files and the contacts (groups) into *.vcf-files.
  On the new server we created network accounts with an exported text file and NOT via an OD archive of the old server, the new server has a different hostname/IP address, both servers didn't disturb each other.
  The migration took place at one client again: Importing each *.ics-file into the new account works as expected. Every appointment or event was then synched to every client (OS X, iOS) from the new server.
  But: While importing the contacts into the global network account of the new server seems to have been worked, the syncing down to the Yosemite clients breaks and didn't finish. Mavericks clients and iOS clients sync within a few seconds without any problem: They have the same amount of contacts and groups. The Yosemite clients sync far longer and are missing about 100 or 200 (it differs from machine to machine) entries and do not show any group at all.
  Even a completely new created local account with fresh configuration of Contacts.app shows this behavior on Yosemite clients. But ONLY with the new server.
  This is really strange, isn't it?
  Has anyone got similar experiences? And solved this issue, probably?
  Best regards,
  Olaf

  I am experiencing a similar problem with both CalDAV and CardDAV.  The existing accounts seem to work as long as you don't try to add a new one.  When you try to add a new CarDAV or CalDAV account, a OS X Server account is added instead.  The new account gives you the options of selecting Calendar, Contacts, etc. but it's not working.  I'm not sure how to work around this yes, but Apple Support suggested copying the files from a working Library into the one that is not working, but I have not had success doing this.  This is a known bug that needs to be fixed. If you figure out a work around please let me know [email protected] thanks.

• Reconfigure Open Directory in Yosemite Server

  Is it possible to delete and reconfigure Open Directory in Yosemite server?
  The host name and configuration were modified after Open Directory was activated and I get the message "Unable to load replica list" in the Settings Tab of Open Directory on the Server App (Server 4.0.3 (Build 14S350)). I think the best way would be to start over the automatic configuration.

  Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.
  1. The OD master must have a static IP address on the local network, not a dynamic address. It must not be connected to the same network with more than one interface; e.g., Ethernet and Wi-Fi.
  2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
  3. The primary DNS server used by the server must be itself, unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
  4. Only if you're still running Mavericks server, follow these instructions to rebuild the Kerberos configuration on the server.
  5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.
  6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
  7. Reboot the master and the clients.
  8. Don't log in to the server with a network user's account.
  9. Disable any internal firewalls in use, including third-party "security" software.
  10. If you've created any replica servers, delete them.
  11. If OD has only recently stopped working when it was working before, you may be able to restore it from the automatic backup in /var/db/backups, or from a Time Machine snapshot of that backup.
  12. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.
  If you get this far without solving the problem, then you'll need to examine the logs in the Open Directory section of the log list in the Server app, and also the system log on the clients.

• Permissions are not displaying correctly on Yosemite server

  My file and folder permissions are not displaying correctly on my Yosemite server when viewed from a Yosemite client.
  I have set these permissions from the server app on the server and have added local network groups for the appropriate folders on the share.  When checked from the server's finder, everything looks correct.  The server is setup for both AFP and SMB on file sharing.  I have also tried setting permissions from the server's finder and seemed to make no difference.
  When logged into from local or VPN Yosemite clients using AFP, the permissions do not show anything but postgres user and everyone group.  Even though they should have network groups such as skoogfinancial, skoogmarketing, etc.
  The server does seem to enforce the permissions correctly though a user cannot get into folders he does not have permissions for.
  Therefore, it seems the server is enforcing correctly, but a user may not understand what is going on as the permissions list doesn't list anything meaningful.

  Please read this whole message before doing anything.
  This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
  The purpose of this exercise is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login. Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode* and log in to the account with the problem. The instructions provided by Apple are as follows:
  Be sure your Mac is shut down.
  Press the power button.
  Immediately after you hear the startup tone, hold the Shift key. The Shift key should be held as soon as possible after the startup tone, but not before the tone.
  Release the Shift key when you see the gray Apple icon and the progress indicator (looks like a spinning gear).
  *Note: If FileVault is enabled under OS X 10.7 or later, or if a firmware password is set, you can’t boot in safe mode.
  Safe mode is much slower to boot and run than normal, and some things won’t work at all, including wireless networking on certain Macs.
  The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
  Test while in safe mode. Same problem(s)?
  After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test.

