Profile Manager Notifications
Hello guys,
do you happen to know if there is an option to enable email notifications when a new client is added to MyDevices from the portal (https://servername/mydevices)?
i would like to know when a new client is added...
Thanks in advance...
Regards!!!
Anyone??
Similar Messages
-
Cisco Notification Service - Profile Manager "anyone use this service"?
Hello
We are undergoing a WAN analysis and one of the questions was "Do we receive field notices on IOS or hardware from Cisco"?
We don't and I don't want to receive evrey notice on all products
Does anyone have any insight into this service?
Can it be tweaked so that I only receive notices on products that I have purchased or cross referenced with my Cisco Contracts?Hello,
Not ure if you got the right answer. YOu dont need port profile manager on 2.2 version The documents you a refering dont state that. Use the below
link
Background on VMFEX Hyper-V:
Prerequisites needed in order to configure VM-FEX with Hyper-V :
2.1 Release :
• UCS Software
• 2.1 Infra Bundle & Adapter firmware
• Cisco ENIC driver for Windows Server 2012 (Same driver for hypervisor and VM)
• Cisco Port Profile Management Snap-in used to attach/detach port profiles à “VM-FEX_TOOLS_64_2.0.18.msi”
• Microsoft Software
• Windows Hyper-V 2012
• VM-FEX on Hyper-V only support windows 2012 VMs
2.2(1) Release
• UCS Software
• 2.2(1) Infra Bundle & Adapter firmware
• Cisco ENIC driver for Windows Server 2012 (Same driver for hypervisor and VM)
• Microsoft Software
• SCVMM 2012 SP1
• Windows Hyper-V 2012 SP1
2.2(2) Release
• UCS Software
• 2.2(2) Infra Bundle & Adapter firmware
• Cisco ENIC driver for Windows Server 2012 (Same driver for hypervisor and VM)
• Microsoft Software
• SCVMM 2012 SP1 and R2
• Windows Hyper-V 2012 SP1 and R2
For 2.2 release and above….please use this link : http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/vm_fex/hyperv/gui/config_guide/2-2/b_GUI_Hyper-V_VM-FEX_UCSM_Configuration_Guide_2_2/b_GUI_Hyper-V_VM-FEX_UCSM_Configuration_Guide_2_2_1_chapter_01.html
Hope this helps
Venky -
I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
DVD>Disk Utility>Erase Disk [or Recovery Partition>Disk Utility>Erase Partition]
DVD>Install Lion
Reboot, hopefully Lion install kicks in
Update, update, update Lion (NOT Lion Server yet) until no more updates
System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
Terminal>$ sudo scutil --set HostName server.domain.com
App Store>Install Lion Server and run through the Setup
Download install Server Admin Tools, then update, update, update until no more updates
Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
A few DNS set-up steps and these most important steps:
A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
I. Test from web browser server.domain.com/mydevices: Lock Device to test
J. ??? Profit
12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
Firewall
Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
SSH
Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
client$ ssh-keygen -t rsa -b 2048 -C client_name
[Securely copy ~/.ssh/id_rsa.pub from client to server.]
server$ cat id_rsa.pub > ~/.ssh/known_hosts
I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
$ diff denyhosts.cfg-dist denyhosts.cfg
12c12
< SECURE_LOG = /var/log/secure
> #SECURE_LOG = /var/log/secure
22a23
> SECURE_LOG = /var/log/secure.log
34c35
< HOSTS_DENY = /etc/hosts.deny
> #HOSTS_DENY = /etc/hosts.deny
40a42,44
> #
> # Mac OS X Lion Server
> HOSTS_DENY = /private/etc/hosts.deny
195c199
< LOCK_FILE = /var/lock/subsys/denyhosts
> #LOCK_FILE = /var/lock/subsys/denyhosts
202a207,208
> LOCK_FILE = /var/denyhosts/denyhosts.pid
> #
219c225
< ADMIN_EMAIL =
> ADMIN_EMAIL = [email protected]
286c292
< #SYSLOG_REPORT=YES
> SYSLOG_REPORT=YES
Network Accounts
User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
Oh well.
