Profile manager: Designing a environment

Similar Messages

• Profile manager won't clear previous settings

  While messing around with profile manager it do a couple basic things. Start FaceTime at login and map some network drives. This worked fine but when i went back in later to turn those off they continue to go through. When I log on to a different computer the settings are correct, however. Is there someone I can do a clean refresh of the machine to wipe it of all previous profile manager settings. I've even tried deleting and re adding the machine to Profile manager but this still doesn't work.

  You'll need to cleanup DNS on the domain controller not client systems.
  Give me some information on how this server is integrated into your environment.
  Is it bound to Active Directory?  If so, what happens when you launch terminal?  Does the hostname match the name under Sharing in sys prefs on your server?  If not, you've probably got some stale DNS screwing things up.
  To see if this is the case, log in to your primary DC (or whichever server hosts DNS records in your environment) and check your forward and reverse lookup zones.  In my case, I saw more records than we have machines!  Problem with Macs is those records stick around even after you remove a machine.  Macs aren't always automagical unfortunately.
  Another way to see if you have DNS problems is simply take a freshly imaged server (BEFORE it's bound to AD) and fire up profile manager.  If it launches easy breezy (aka not getting DNS from the potentially messy server) then it's safe to assume you'll need to scavenge out those records.  But that another story for a Win 2008 R2 board.

• Profile Manager does not recognize existing OD master

  I built up a new Mountain Lion server at home, migrated all user data from an older server to it and today brought it into production in a colocation center. The nly thing I had to change in the colcocation environment was the IP address of the server. Everything else, even the hostname (DNS name), was already set in my home environment (I ran a DNS server at home for this). Profile Manager was already set up and therefore also Open Directory was running (without certificate). All users (except the admin) are stored in OD. At home I used the airport interface with a private address and in the colocation environment I use a public IP address on the ethernet interface.
  After placing the server in the colocation centre verything went OK, but for Profile Manager. I was able to login as admin and as a user, but I was not able to install profiles on devices (https://server/mydevices). Therefore I did reset Profile Manager following http://support.apple.com/kb/HT5349. But now when I try to use the configure button in Profile Manager in Server.app to set up device management, it wants to create an OD master or replica. This is not what should happen according to the knowledge base article. It should use the existing OD master and just ask for the organization etc. I have a clone of the server as it was configured at home and tried the same procedure on this server, but then everything goes as expected from the knowledge base article. Does anyone have an idea how to fix this on my new colocated server?
  I do not want to destroy OD, as I am not sure how to preserve all local network users.
  Thanks for your help!

  Open DTM and connect your BB via USB cable, then in desktop go to options and click on detect and look what it has there, if everything is ok go to main menu DTM and click on sync then on to config sync settings, make sure all is correct there, failing that in options you can check you setting in connections and PIN# are entered there.
  When you accept a solution from anyone could you please select the appropriate box.
  Also, select the appropriate Kudos box and click it for the person’s solution you accepted thank you.
  Ian H

• App-V 5 sp2, Citrix user profile manager and Event IDs 19104

  Hi,
  the environment:
  Full Infrastructure, Appv 5 sp2 Client on server 2008r2, xenapp 6.5 and Citrix user profile manager.
  We get the event error 19104 on published packages. But not on all users. %APPDATA%\Microsoft\AppV\Client\VFS and %LOCALAPPDATA%\Microsoft\AppV\Client\VFS are excluded per
  http://blogs.technet.com/b/appv/archive/2013/10/01/support-tip-event-ids-19104-and-19105-are-logged-when-publishing-and-unpublishing-app-v-5-0-packages.aspx from my test GPO:
  List of directories to exclude:
  AppData\Local\Microsoft\AppV
  AppData\Roaming\Microsoft\AppV\Client
  Appdata\local
  appdata\locallow
  Still some users get app-v Applications, but some that are copies of the ones working does not get the Applications. I have tried to delete the profile. but still no closer to a solution. Anyone got this working?

  Thanks Nicke, I should have tried harder to get you to come and work with me in Oslo earlier this year ;)
  That thread does point on the Profile managment, and redirection of %appdata% and %localappdata% . Those to folders are not redirected. But when i run Procmon, i can see that a working user creates the c:\users\<username>\appdata\local\temp but non
  working does not even try.Non working users also does not query the registry as much as working. Ofcourse this all work in my lab so the settings should be sound. but i cannot find the smoking environment variable or setting that causes it.