• How do I define server-side spam rules with Yosemite & Server 4

  Really surprised that this isn't functionality available in the server UI. Poking around in the dovecot/spamassassin docs imply this is possible using sieve, but the configuration looks more complex than I'd like to have to figure out on my own. It seems that sieve might be possible to use. In /Library/Server/Mail/Config/dovecot/conf.d, the option sieve_dir is uncommented, pointing to /Library/Server/Mail/Data/rules/%u. That seems to imply I could create user directories there and apply some sieve rules, has anyone tried this?
  I'd rather not do user-specific rules, I'd prefer to use the default and attempt to move all spam into a spam folder for each user.
  I've seen notes that the webmail client Roundcube provided server-side rules, but I really don't need the web mail client, and various search results seem to raise questions about whether Roundcube is compatible with Sever 4 / Yosemite.
  Any help would be appreciated...

  Was able to get it working with some digging. The basic summary is that you need to create a rules directory for each mail user, and then add a sieve rule in each of the directories you create. I did this manually, which is manageable because I'm using OS X server for my household, and we don't add members to my household that often... :-). Summary of the steps:
  1) Each user has a directory in /Library/Server/Mail/Data/mail that is in UUID format (long hex string with sections broken by - characters).
  2) For each of the users you identify in (1), create an equivalent UUID directory in /Library/Server/Mail/Data/rules
  3) Create a file named "dovecot.sieve" in each of the directories you created in (2). For a basic rule that moves mail marked by SpamAssassin as spam to the Junk folder that Mail.app should create by default, you can use the following:
       require ["fileinto"];
       # rule:[SPAM]
       if header :contains "X-Spam-Flag" "YES" {
               fileinto "Junk";
  4) Ensure that all of the directories/files are owned by _dovecot. I marked dovecot.sieve as executable, but I'm not sure that was necessary.
  5) Once you've done steps 1-4, you should start to see evidence that sieve is being used for delivery of mail in /Library/Logs/Mail/mailinfo.log. Grep for "sieve" in that to see activity. If there are errors, you'll likely see notices that there are sieve logs being created in the rules directories you set up in (2). I ran into errors for at least one account that didn't have a Junk folder created; if you hit that just have the user create a folder named Junk to clear it up.
  Hope this helps others...

• Yosemite Server: Apache shm errors with proxy_balancer | SASL errors using user alias