Email
Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
root: myname
admin: myname
sysadmin: myname
certadmin: myname
webmaster: myname
my_alternate: myname
Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
cd /etc/postfix
sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
sudo serveradmin stop mail
sudo serveradmin start mail
Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
iCal Server
Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
Web
The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
$ diff httpd.conf.default httpd.conf
95c95
< #LoadModule ssl_module libexec/apache2/mod_ssl.so
> LoadModule ssl_module libexec/apache2/mod_ssl.so
111c111
< #LoadModule php5_module libexec/apache2/libphp5.so
> LoadModule php5_module libexec/apache2/libphp5.so
139,140c139,140
< #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
< #LoadModule encoding_module libexec/apache2/mod_encoding.so
> LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
> LoadModule encoding_module libexec/apache2/mod_encoding.so
146c146
< #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
> LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
177c177
< ServerAdmin [email protected]
> ServerAdmin [email protected]
186c186
< #ServerName www.example.com:80
> ServerName domain.com:443
677a678,680
> # Server-specific configuration
> # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
> Include /etc/apache2/mydomain/*.conf
I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
Alias /eyetv /Users/uname/Sites/EyeTV
<Directory "/Users/uname/Sites/EyeTV">
AuthType Digest
AuthName "EyeTV"
AuthUserFile /Users/uname/.htdigest
AuthGroupFile /dev/null
Require user uname
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
<Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
AuthType Digest
AuthName "EyeTV"
AuthUserFile /Users/uname/.htdigest
AuthGroupFile /dev/null
Require user uname
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
User-agent: *
Disallow: /
Misc
VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.Privacy Enhancing Filtering Proxy and SSH Tunnel
Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
$ ./ssht 8080:[email protected]:3128
$ ./ssht 8080:alice@:
$ ./ssht 8080:
$ ./ssht 8018::8123
$ ./ssht 5901::5900 [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
$ vi ./ssht
#!/bin/sh
# SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
USERNAME_DEFAULT=username
HOSTNAME_DEFAULT=domain.com
SSHPORT_DEFAULT=22
# SSH port forwarding specs, e.g. 8080:localhost:3128
LOCALHOSTPORT_DEFAULT=8080 # Default is http proxy 8080
REMOTEHOST_DEFAULT=localhost # Default is localhost
REMOTEPORT_DEFAULT=3128 # Default is Squid port
# Parse ssh port and tunnel details if specified
SSHPORT=$SSHPORT_DEFAULT
TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
while [ "$1" != "" ]
do
case $1
in
-p) shift; # -p option
SSHPORT=$1;
shift;;
*) TUNNEL_DETAILS=$1; # 1st argument option
shift;;
esac
done
# Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
shopt -s extglob # needed for +(pattern) syntax; man sh
LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
USERNAME=$USERNAME_DEFAULT
HOSTNAME=$HOSTNAME_DEFAULT
REMOTEHOST=$REMOTEHOST_DEFAULT
REMOTEPORT=$REMOTEPORT_DEFAULT
# LOCALHOSTPORT
CDR=${TUNNEL_DETAILS#+([0-9]):} # delete shortest leading +([0-9]):
CAR=${TUNNEL_DETAILS%%$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR%:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
LOCALHOSTPORT=$CAR
fi
TUNNEL_DETAILS=$CDR
# REMOTEPORT
CDR=${TUNNEL_DETAILS%:+([0-9])} # delete shortest trailing :+([0-9])
CAR=${TUNNEL_DETAILS##$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR#:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
REMOTEPORT=$CAR
fi
TUNNEL_DETAILS=$CDR
# REMOTEHOST
CDR=${TUNNEL_DETAILS%:*} # delete shortest trailing :*
CAR=${TUNNEL_DETAILS##$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR#:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
REMOTEHOST=$CAR
fi
TUNNEL_DETAILS=$CDR
# USERNAME
CDR=${TUNNEL_DETAILS#*@} # delete shortest leading +([0-9]):
CAR=${TUNNEL_DETAILS%%$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR%@} # delete @
if [ "$CAR" != "" ] # leading or trailing port specified
then
USERNAME=$CAR
fi
TUNNEL_DETAILS=$CDR
# HOSTNAME
HOSTNAME=$TUNNEL_DETAILS
if [ "$HOSTNAME" == "" ] # no hostname given
then
HOSTNAME=$HOSTNAME_DEFAULT
fi
ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
&& echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
|| echo "SSH tunnel FAIL." -
Dns problems setting up profile manager
i have been experimenting setting up OS X Server (10.8) on a new Mac mini on a network with Time Capsule. server's host name is "server.me.private" at IP address 192.168.1.100 , Time Machine DHCP server address is 192.168.1.1 .