• Profile Manager not quite loading...

  Hi all,
  I have a question about Profile Manager not loading on a fresh install. I've got this working in the past, but don't ask me how as I don't know anymore, plus the conditions were different.
  Now when I go to https://server.example.com/profilemanager or /mydevices I can't even log in and it doesn't show anything. The status bar in Safari shows that 5 out of 7 items have been loaded and when I view the source, it shows:
  <!DOCTYPE html><html>  <head>    <script>    var _SC_performanceEvents = { headStart: new Date().getTime() };    </script>        <meta http-equiv="Content-type" content="text/html; charset=utf-8" />    <meta http-equiv="X-UA-Compatible" content="IE=8" />    <meta http-equiv="Content-Script-Type" content="text/javascript" />    <meta name="apple-mobile-web-app-capable" content="yes" />    <meta name="apple-mobile-web-app-status-bar-style" content="default" />    <meta name="viewport" content="initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no" />    <link rel="apple-touch-icon" href="/devicemanagement/console/sproutcore/foundation/en/b74a542f762e55107620d6f19465a 4ec3258c4df/images/sproutcore-logo.png" />  <link rel="apple-touch-startup-image" media="screen and (orientation:portrait)" href="/devicemanagement/console/sproutcore/foundation/en/b74a542f762e55107620d6f19465a 4ec3258c4df/images/sproutcore-startup-portrait.png" />        <link rel="apple-touch-startup-image" media="screen and (orientation:landscape)" href="/devicemanagement/console/sproutcore/foundation/en/b74a542f762e55107620d6f19465a 4ec3258c4df/images/sproutcore-startup-landscape.png" />  <link rel="shortcut icon" href="" type="image/x-icon" />        <title>Admin</title>  <script type="text/javascript">/* >>>>>>>>>> BEGIN source/core.js */// ==========================================================================// Project:   SproutCore - JavaScript Application Framework// Copyright: ©2006-2009 Sprout Systems, Inc. and contributors.//            Portions ©2008-2009 Apple Inc. All rights reserved.// License:   Licensed under MIT license (see license.js)// ==========================================================================
  /* >>>>>>>>>> BEGIN source/system/browser.js */// ==========================================================================// Project:   SproutCore - JavaScript Application Framework// Copyright: ©2006-2009 Sprout Systems, Inc. and contributors.//            Portions ©2008-2009 Apple Inc. All rights reserved.// License:   Licensed under MIT license (see license.js)// ==========================================================================
  var SC = SC || { BUNDLE_INFO: {}, LAZY_INSTANTIATION: {} };
  SC.browser = (function() {  var userAgent = navigator.userAgent.toLowerCase(),      version = (userAgent.match( /.+(?:rv|it|ra|ie)[\/: ]([\d.]+)/ ) || [])[1] ;
    var browser = {    version: version,    safari: (/webkit/).test( userAgent ) ? version : 0,    opera: (/opera/).test( userAgent ) ? version : 0,    msie: (/msie/).test( userAgent ) && !(/opera/).test( userAgent ) ? version : 0,    mozilla: (/mozilla/).test( userAgent ) && !(/(compatible|webkit)/).test( userAgent ) ? version : 0,    mobileSafari: (/apple.*mobile.*safari/).test(userAgent) ? version : 0,    chrome: (/chrome/).test( userAgent ) ? version : 0,    windows: !!(/(windows)/).test(userAgent),    mac: !!((/(macintosh)/).test(userAgent) || (/(mac os x)/).test(userAgent)),    language: (navigator.language || navigator.browserLanguage).split('-', 1)[0]  };      browser.current = browser.msie ? 'msie' : browser.mozilla ? 'mozilla' : browser.safari ? 'safari' : browser.opera ? 'opera' : 'unknown' ;  return browser ;})();
  /* >>>>>>>>>> BEGIN source/system/bench.js */// ==========================================================================// Project:   SproutCore - JavaScript Application Framework// Copyright: ©2006-2010 Sprout Systems, Inc. and contributors.//            Portions ©2008-2010 Apple Inc. All rights reserved.// License:   Licensed under MIT license (see license.js)// ==========================================================================