  Dear OSX Server Ninjas,
  I recently upgraded my 10.9.5 Mac mini running Server 3.2.2 to Yosemite + Server v4, directly to v4.0.3. The box serves the whole Mail/Cal/Contacts/VPN palette as well as some websites, Git repos and some custom software. See below for network setup.
  After battling the most blatant issues (some easy to fix but hard to find, others hard on both), I'm almost back to a working server setup … but some things keep bugging me even after days of log-reading and OD tricks. In the last days, I have read countless discussions here as well as on stackoverflow/serverfault/apple.stackexchange and blogs, so I'll try to be as thorough and precise as possible to show what I have tried so far – sorry in advance for the long post
  … and since you might not read to the bottom: Thanks in advance for any help, especially with the Apache problem!
  My setup
  OSX Server v4.0.3 running on Yosemite 10.10.1 ➞ both latest official releases
  host + DNS
  Hostname configured for public domain mydomain.net, web traffic on selected ports comes in through router NAT
  Server has a static IP on the local subnet 192.168.178.0/24
  Server running local DNS and performing lookups for all clients in the local subnet, forwarding to the router at 192.168.178.1
  Primary zone for mydomain.net with records (A, NS, MX) pointing to said static IP
  changeip -checkhostname is successful
  Public IP is currently configured at the domain registrar through his name servers
  SSL
  Trusted third-party certificate installed for host.mydomain.net (Common Name + SAN for two subdomains)
  Used to secure all services
  Qualys SSL Test Grade B (capped due to OSX's openssl 0.9.x not being capable of TLS1.2 and Intermediate CA SHA-1 )
  TLS working both inbound and outbound according to CheckTLS.com
  OpenDirectory
  Recreated after upgrade (probably not necessary, since issue persists), re-imported groups + users from WGM backup files
  Only the server itself is bound to the directory, other devices just access services through network accounts (CRAM-MD5, MD5-Digest)
  Problems
  Apache shm errors: Apache fails to create slot memory when proxy module is enabled
  As soon as I start a service which requires the Apache proxy_balancer module (e.g. Cal/Contacts, ProfileManager), this starts filling up my Apache's error log:
  [Mon Jan 12 01:41:17.979882 2015] [proxy_balancer:emerg] [pid 2949] (28)No space left on device: AH01179: balancer slotmem_create failed for p26d9e669--1011640492
  [Mon Jan 12 01:41:17.979894 2015] [:emerg] [pid 2949] AH00020: Configuration Failed, exiting
  [Mon Jan 12 01:41:28.297127 2015] [slotmem_shm:error] [pid 3026] (28)No space left on device: AH02611: create: apr_shm_create(/private/var/run/slotmem-shm-p26d9e669--1001322955.shm) failed
  [Mon Jan 12 01:41:28.297347 2015] [proxy_balancer:emerg] [pid 3026] (28)No space left on device: AH01179: balancer slotmem_create failed for p26d9e669--1001322955
  [Mon Jan 12 01:41:28.297355 2015] [:emerg] [pid 3026] AH00020: Configuration Failed, exiting
  When I increase the Apache LogLevel to trace1, I get this as well:
  [Mon Jan 12 02:11:43.190303 2015] [slotmem_shm:debug] [pid 5501] mod_slotmem_shm.c(367): AH02602: create didn't find /private/var/run/slotmem-shm-p26d9e669-813569972.shm in global list
  This causes the Apache to crash constantly, which is … unnerving. After googling around for a while, I tried the following steps:
  Stop Services that use the Apache (Web, *DAV, ProfileManager)
  sudo apachectl stop
  Remove all orphan cache/slot files (.shm, ssl-cache, proxy.*) from /private/var/run
  Reboot the server
  Start up the Services again
  Curiously enough, this worked for a while! But I was getting several log messages about dropped proxy connections, and sometimes the ProfileManager page would time out. Then, the issue started to reappear and does not seem to be fixed again with the steps above. I looked through the Apache config files and config plists for the Services in question, as well as the default config files. The only thing I have so far is that as long as there are no active proxy connections, the Apache runs smoothly – but all goes awry when slotmem files are created (a lot of them). Sometimes, I am able to turn on the Calendar service, but switching on Contacts produces the error … one time, I even got Calendar + Contacts running, and all went well until I enabled Profile Manager.
  I found several error reports with similar or identical errors from other Apache 2.4.x users, but most of those were developer talk on mailing lists, or suggested steps that did not work for me (or were inapplicable on the OS X Server Apache environment).
  SASL errors using user alias for WebDAV-Digest authentication
  Short version: I am unable to authenticate through WebDAV-Digest with a user's alias (defined in Server Admin > Users > Context Menu > Advanced Options or WGM). Using the main short name of the same user works flawlessly. Password Server Error log just shows:
  AUTH2: {234023578237md5hash2384234, mainshortname} WEBDAV-DIGEST authentication failed, SASL error -13 (password incorrect).
  The password is 100% correct: When I set up a test CalDAV account and put in alias+PW, it did not work (OS X Dialog showed “could not be verified”, Server log as above). Leaving the password field filled and just switching the user to the main short name went through instantaneously, with the Server log showing
  AUTH2: {234023578237md5hash2384234, mainshortname} WEBDAV-DIGEST authentication succeeded.
  Notice the same MD5 hash and canonical short name, yet different results. I don't know if this is a new “feature”, a result of mail aliases being handled differently (at least I read that somewhere) …
  Additional Questions
  Should I configure the DNS for public use, instead of the Split-Brain configuration (local network gets local IP, outside traffic is directed by registrar NS)? I read several articles explaining that Split-Brain is common in large organizations, but might introduce weird networking issues. Entering the external IP as a Round Robin alternative for the internal does not seem sensible to me.
  I also have a question concerning LDAP log entries like this one below, but I'll put that in this already open discussion:
  => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

  Today the same error occurred on a customers server.
  We don't use Calendar or Contacts.
  We only have some websites configured and want use NetInstall for deployments.
  As soon as I disable the Profilemanager the httpd starts over and other websites and NetInstall via HTTP are working fine.
  When I reenable Profilemanager the httpd processes are gone and I see the same stuff in Apache's error log...