Open Directory and Profile Manger are on in Server.app. (Profile Management: Enabled, Signing config profiles using the Apple Certified Push Certificate, w/ Apple push notifications on in Server settings.)
I can not, however, get Profile Manager to open and connect in a browser using "server.me.private/profilemanager" from either the mini itself or from another mac on the nework. i can get a brower to connect to Profile Manager using "192.168.1.100/profilemanager" but after successfully logging in, the browser is redirected to a "server.me.private/..." address and shows connection failure.
i HAVE gotten a browser to connect and function properly by changing the DNS Server in the the Network System Preferences on that specific Mac from "192.168.1.1" to "192.168.1.100". (DNS in Server.app, for the record is also on in this instance, forwarding server to 192.168.1.1 ) this, howerver, is a pain and also doesn't work trying to connect an iOS device.
i'm definitely missing something here. it seems to me that the Time Capsule should remain the DNS Server for the network and forward "server.me.private" to "192.168.1.100". it is not doing this, and there are no options for setting this with Airport Utility.
some light on this subject would be greatly appreciated. Thanks very much!thanks very much for your thoughts and reply, Thomas.
if i were to change the Time Capsule to use the Mini as the primary DNS server, is this where i'd do it in Airport Utility?
but it won't let me change the DNS Servers fields here. and if i can change the DNS Serever to my Mini's 192.168.1.100, what address should i keep for the second DNS Server?
Thanks again! -
I need to set up Profile Manager on a completely closed network that has no Internet access at all. I can sneaker-net files into the network if I need to.
Profile Manager (and Lion Server in general) seems to need outside access to complete setup and I've been unable to find any meaningful answers.
Does anyone any any ideas?
Thanks to allyou could try it without enabling apple push notifications in server
you wont' be able to push out profiles without enabling apple push notification
but users could download them, or you could install manually, e-mail etc -
Profile Manager, Push, Kerberos and other oddities
Hey all,
First time setting up a Mac Server on our network, thought we'd give Lion a try since we're seeing more and more Macs make their way into our ranks. I'm having issues with the following areas, hopefully someone could shed some light.
Push
I can't for the life of me get push to work behind our Firewall. I opened up TCP Port 5223 as outlined in the Apple Docs but that doesn't get me anywhere. Do I need to NAT that port to the lion server? I thought that push sent notifications down to individual machines and then they went and grabbed the new config from the server? How does a firewall with NAT know what machine to send the notification to? Any help would be appreciated.
Also, what are you supposed to manage users with, the Work Group Manager or the Profile Manager. It seems like apple is moving away from the WGM style of management, although you can't do everything in PM, like setting up home folders etc. Very confusing to a novice.
Email Addresses in Profile Manager configurations and Webmail.
I might be missing something really simple here, but no matter what I do the Profile Manager spits out a default payload for email with our FQDN as the email address for the user ([email protected]). I have set the local alias and checked the checkbox to allow our example.com domain to work. Manually setting the email address to [email protected] works just find. I'm a bit bothered that everytime I push a configuration out to a device I'll have to go back in and manually change the email address. Has anyone figured out how to change that?
In webmail it always lists the email address as [email protected] instead of [email protected]. You can go in and edit the identity and all is right with the world, but that's sort of a pain? Seems like common sense that you could set that as the default.
Kerberos
I was excited to get a Single Sign On solution going for our users since it would come in handy, however, straight out of the box it just doesn't work.I'm also not sure what to look for in the logs to make sure that things are working smoothly. I'm joinging the client machines to the server by going into users and clicking join. Selecting the server from the drop down and hitting submit. Do I have to set up a search order and all that jazz or is that set up automatically then. I can see that I'm getting tickets with the Ticket Viewer but I'm still getting prompted for passwords in mail, ichat, AFP etc. Close to giving up on that front.
Any help or general words of encouragement appreciated.Push
You've opened the secure iChat port to have push notifications working? Take a look here for the right ports:
http://help.apple.com/advancedserveradmin/mac/10.7/#apdCA9A73CE-5F0C-4BDC-93E8-2 952C362FA3E.