  // sc_require("system/browser")if (typeof _SC_performanceEvents !== "undefined") {  SC._performanceEvents = _SC_performanceEvents;  _SC_performanceEvents = undefined;} else {  SC._performanceEvents = { headStart: new Date().getTime() };}/* >>>>>>>>>> BEGIN source/system/loader.js */// ==========================================================================// Project:   SproutCore - JavaScript Application Framework// Copyright: ©2006-2009 Sprout Systems, Inc. and contributors.//            Portions ©2008-2009 Apple Inc. All rights reserved.// License:   Licensed under MIT license (see license.js)// ==========================================================================
  // sc_require("system/browser");
  SC.bundleDidLoad = function(bundle) {  var info = this.BUNDLE_INFO[bundle] ;  if (!info) info = this.BUNDLE_INFO[bundle] = {} ;  info.loaded = true ;};
  SC.bundleIsLoaded = function(bundle) {  var info = this.BUNDLE_INFO[bundle] ;  return info ? !!info.loaded : false ;};
  SC.loadBundle = function() { throw "SC.loadBundle(): SproutCore is not loaded."; };
  SC.setupBodyClassNames = function() {  var el = document.body ;  if (!el) return ;  var browser, platform, shadows, borderRad, classNames, style;  browser = SC.browser.current ;  platform = SC.browser.windows ? 'windows' : SC.browser.mac ? 'mac' : 'other-platform' ;  style = document.documentElement.style;  shadows = (style.MozBoxShadow !== undefined) ||                 (style.webkitBoxShadow !== undefined) ||                (style.oBoxShadow !== undefined) ||                (style.boxShadow !== undefined);    borderRad = (style.MozBorderRadius !== undefined) ||               (style.webkitBorderRadius !== undefined) ||              (style.oBorderRadius !== undefined) ||              (style.borderRadius !== undefined);    classNames = el.className ? el.className.split(' ') : [] ;  if(shadows) classNames.push('box-shadow');  if(borderRad) classNames.push('border-rad');  classNames.push(browser) ;  classNames.push(platform) ;  if (parseInt(SC.browser.msie,0)==7) classNames.push('ie7') ;  if (SC.browser.mobileSafari) classNames.push('mobile-safari') ;  if ('createTouch' in document) classNames.push('touch');  el.className = classNames.join(' ') ;} ;
  /* >>>>>>>>>> BEGIN bundle_loaded.js */; if ((typeof SC !== 'undefined') && SC && SC.bundleDidLoad) SC.bundleDidLoad('sproutcore/bootstrap');
  </script>
       <link href="/devicemanagement/console/sproutcore/en/a8b61437c15a278078f3fffb972489104026f783 /stylesheet-packed.css" rel="stylesheet" type="text/css" />  <link href="/devicemanagement/console/apple_theme_v2/en/63cd5f0fb706373f354a879d93bb4f0dc898 b2b2/stylesheet.css" rel="stylesheet" type="text/css" />  <link href="/devicemanagement/console/admin/en/0803f0af1163f6efa8d9d71f0cc7179d84da0f27/styl esheet.css" rel="stylesheet" type="text/css" />       <script>    SC._performanceEvents['headEnd'] = new Date().getTime();    </script>  </head>      <body class="apple-theme-v2 focus">      <script>    SC._performanceEvents['bodyStart'] = new Date().getTime();    </script><script type="text/javascript">/* >>>>>>>>>> BEGIN source/setup_body_class_names.js */// ==========================================================================// Project:   SproutCore - JavaScript Application Framework// Copyright: ©2006-2009 Sprout Systems, Inc. and contributors.//            Portions ©2008-2009 Apple Inc. All rights reserved.// License:   Licensed under MIT license (see license.js)// ==========================================================================
  // sc_resource('setup_body_class_names'); // publish into inline format
  if (SC.setupBodyClassNames) SC.setupBodyClassNames() ;
  </script>
    <script type="text/javascript" src="/devicemanagement/console/sproutcore/en/a8b61437c15a278078f3fffb972489104026f783 /javascript-packed.js"></script>  <script type="text/javascript" src="/devicemanagement/console/apple_theme_v2/en/63cd5f0fb706373f354a879d93bb4f0dc898 b2b2/javascript.js"></script>  <script type="text/javascript" src="/devicemanagement/console/admin/en/0803f0af1163f6efa8d9d71f0cc7179d84da0f27/java script.js"></script><script type="text/javascript">String.preferredLanguage = "en";</script>
    <script>  SC._performanceEvents['bodyEnd'] = new Date().getTime();  </script> </body></html>
  ...which looks fine to me. My question is: why doesn't the page show up at all (ultimately it fails)?
  I have included a screen print of my server's server.app below:
  Thanks in advance.