• Yosemite Server Vs. Windows Server 2012

  Hello, I wonder does Yosemite server can replace Windows Server 2012 and work as full as server operation system?
  In services:
  DNS
  DHCP
  Webserver
  FTP
  Mailserver
  Maybe Virtualization

  We found the same. One small Mac mini replaced a towering Dell, tripled the uptime of our UPS and the Mac Server could not have been easier to configure. It almost fell into operation with all the services you mention. We don't employ an IT department or external contractor to manage this either (we are all electrical engineers here though...)
  Biggest benefit other than stability, ease of maintenance? TIME MACHINE - for us - this is worth its weight in gold to have such a simple and effective backup strategy.
  But..... We have found some issues with the SMB (File serving / File sharing) functionality from windows clients.
  Files that are open on an SMB share from a Windows 7 client, all our users eventually complain that the file/s they have been working on and had open for 2 hours (some shorter some longer) suddenly becomes read only... And they no longer have permission (even though they created it, have group privileges etc) to delete, move, rename etc. Strange things happen with file locks too, so the file can report it's in use when the owner tries to open the file after closing the app and starting again. (problems are related obviously)  Only the admin can change it...  (doesn't matter the app or format - CAD, Word, Excel.... or MYOB accounting files! etc)
  We ended up running a W7 instance in a VM and handle the critical file sharing out of there. (Could have set up server 2012 in a basic mode - but seems mad to have 2 full servers. Had other reasons for wanting the W7 VM anyway - so no big deal, but less than ideal for a "file" server.
  If anyone has ideas - about what might cause the crazy permissions issues - happily discuss - but other than that - OSX Server is a great choice for us.

• Yosemite Server Mail GSSAPI Error

  Since upgrading client machines to Yosemite, connecting to mac mini server running Yosemite (server v4), I'm seeing this error in the client main log file:
  22/10/2014 12:43:56.579 Mail[7452]: GSSAPI Error:  Miscellaneous failure (see text (No credentials cache file found (negative cache))
  22/10/2014 12:43:56.579 Mail[7452]: Failed to start the SASL connection
  SASL(-1): generic failure: GSSAPI Error:  Miscellaneous failure (see text (No credentials cache file found (negative cache))
  Has anyone else seen this or have any thoughts as how to proceed? Thanks a lot for any pointers in the right direction.
  (ps mail is being sent and received)

  Hi,
  maybe it helps or not, I solve a other performance problem which is more related to the mailbox speed but this error on client side is gone afterwards:
  In Yosemite there is still also a problem with the automatic settings detection in Mail.
  That means that the application try's to find a working authentication mechanism in combination with different ports and encryption.
  So far so good, this feature would be okay but the application never stops to do that. So we are shortly connected but the connection becomes invalid again.
  This leads to performance issues and the application becomes very slow!
  If you refer your client log file maybe you can see some "Failed to start the SASL connection" issues (coming from Mail.app).
  In case that you are running a OS X Server which is used by Mail you will see in /var/log/mail* /Library/Logs/mail* various login failures. In case that you have enabled the Adaptive Firewall it can be happen that your IP is blocked for 15 minutes.
  Of course this must not be a issue for everyone I believe it strongly depends on your email server / provider which auth. stuff is supported or enabled.
  To solve it:
  1.) Open the Mail Preferences
  2.) Goto "Accounts" and select your Provider/Account
  3.) Klick Enhanced (the last right tab)
  4.) Disable the automatic settings detection (first checkbox)
  5.) In case you didn't enable "MailDrop"
  This works in Mail 8.1 on Yosemite 10.10.1

• Yosemite Server: After upgrade, OD is read-only

  Hello,
  yesterday, I upgraded my server installation to Yosemite and Server 4.0. Although it seemed that everything went fine, a severe problem turned out.
  Symptoms:
  I cannot login to network accounts from other machines, although Directory Services show the right content for each user. Assumption: Kerberos authentication fails for unknown reason.
  Then, I discovered that OD on the Yosemite Server shows all Users and Groups, but I cannot edit any of them; any "change password" or similar context menu options are grayed out.
  I had the "fix permissions" run and reboot, but without any effect.
  As it seems, the /Library/Server path content is considered as read-only for the Server app; this impression is supported by the RADIUS service: When keying "radiusd -X", this is the result:
  Starting - reading configuration files ...
  including configuration file /Library/Server/radius/raddb/radiusd.conf
  Unable to open file "/Library/Server/radius/raddb/radiusd.conf": Permission denied
  Errors reading or parsing /Library/Server/radius/raddb/radiusd.conf
  Any idea how to fix this? I'm not the hardcore sysadmin, so I'd appreciate any kind of help...
  Thanks a lot in advance!
  Best regards,
  Hardy