On that page are all port numbers you need to forward to your server.
Email
The addresses being displayed as [email protected] is a bug in Lion Server in my opinion, you can file a bug report at apple.com/feedback.
Kerberos
Is as poorly documented as invisible in OS X Lion Server. Single Sign-On is a great tool for making services more user-friendly, it should be top of mind at Apple. You can file an enhancement request at apple.com/feedback.
Regards,
Mark -
Lion Server Profile Manager Configuration
Hi Guys,
Currently have been testing Lion Server and Profile Manager Configuration.
So Far Have setup
Lion with Server App and Server Admin Tools
Configured Open Directory Master and enabled SSL on LDAP
Once Configured OD has created a CA Certificate can use for Profile Manager
Have Enabled in Server.app Web and Profile manager
In SSL Certificate Configuration have set CA Certificate for Web and Enabled Apple push notifications with my apple ID
In Profile Manager Enabled Device Management and Enabled Sign configuration profiles and selected CA Open Directory Certificate Created when setting up OD Master.
On Server Originally could install Trust Profile OK and Enroll Server OK with no issues, but on any other 10.7 Devices could install Trust Profile OK but would always say unsigned and Enroll would never work or just hang.
Now Since Played around with settings on 10.7 Server can no longer enroll but trust OK.
Questions have is
For SSL and Profile Manager to work properly as well as Certificates do you require to purchase a proper SSL Certificate or can we use the OD Master Certificate that gets created. All we are testing is on the Local LAN so don't want to get a SSL certificate from the internet.
Also why cannot 10.7 clients trust profile and enroll Devices Properly? How do I get this working properly?
Any ideas?
Regards,
Shanetaubmas wrote:
Not sure if its that as finally got Lion Server working on a VM setup so network shouldn't be an issue...
Had 1 OSX Lion Server VM and 1 OSX Lion Client VM and OSX Lion Server VM gets profile and enrolls device fine but again OSX client doesn't get enroll just sits again at installing..... even if set keychain to trust and make trust profile verified..
any other ideas? I think need to somehow get the server to trust trust profile by default instead of going to keychain all the time.
Shane
Did you get this to work in an ESXI envrionment? If so, which version are you running? -
Suggestion. Application for Ringtone Profile Manag...
One of the functions that I used to use a lot on Nokia N8 Belle is the Ringtone Profile Manager. The possibility to create different profiles and scheduled them to change at a certain time of the day.
For example, I´ve created a Sleep profile with no sounds, notifications, also that puts the phone on Battery Saver mode (using Situations app) that I activated when I was going to sleep, and scheduled to end and change back to normal at 7:15 AM, just before the time I´ve set the alarm to wake up.
It was a very usefull function.You need to understand Symbian is dead and buries and Windows Phone is not Symbian. Sure it had it's perks and had some nice/great features. It was also a pita to maintain and update. It died for good reason.
There will always be stuff in old hardware and software we like. It is what it is and times change. Apps are here to enhance what we do with our phone on a day to day basis. much can now be done using the new API and it will be far more productive to converse wih app developers who work on/have apps that approach what we like. Much of what you and other seem to want would be completely irrelevant to others and this is where the apps come in.
Click on the blue Star Icon below if my advice has helped you or press the 'Accept As Solution' link if I solved your problem.. -
Os x Server 3.1 breaks Profile Manager
Hi all,
since i update to server 3.1, the Profile Manager wont start.
In the ive got these Error:
0:: [245] [2014/03/20 20:15:14.725] Waiting for postgres to startup....
0:: [245] [2014/03/20 20:15:18.445] +[PGConnection reloadPreferences]: DBDebug = NO, DBLogNotices = NO, DBLogSQL = NO, DBMonitor = NO
0:: [245] [2014/03/20 20:15:29.432] Profile Manager service STOPPED
1:: [245] [2014/03/20 20:15:29.927] Incoming request: noOp
1:: [245] [2014/03/20 20:15:29.928] Incoming request: getWebAppState
1:: [245] [2014/03/20 20:15:29.963] Registering for network reachability notifications to "gateway.push.apple.com".
0:: [245] [2014/03/20 20:15:29.981] Profile Manager service stopped.