  I had multiple IP's set on my server, which randomly seemed to switch. It seems like there is an incompatibility still between Server Admin and server.app. Since Apple is pressing developers to test server admin and server.app I am confident those problems will resolve eventually, but for now I have deleted all-but-1 IPv4 and 1 IPv6 address (same interface), the networking interface overview for my server within Server Admin was updated and it looks like it works solid now, this was not by design I presume, so this must be another bug plaguing Lion...
  After upgrading Postgres to 9.1.3 and upgrading webmail (upgrade: usr/share/webmail) from www.roundcube.net, making a new site webmail.example.com with the files stored in /Library/Server/Web/Data/Sites/CustomSitesDefault/webmail/ I made a symbolic link from that 'directory' to the actual built in webmail facility found in /usr/share/webmail by entering the following in terminal.
  ln -s -i /usr/share/webmail/ /Library/Server/Web/Data/Sites/CustomSitesDefault/webmail/
  By doing this it will ask to remove a directory, if you didn't put any important files in there, which I presume you didn't, confirm with the letter y and press enter.
  Webmail now works every time the way I want it The same goes for Profile Manager, at least for now...

• How to configure profile manager in Maverics when DNS is externally managed?

  Are there any guides to configuring Profile Manager as a MDM?
  Here is my story.
  Recently installed  Mac mini at a school where the DNS is externally managed by the Education departments IT group.  Upgraded to Maverics and installed Server app.  Configured profile manager to the point where we could generate a trust profile and enrolment profile.  Doesn't work because there is no DNS entry for Mac mini server.   Create entry but need to change host name and computer name and local machine name to match entry.  Suddenly profile manager not working at all.  Delete server app and it's configuration file in ~/Library/.  Reinstall.  Now Profile manager won't even activate.  Speak to Apple on phone, run various commands to reinitialise Open Directory and reset profile manager.  To no avail.  Apple say to reinstall Mavericks, Server and try again.
  Funny thing is I got profile manager to work as an MDM in a test environment, but changing DNS after doing so much configuration seems to have made a real mess of things.  Vowing to make a time machine backup as soon as Mavericks re-installs.
  Anyone know of any guides other than the one on krypted.com, which appears to be for the previous version of Profile Manager.
  Stom

  In general, either your OS X Server box has a DNS translation for its address, or it doesn't. 
  If you don't have valid DNS, you will have problems with various services, as DNS is fundamental to distributed authentication and encryption, among other uses. 
  OS X Server doesn't recover well from installations that start off with DNS errors, and the wipe and reinstallation suggested by Apple is usually easier than resolving the various issues that tend to arise within the configurations of the various services.
  If your server doesn't have a valid DNS translation, then either add the DNS translation into your organization's local DNS environment, or work to retrain or replace the folks that are unwilling or unable to administer and to properly maintain local DNS services, or (far less desirably) configure and start your own parallel DNS services.  There are other options, of course. 
  I'd escalate this discussion to management, and let them sort this out — at its core, this very likely isn't a technical issue.

• How to install Corporate applications via Profile manager

  What is the correct procedure to install/push iOS applications created in our corporate apple development environment? I've read in one place that they have to be exported from the dev environment based on a specific path for the server, and then that you can't use the Lion server Profile Manager but need a 3rd party application. Any guidance is appreciated!

  You just posted to the Lion (Client) forum.  I've asked a moderator move your post.  No action is needed on your part until it is moved.  I'm not familiar with Lion Server.

• Is there a configuration option to prevent an unprivileged user from accessing the firefox profile manager and/or firefox safe mode?

  I'm designing a locked-down Firefox user profile for use on public computers (common room in an apartment building). I can use existing plugins and add-ons to prevent access to about:config and to lock down the various firefox preferences but this is moot if a user can still access the firefox profile manager or can start firefox in safe mode. Is there any configuration setting that could prevent this?