  Addition: I just found out that a login request from a client to the read-only OD leads to these system protocol entries:
  Oct 18 07:41:49 odserver.domain.tld kdc[69]: AS-REQ [email protected] from 10.0.10.55:57714 for krbtgt/[email protected]
  Oct 18 07:41:52 --- last message repeated 1 time ---
  Oct 18 07:41:52 odserver.domain.tld kdc[69]: UNKNOWN -- krbtgt/[email protected]: no such entry found in hdbOct 18 07:41:52 odserver.domain.tld kdc[69]: AS-REQ [email protected] from 10.0.10.55:57875 for krbtgt/[email protected]
  Oct 18 07:41:52 odserver kdc[69]: BUG in libdispatch client: kevent[EVFILT_READ] delete: "Bad file descriptor" - 0x9Oct 18 07:41:52 odserver.domain.tld kdc[69]: AS-REQ [email protected] from 10.0.10.55:57875 for krbtgt/[email protected]
  Oct 18 07:41:52 odserver.domain.tld kdc[69]: UNKNOWN -- krbtgt/[email protected]: no such entry found in hdbOct 18 07:41:52 odserver.domain.tld sandboxd[328] ([69]): kdc(69) deny file-read-data /private/etc/krb5.conf
  Oct 18 07:41:57 odserver kernel[0]: Sandbox: Python(5581) System Policy: deny file-write-unlink /Library/Server/Wiki/PostgresSocket/.xpg_ctl.pidOct 18 07:42:08 odserver.domain.tld collabpp[5578]: Failed to obtain sandbox extension for path=/dev/null/Library/Caches/collabpp. Errno:20

• Cannot send mail to Yosemite Server

  I have Yosemite Server on a Mac Mini Server.
  I cannot receive mail to the Server.  ( i.e. they are sent back to the sender ) Here is an example of the error.
  <[email protected]>: Host or domain name not found. Name
     service error for name=example.com type=AAAA: Host found but
     no data record of requested type
  Reporting-MTA: dns; svr1.example.com
  X-Postfix-Queue-ID: E553639C4621
  X-Postfix-Sender: rfc822; [email protected]
  Arrival-Date: Wed, 25 Feb 2015 13:44:35 -0600 (CST)
  Any ideas???
  Best Regards,
  Neil

  Could be the DNS as Lync Davis writes but to elaborate somewhat:
  It's not enough to have the DNS in the server itself. At a standard setup that will only be used by the server to find itself. Senders must also be able to look up the mail server's full domain name which means that you must have those records in a public DNS server so that clients sending mail can look up the server. Local clients might get settings via DHCP to use it as DNS server and if it's accessible from Internet on port 53 it could be used as a public DNS server (set in the settings for you domain at the registrar, by them or yourself).

• Yosemite Server Mail and Google Domain Relay

  I want to simply use the server to send automated emails from scripts.  I have server installed.  Over the course of two days I've have followed several posts:
  http://www.anujgakhar.com/2011/12/09/using-macosx-lion-command-line-mail-with-gm ail-as-smtp/
  http://blog.anupamsg.me/2012/02/14/enabling-postfix-for-outbound-relay-via-gmail -on-os-x-lion-11/
  And the updated Yosemite version here:
  http://blog.anupamsg.me/2013/12/22/enabling-postfix-on-osx-as-a-relay-revisited/
  Yosemite Server configuration
  http://krypted.com/mac-security/configure-the-os-x-yosemite-server-mail-service/
  I've gotten no where.  In my last attempt all sasl errors and no mech connections had stopped but mail did not appear to go anywhere.  No trace.  I stumbled across a post that said ssl connections from Mac OS X Yosemite are broken and just don't work.
  Now the real rub. I have gotten the same thing working with Linux in 5 minutes following this post:
  https://rtcamp.com/tutorials/linux/ubuntu-postfix-gmail-smtp/
  Then within an hour my crontab and scripts were written, debugged, and blissfully sending email.
  I would rather run this from my Mac server.  I understand that this may become an in-depth discussion/debug session (remember the old sendmail.cf day?!) and would greatly appreciate someone's mentoring here.
  -Tim