0:: [245] [2014/03/20 20:15:29.987] APNS topic = com.apple.mgmt.XServer.dcbf90a0-c0ba-4dee-bcb6-39de366d4e87
1:: [245] [2014/03/20 20:15:30.681] >>> networkSettingsChanged: "gateway.push.apple.com" is apparently reachable (flags = 0x2)
1:: [245] [2014/03/20 20:16:03.409] Incoming request: getWebAppState
0:: [245] [2014/03/20 20:16:03.727] Profile Manager service stopped.
1:: [245] [2014/03/20 20:16:07.547] Incoming request: readSettings
1:: [245] [2014/03/20 20:16:07.798] Incoming request: readAppDistributionSettings
1:: [245] [2014/03/20 20:16:07.856] Incoming request: readSimplifiedDeviceEnrollmentSettings
1:: [245] [2014/03/20 20:25:39.511] Incoming request: readSettings
1:: [245] [2014/03/20 20:25:39.578] Incoming request: readAppDistributionSettings
1:: [245] [2014/03/20 20:25:39.637] Incoming request: readSimplifiedDeviceEnrollmentSettings
1:: [245] [2014/03/20 20:25:40.054] Incoming request: readSettings
1:: [245] [2014/03/20 20:25:40.116] Incoming request: readAppDistributionSettings
1:: [245] [2014/03/20 20:25:40.170] Incoming request: readSimplifiedDeviceEnrollmentSettings
1:: [245] [2014/03/20 20:25:41.165] Incoming request: writeSettings
0:: [245] [2014/03/20 20:25:41.508] -[NSString(devicemgr_Additions) dateFromOpenSSLString]: 'Jan 27 19:45:36 2015 GMT'
0:: [245] [2014/03/20 20:25:41.672] -[Settings setSigningState:]: self.signing_org = cgrx
0:: [245] [2014/03/20 20:25:41.679] Loaded strings for locale 'de'.
0:: [245] [2014/03/20 20:25:42.105] EXCEPTION: Postgres <-[PGConnection executeSQL:withParams:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-864.18/Compiled/Fra mework-Models/Postgres/PGConnection.m:421): "Postgres error 23503 (ERROR: insert or update on table "internal_tasks" violates foreign key constraint "internal_tasks_internal_task_id_fkey"
DETAIL: Key (internal_task_id)=(4) is not present in table "internal_tasks".
CONTEXT: SQL statement "INSERT INTO internal_tasks (internal_task_id, profile_substitution_cache_id) VALUES(p_it_id, psc.id) RETURNING id"
PL/pgSQL function _dm_internal_psc_generation_task(profile_substitution_caches,integer,integer) line 19 at SQL statement
SQL statement "SELECT _dm_internal_psc_generation_task(p, NEW.signing_certificate_id)
FROM profile_substitution_caches AS p
WHERE p.profile_cache IS NOT NULL
AND p.signing_certificate_id <> NEW.signing_certificate_id"
PL/pgSQL function _dm_trigger_after_settings_update() line 30 at PERFORM
)">
0:: [245] [2014/03/20 20:25:42.108] Caught unhandled exception -[PGConnection executeSQL:withParams:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-864.18/Compiled/Fra mework-Models/Postgres/PGConnection.m:421): "Postgres error 23503 (ERROR: insert or update on table "internal_tasks" violates foreign key constraint "internal_tasks_internal_task_id_fkey"
DETAIL: Key (internal_task_id)=(4) is not present in table "internal_tasks".