  Hi...
  Reinstalled 10.7.3 from the Combo Updater from apples website.
  The only way to reinstall the Mac OS X or repair the startup disk running v10.7.3 Lion, is to use Lion Recovery The combo update does not do that.
  How much free space on the startup disk? Not enough free space can account for the problems with your apps.
  Right or control click the MacintoshHD icon. Click Get Info. In the Get Info window you will see Capacity and Available. Make sure there's a minimum of 15% free disk space.
  and no web-pages will load.
  Try using OpenDNS as suggested here >  Safari 5.0.1 or later: Slow or partial webpage loading, or webpage cannot be found
  Use OpenDNS for better speed, more security, includes anti phishing filters, prevents browser redirects, and it's free.
  Open System Preferences / Preferences then select the Network tab. Click the Advanced tab then click the DNS tab.
  Click +
  Enter these addresses exactly as you see them here.
  208.67.222.222
  Click +
  208.67.220.220
  Then click OK.
  edited by:  cs

• Configuring the default configuration profile for Profile Manager

  Hello folks,
  I would like to edit the default configuration profile served by Profile Manger. As far as I understand the only thing I can configure from the Server.app is the name of the profile. The settings for the different services provided by the server (such Mail, Messages, etc.) are automatically chosen by Server.app. When logging as an administrator on the Profile Manager webapp, I can go to "Groups", choose "Everyone", go to "Settings" to review the different payloads. However, almost none of the settings are editable. You can read "This payload is configured using the Server app" on the top of the various panels.
  So my question is: How do you use Server to tweek those payloads? Can this be done using the serveradmin command line tool?
  Thank you very much for your help.
  Regards

  Bump. This is annoying the crap out of me. Every time I try to design a website using Coda, this color picker bug plagues me. I just wish I could turn off color profiles completely as I will never use them.

• Profile Manager - webauthd LDAP authentication

  I'm trying to make Lion Server talk to an simple OpenDS directory server.
  After jumping through a series of hoops to get everything (iChat, Directory Utility) working, I now had to look into Profile Manager.
  Now, Apple has put up a support article at http://support.apple.com/kb/HT4837 (Lion Server: Using the Profile Manager or Wiki service with Active Directory or third-party LDAP services) showing how you can change the authentication mechanism. Unfortunately
  - these are both SASL mechanisms (plaintext or digest-md5) which are disactivated on my OpenDS server
  - after just giving up and activating these mechanisms I bang into the fact that I use SHA1 as password storage scheme
  [25/Oct/2011:21:43:18 +0200] BIND RES conn=4 op=1 msgID=2 result=49 authFailureID=1245392 authFailureReason="SASL DIGEST-MD5 authentication is not possible for user uid=greg,ou=People,dc=example,dc=com because none of the passwords in the user entry are stored in a reversible form" etime=4
  There is no way I can weasel my way into a less secure password scheme due to legal constraints.
  Does anyone know how to make webauthd talk to LDAP in plain plaintext?
  Overall, integrating Lion Server in a very classic and strictly regulated data center proves to be an exercise in frustration.

  Hi
  If I understand you correctly then this is normal behaviour. MCX follows a set order of precedence. Users, Computers, Groups. A particular setting defined at Computer Group Level will override the same setting applied at Group Level and so on. Settings can accumulate. The Users Admin Manual provides all the information you could want about how managed preferences work:
  http://images.apple.com/server/macosx/docs/UserManagementv10.5.mnl.pdf
  In an AD-OD Integration environment you can't apply MCX to Users from AD directly. You can only do so if you create a Group in the LDAP node and nest AD users or better still AD groups within that Group. Generally I would create suitable Computer Groups and apply a managed setting for the Login Window and possibly Energy Saver. Every other MCX I would apply at Group level.
  Perhaps you're making it overly complex when you don't have to?
  Tony

• Is there a maximum number of devices to enroll in Profile Manager in OS X Server?

  Just wondering if there's a limit to the number of devices that should be managed using profile manager.
  I have the Mac Mini Server running the lastest version.