  Hi,
  maybe it helps or not, I solve a other performance problem which is more related to the mailbox speed but this error on client side is gone afterwards:
  In Yosemite there is still also a problem with the automatic settings detection in Mail.
  That means that the application try's to find a working authentication mechanism in combination with different ports and encryption.
  So far so good, this feature would be okay but the application never stops to do that. So we are shortly connected but the connection becomes invalid again.
  This leads to performance issues and the application becomes very slow!
  If you refer your client log file maybe you can see some "Failed to start the SASL connection" issues (coming from Mail.app).
  In case that you are running a OS X Server which is used by Mail you will see in /var/log/mail* /Library/Logs/mail* various login failures. In case that you have enabled the Adaptive Firewall it can be happen that your IP is blocked for 15 minutes.
  Of course this must not be a issue for everyone I believe it strongly depends on your email server / provider which auth. stuff is supported or enabled.
  To solve it:
  1.) Open the Mail Preferences
  2.) Goto "Accounts" and select your Provider/Account
  3.) Klick Enhanced (the last right tab)
  4.) Disable the automatic settings detection (first checkbox)
  5.) In case you didn't enable "MailDrop"
  This works in Mail 8.1 on Yosemite 10.10.1

• Mail slow authenticating to Yosemite server

  I'm running mail on a Yosemite server, and Mac Mail client on Yosemite. With the "Activity" window open on the Mail client, I see two copies of "Communicating with server: Authenticating" a lot. On the server /Library/Logs/Mail/mail-err.log is filled with lines:
  Nov 06 10:58:06 auth: Error: od(simon,192.168.0.29,<MuZNkS4HfQDAqAAd>): Credentials could not be verified, username or password is invalid.
  Nov 06 10:58:06 auth: Error: od(simon,192.168.0.29,<MuZNkS4HfQDAqAAd>): authentication failed for user=simon, method=DIGEST-MD5
  Nov 06 11:00:12 auth: Error: od(simon,192.168.0.29,<suuzmS4HggDAqAAd>): Credentials could not be verified, username or password is invalid.
  Nov 06 11:00:12 auth: Error: od(simon,192.168.0.29,<suuzmS4HggDAqAAd>): authentication failed for user=simon, method=DIGEST-MD5
  Nov 06 11:00:18 auth: Error: od(simon,192.168.0.29,<BLfTmS4HhADAqAAd>): Credentials could not be verified, username or password is invalid.
  Nov 06 11:00:18 auth: Error: od(simon,192.168.0.29,<BLfTmS4HhADAqAAd>): authentication failed for user=simon, method=DIGEST-MD5
  Nov 06 11:00:28 auth: Error: od(simon,192.168.0.29,<okUwmi4HhgDAqAAd>): Credentials could not be verified, username or password is invalid.
  Nov 06 11:00:28 auth: Error: od(simon,192.168.0.29,<okUwmi4HhgDAqAAd>): authentication failed for user=simon, method=DIGEST-MD5
  In the Server Mail settings, I have "Authenticate Using" set to "Local Users" (which checks the "Digest (CRAM-MD5)" and "Digest-MD5" boxes).
  On the client, in the Mail IMAP settings for the account I have selected (picking what I think will be relevant) "Automatically detect and maintain account settings", "Port: 993", "Use SSL", "Authentication: Password" and "Use IDLE command if server supports it". I have NOT selected "Allow insecure authentication". I have previously selected "Authenticaion: MD5 Challenge-Response", but it seems to revert to "Password". I have an iPad and iPhone, both of which have "MD5 Challenge-Response" set, and don't appear to generate anything in mail-err.log
  Mail from the Yosemite client works, it is just a bit sluggish. Under Mavericks new messages seemed to arrive simultaneously on all three clients, but now they hit iOS first.

  OK, I think I have solved this. In the client Mail app I de-selected "Automatically detect and maintain account settings". Login then failed. Authentication had switched itself to "Password" while automatic detection of account settings was on. I changed authentication back to "MD5 Challenge-Response", and login now works, I don't get "Authenticating" hanging around in the activity window, and I don't get lots of "authentication failed" messages in the mail logs on the server.

• Async tcp client and server. How can I determine that the client or the server is no longer available?