CONTEXT: SQL statement "INSERT INTO internal_tasks (internal_task_id, profile_substitution_cache_id) VALUES(p_it_id, psc.id) RETURNING id"
PL/pgSQL function _dm_internal_psc_generation_task(profile_substitution_caches,integer,integer) line 19 at SQL statement
SQL statement "SELECT _dm_internal_psc_generation_task(p, NEW.signing_certificate_id)
FROM profile_substitution_caches AS p
WHERE p.profile_cache IS NOT NULL
AND p.signing_certificate_id <> NEW.signing_certificate_id"
PL/pgSQL function _dm_trigger_after_settings_update() line 30 at PERFORM
1:: [245] [2014/03/20 20:25:53.541] Incoming request: readSettings
1:: [245] [2014/03/20 20:25:53.605] Incoming request: readAppDistributionSettings
1:: [245] [2014/03/20 20:25:53.664] Incoming request: readSimplifiedDeviceEnrollmentSettingsGreat, now i have a new problem:
sudo /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/wipeDB .sh
Password:
*** Failed to create/update new Profile Manager database! ***
*** Please check /Library/Logs/ProfileManager/migration_tool.log ***
*** for more information. Profile Manager will be non-functional ***
*** until a new database can be successfully created/updated. ***
[1034] [2014/03/23 09:56:07.266] -[SULogFileCollection setGlobalLogLevelPrefix:]: YES
0:: [1034] [2014/03/23 09:56:07.268]
migration_tool-864.18 (PID:1034, OS:13C64, SERVER:13S4138, ARCH:x86_64) starting
LA: migration_tool --wipeDB
Log verbosity level = 1
UID = 220, EUID = 220
1:: [1034] [2014/03/23 09:56:13.050] DropPostgresDatabase RESULT:
————————+—————————————————————————————————————————————————————————————————————— —————————————————————————————————————————————————————————————
COMMAND | /Applications/Server.app/Contents/ServerRoot/usr/bin/dropdb devicemgr_v2m0 -h /Library/Server/ProfileManager/Config/var/PostgreSQL
WD | /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr
————————+—————————————————————————————————————————————————————————————————————— —————————————————————————————————————————————————————————————
STATUS | 1
————————+—————————————————————————————————————————————————————————————————————— —————————————————————————————————————————————————————————————
STDERR | dropdb: database removal failed: ERROR: database "devicemgr_v2m0" is being accessed by other users
| DETAIL: There are 10 other sessions using the database.
————————+—————————————————————————————————————————————————————————————————————— —————————————————————————————————————————————————————————————
STDOUT |
————————+—————————————————————————————————————————————————————————————————————— —————————————————————————————————————————————————————————————
0:: [1034] [2014/03/23 09:56:13.050] EXCEPTION: !IF <void DropPostgresDatabase(NSString *__strong) (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-864.18/Compiled/Fra mework-Base/Support/PGUtilities.m:81): "'((status != 0))'">
0:: [1034] [2014/03/23 09:56:13.052] Terminating on unhandled exception void DropPostgresDatabase(NSString *__strong) (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-864.18/Compiled/Fra mework-Base/Support/PGUtilities.m:81): "'((status != 0))'", ? | 140735467216501
? | 4437587723
? | 4437841481
? | 4437841694
? | 4437434900
? | 140735464949245
? | 2
0:: [1034] [2014/03/23 09:56:13.053] ShutdownMigrator: 2014-03-23 08:56:13 +0000
0:: [1034] [2014/03/23 09:56:13.053] BYE -
Profile Manager Parental Controls
I have been attempting to use the Profile Manger to set Parental Controls for the kids accounts. I created a Kids group and both of my children's accounts belong the Kids group. When I install the profile, it shows as successfully installed, but the Parental Controls are not affected. I have tried both network accounts and local account. If I set options on the Dock everything applies and works as expected, but when I try to set Parental Controls the settings seem to not take affect.
Because my router is not in a position to block Internet addresses that I have set up the Profile Manager. So far so good, it all works except for the parental control. Local Wi-Fi I have all the iPhone's, iPad's, iPod's and iMac's added in the Profile Manager and logged over the https address. / / Server.local / mydevices. The settings sent successful (set server account) via push notification . But the parental control has no effect on the device. The value "True" under parental control is evident, i have outside of the clients and mobile devices full access to Internet. On the Internet I could not find on the subject.
-
Server 4.0 stuck on "Updating Profile Manager service"
Updated my Mac mini server to Yosemite, bought server 4.0 and installed it.
Then started the update procedure, but the progress bar only goes half, then stuck at "Updating Profile Manager service".
Waited for more than an hour, no progress. Killed the update and tried again, but the same result.
Anyone a solution ?