  There's no real maximum although there are limits in which everything on your network would start to struggle in a major way. You could use Apple's support article regarding PM's Scalability as a rough guide?:
  http://support.apple.com/kb/HT4780
  I was recently involved in a real world deployment of approx 1600 iPads and 8 MacMini Servers (200 devices per server) each in their own subnet and using PM as the MDM. It works well but only after working very, very closely with the network designer prior to roll-out. If all you're ever going to have is 100-300 devices then one server should be enough? As ever YMMV.

• Profile Manager - Remove icons in ipad and disable home button

  Hello,
  First of all sorry for my bad english.
  Im working on a project, installed LION Server with Profile Manager configured, also Enrolled my iPad, i can also push the settings in to the ipad.
  But now what i realy want, what the meaning of the project is; remove all of the icons and place only one icon (WEBCLIP) and what even will be beter is, when i boot my iPad the webclip popups by default. Is this possible guys?
  Thank you!

  It's impossible to develop an iPad app that can't be closed until some actions are done.  The iPad programmer cannot override what happens when the user presses the 'Home' button.  The 'Home' button will always tell the front application to go to the background, and if that application doesn't cooperate within a reasonable time it will be terminated.
  Bear in mind that an iPad is an overgrown iPhone.  It's always possible that someone will phone you up when you're running an app, and the app must release control and let you answer that phonecall.
  I suggest you discuss the design philosophy with whoever wants the application, remembering that computers are meant to help us do what we want to do, not boss us about.

• Profile Manager Mavericks & Active Directory Users.

  I have recently being trying to implement MDM Profile Manger to facilitate the deployment of Mavericks OSX on our domain.
  We currently run a mixed environment of Windows 7 and OSX Mountain Lion. Using Workgroup Manager with Active Directory created users. The old Workgroup manager works brilliantly the way we want it to do for Snow Leopard OSX.
  MDM however does not work in the same fashion. It might be my understanding of MDM that is misconstrued and that it doesn't do what I want or I'm not setting it up correctly.
  MDM works fine for mobile devices. The issue is with iMac's. I can send 'device' settings to my test mac and they get automatically implemented. However if I sign on as a domain user that is assigned to a group created in MDM. None of the 'profile' settings get applied.
  The test iMac I am using is first joined to AD then the OD of the MDM server.
  To enroll a device on MDM. I use the OD administrator account. I then remove the device from the OD Admin account. As each iMac needs to be logged into by various users with different levels of access. So our iMacs cannot be associated to just one user account.
  I then login to the test iMac using an AD user that is assigned to a User Group created on the MDM server. No User Group settings get applied to the test user.
  Also which is a little weird. If I assign the test iMac device to My AD user. The profile settings get applied to the local account that I accessed profile manager to enroll the device. Even though the account is not linked to the MDM in any way.
  I’m just wondering if anyone has had any success with AD users and MDM.

  Hi,
  first you should consult http://support.apple.com/kb/HT4837
  and then you have to import the specific users. You can do this in the Server.app by adding a new user an then select not new user but instead import the user from the Active Directory. I hope this helps. It is confusing
  that Lion Server does not uses the Active Directory to store the information, but instead creates a new Open Directory Master an uses augumented entries for the ADS users.
  Bye

• Profile management meta tables list

  Hi ,
  Does anyone has the complete list of the profile management meta tables ?
  Thanks in advance.
  Dennis

  Hi,
  Apply this "patch" on your Demo environment and you will have all ERD's based on component/pages including Profile Management.
  PeopleSoft Enterprise Human Capital Management 9.1 Entity Relationship Diagrams [ID 968850.1]
  https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=REFERENCE&id=968850.1
  Regards,
  Hakan

• In Profile Manager, Can I assign users to ONLY a specific Device Group?

  In profile Manager (Lion Server 10.7.3) I created DEVICE GROUPS per Lab, and each Lab has a manager. I want to give each manager permissions to see and manage ONLY their devices. Is this possible?

  I'm not sure this was ever designed to be user friendly as typically only Admins or those with elevated permissions would see these groups.  There isn't as far as I can see, any way to add this step within a Wokflow too, unless you're able to install
  some third party steps.
  Steven Andrews
  SharePoint Business Analyst: LiveNation Entertainment
  Blog: baron72.wordpress.com
  Twitter: Follow @backpackerd00d
  My Wiki Articles:
  CodePlex Corner Series
  Please remember to mark your question as "answered" if this solves (or helps) your problem.