  Hello. I would like to write async tcp client and server. I wrote this code but a have a problem, when I call the disconnect method on client or stop method on server. I can't identify that the client or the server is no longer connected.
  I thought I will get an exception if the client or the server is not available but this is not happening.
  private async void Process()
  try
  while (true)
  var data = await this.Receive();
  this.NewMessage.SafeInvoke(Encoding.ASCII.GetString(data));
  catch (Exception exception)
  How can I determine that the client or the server is no longer available?
  Server
  public class Server
  private readonly Dictionary<IPEndPoint, TcpClient> clients = new Dictionary<IPEndPoint, TcpClient>();
  private readonly List<CancellationTokenSource> cancellationTokens = new List<CancellationTokenSource>();
  private TcpListener tcpListener;
  private bool isStarted;
  public event Action<string> NewMessage;
  public async Task Start(int port)
  this.tcpListener = TcpListener.Create(port);
  this.tcpListener.Start();
  this.isStarted = true;
  while (this.isStarted)
  var tcpClient = await this.tcpListener.AcceptTcpClientAsync();
  var cts = new CancellationTokenSource();
  this.cancellationTokens.Add(cts);
  await Task.Factory.StartNew(() => this.Process(cts.Token, tcpClient), cts.Token, TaskCreationOptions.LongRunning, TaskScheduler.Default);
  public void Stop()
  this.isStarted = false;
  foreach (var cancellationTokenSource in this.cancellationTokens)
  cancellationTokenSource.Cancel();
  foreach (var tcpClient in this.clients.Values)
  tcpClient.GetStream().Close();
  tcpClient.Close();
  this.clients.Clear();
  public async Task SendMessage(string message, IPEndPoint endPoint)
  try
  var tcpClient = this.clients[endPoint];
  await this.Send(tcpClient.GetStream(), Encoding.ASCII.GetBytes(message));
  catch (Exception exception)
  private async Task Process(CancellationToken cancellationToken, TcpClient tcpClient)
  try
  var stream = tcpClient.GetStream();
  this.clients.Add((IPEndPoint)tcpClient.Client.RemoteEndPoint, tcpClient);
  while (!cancellationToken.IsCancellationRequested)
  var data = await this.Receive(stream);
  this.NewMessage.SafeInvoke(Encoding.ASCII.GetString(data));
  catch (Exception exception)
  private async Task Send(NetworkStream stream, byte[] buf)
  await stream.WriteAsync(BitConverter.GetBytes(buf.Length), 0, 4);
  await stream.WriteAsync(buf, 0, buf.Length);
  private async Task<byte[]> Receive(NetworkStream stream)
  var lengthBytes = new byte[4];
  await stream.ReadAsync(lengthBytes, 0, 4);
  var length = BitConverter.ToInt32(lengthBytes, 0);
  var buf = new byte[length];
  await stream.ReadAsync(buf, 0, buf.Length);
  return buf;
  Client
  public class Client
  private TcpClient tcpClient;
  private NetworkStream stream;
  public event Action<string> NewMessage;
  public async void Connect(string host, int port)
  try
  this.tcpClient = new TcpClient();
  await this.tcpClient.ConnectAsync(host, port);
  this.stream = this.tcpClient.GetStream();
  this.Process();
  catch (Exception exception)
  public void Disconnect()
  try
  this.stream.Close();
  this.tcpClient.Close();
  catch (Exception exception)
  public async void SendMessage(string message)
  try
  await this.Send(Encoding.ASCII.GetBytes(message));
  catch (Exception exception)
  private async void Process()
  try
  while (true)
  var data = await this.Receive();
  this.NewMessage.SafeInvoke(Encoding.ASCII.GetString(data));
  catch (Exception exception)
  private async Task Send(byte[] buf)
  await this.stream.WriteAsync(BitConverter.GetBytes(buf.Length), 0, 4);
  await this.stream.WriteAsync(buf, 0, buf.Length);
  private async Task<byte[]> Receive()
  var lengthBytes = new byte[4];
  await this.stream.ReadAsync(lengthBytes, 0, 4);
  var length = BitConverter.ToInt32(lengthBytes, 0);
  var buf = new byte[length];
  await this.stream.ReadAsync(buf, 0, buf.Length);
  return buf;

  Hi,
  Have you debug these two applications? Does it go into the catch exception block when you close the client or the server?
  According to my test, it will throw an exception when the client or the server is closed, just log the exception message in the catch block and then you'll get it:
  private async void Process()
  try
  while (true)
  var data = await this.Receive();
  this.NewMessage.Invoke(Encoding.ASCII.GetString(data));
  catch (Exception exception)
  Console.WriteLine(exception.Message);
  Unable to read data from the transport connection: An existing   connection was forcibly closed by the remote host.
  By the way, I don't know what the SafeInvoke method is, it may be an extension method, right? I used Invoke instead to test it.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.