Greetings
RobinUSER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 7898 0.4 0.1 2543068 9704 ?? Ss 12:09AM 0:13.98 servermgr_config
root 9368 0.0 0.1 2509172 7064 ?? Ss 12:57AM 0:00.03 servermgr_devicemgr
root 9367 0.0 0.1 2479968 5988 ?? Ss 12:57AM 0:00.01 /Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin settings de
root 9366 0.0 0.1 2504004 6456 ?? Ss 12:57AM 0:00.02 servermgr_caching
root 9364 0.0 0.1 2506564 6456 ?? Ss 12:57AM 0:00.02 servermgr_afp
root 9361 0.0 0.1 2515608 7372 ?? Ss 12:57AM 0:00.04 servermgr_accounts
root 9359 0.0 0.1 2473460 5704 ?? Ss 12:57AM 0:00.01 /Applications/Server.app/Contents/ServerRoot/usr/libexec/server_backup/server
root 9357 0.0 0.1 2501928 6340 ?? Ss 12:57AM 0:00.02 /Applications/Server.app/Contents/ServerRoot/usr/sbin/ServerBackup -cmd backu
root 9356 0.0 0.2 2543828 14220 ?? Ss 12:57AM 0:00.18 /System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd
osxadmin 9354 0.0 0.2 2625500 15884 ?? S 12:56AM 0:00.28 /System/Library/CoreServices/RemoteManagement/ScreensharingAgent.bundle/Conte
root 9353 0.0 0.4 2543064 35048 ?? Ss 12:56AM 0:00.56 /System/Library/CoreServices/RemoteManagement/screensharingd.bundle/Contents/
osxadmin 9349 0.0 0.1 2536468 7612 ?? S 12:48AM 0:00.13 /System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/XPCServices/com
osxadmin 9297 0.0 0.1 2508888 6912 ?? S 12:19AM 0:00.06 /usr/libexec/secinitd
_teamsserver 9179 0.0 0.0 2506080 1128 ?? S 12:10AM 0:00.01 /usr/sbin/cfprefsd agent
root 8990 0.0 0.1 2539648 7660 ?? Ss 12:09AM 0:00.08 /Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventsDaemon
root 8706 0.0 0.0 2441984 1320 ?? S 12:09AM 0:00.03 chmod u=rwX,go=rX /Library/Server/ProfileManager/ /Library/Server/ProfileMana
root 8700 0.0 0.0 2433020 712 ?? S 12:09AM 0:00.01 /usr/bin/xargs chmod u=rwX,go=rX
root 8617 0.0 0.1 2540700 8900 ?? Ss 12:09AM 0:00.63 /Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent
root 8555 0.0 0.0 2456924 1084 ?? S 12:09AM 0:00.02 /bin/bash /Applications/Server.app/Contents/ServerRoot/usr/libexec/deviceMana
osxadmin 8165 0.0 0.1 2520636 5600 ?? S 12:09AM 0:00.02 /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/Resources/hel
root 8054 0.0 0.1 2538892 6544 ?? Ss 12:09AM 0:00.33 /sbin/emond
root 7957 0.0 0.0 2536904 2792 ?? Ss 12:09AM 0:00.02 /Applications/Server.app/Contents/ServerRoot/System/Library/PrivateFrameworks
root 7953 0.0 0.1 2537432 8060 ?? Ss 12:09AM 0:03.62 /Applications/Server.app/Contents/ServerRoot/usr/libexec/servermetricsd.app/C
root 7897 0.0 0.1 2540880 7676 ?? Ss 12:09AM 0:00.20 /Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/Serv
root 7892 0.0 0.3 2554524 27428 ?? Ss 12:09AM 0:00.71 /Library/PrivilegedHelperTools/com.apple.serverd
osxadmin 7824 0.0 0.5 2639788 39372 ?? S 12:08AM 0:02.14 /Applications/Server.app/Contents/MacOS/Server
root 7755 0.0 0.1 2477248 5628 ?? Ss 12:00AM 0:00.03 /System/Library/CoreServices/SubmitDiagInfo server-init
osxadmin 7716 0.0 0.1 2500704 6352 ?? S 11:56PM 0:00.04 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framewo
osxadmin 6929 0.0 0.1 2496904 6576 ?? Ss 10:15PM 0:00.05 /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/XPCService
_assetcache 6911 0.0 0.0 2470496 2680 ?? S 10:15PM 0:00.01 /System/Library/PrivateFrameworks/TCC.framework/Resources/tccd
_assetcache 6908 0.0 0.1 2544348 6100 ?? Ss 10:15PM 0:00.19 /System/Library/CoreServices/AssetCacheLocatorService
_softwareupdate 6907 0.0 0.1 2538904 8008 ?? Ss 10:15PM 0:00.19 /System/Library/CoreServices/Software Update.app/Contents/Resources/softwareu
root 6906 0.0 0.3 2555692 23160 ?? Ss 10:15PM 0:00.70 /System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
osxadmin 5521 0.0 0.0 2538972 3200 ?? S 7:15PM 0:00.03 /System/Library/PrivateFrameworks/CloudServices.framework/Resources/com.apple
osxadmin 5451 0.0 0.0 2464092 1412 s000 S 7:10PM 0:00.31 -bash
root 5450 0.0 0.0 2497452 2880 s000 Ss 7:10PM 0:00.08 login -pf osxadmin
osxadmin 5448 0.0 0.8 2731008 68600 ?? U 7:10PM 0:49.51 /Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
osxadmin 4533 0.0 1.4 2699644 117024 ?? S 4:38PM 1:37.34 /Applications/Utilities/Console.app/Contents/MacOS/Console
root 4102 0.0 0.0 2500124 4012 ?? Ss 4:19PM 0:00.11 /System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/
osxadmin 4098 0.0 0.2 2584668 15648 ?? S 4:19PM 0:00.35 /System/Library/PrivateFrameworks/Noticeboard.framework/Versions/A/Resources/
osxadmin 4097 0.0 0.2 2581536 16692 ?? S 4:19PM 0:00.14 /System/Library/PrivateFrameworks/CloudServices.framework/Resources/EscrowSec
root 4030 0.0 0.0 2477408 740 ?? SNs 4:18PM 0:00.01 /usr/libexec/periodic-wrapper daily
osxadmin 3313 0.0 0.0 2514460 3480 ?? S 1:36PM 0:00.04 /System/Library/PrivateFrameworks/KerberosHelper/Helpers/DiskUnmountWatcher
osxadmin 3139 0.0 0.1 2496048 6236 ?? S 1:09PM 0:00.03 /usr/libexec/USBAgent
_devicemgr 1736 0.0 0.0 2477408 848 ?? S 12:45PM 0:00.01 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framewo
_devicemgr 1688 0.0 0.0 2505312 3664 ?? S 12:45PM 0:00.02 /System/Library/PrivateFrameworks/TCC.framework/Resources/tccd
root 1591 0.0 0.1 2499324 6392 ?? Ss 12:41PM 0:00.03 /usr/sbin/spindump
root 1585 0.0 0.0 2478972 1864 ?? Ss 12:41PM 0:01.46 /usr/libexec/systemstatsd
_calendar 1480 0.0 0.0 2506336 3660 ?? S 12:40PM 0:00.03 /System/Library/PrivateFrameworks/TCC.framework/Resources/tccd
_teamsserver 1444 0.0 0.0 2506860 3692 ?? U 12:40PM 0:00.03 /System/Library/PrivateFrameworks/TCC.framework/Resources/tccd
root 359 0.0 0.0 2489696 904 ?? S 12:39PM 0:00.13 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framewo
osxadmin 344 0.0 0.1 2516508 7020 ?? S 12:39PM 0:00.11 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framewo
_spotlight 343 0.0 0.1 2517340 10008 ?? S 12:39PM 0:12.24 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framewo
_spotlight 342 0.0 0.0 2514844 1464 ?? S 12:39PM 0:00.11 /usr/sbin/distnoted agent
osxadmin 340 0.0 0.0 2477408 868 ?? S 12:38PM 0:00.03 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framewo
osxadmin 339 0.0 0.2 2568464 16968 ?? Ss 12:38PM 0:00.11 /Applications/Reminders.app/Contents/PlugIns/com.apple.RemindersNC.appex/Cont
osxadmin 337 0.0 0.1 2504212 7612 ?? S 12:38PM 0:00.07 /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/
osxadmin 336 0.0 0.2 2581648 12972 ?? S 12:38PM 0:00.14 /System/Library/PrivateFrameworks/CommerceKit.framework/Resources/LaterAgent.
osxadmin 335 0.0 0.1 2544580 12160 ?? S 12:38PM 0:00.90 /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/
osxadmin 334 0.0 0.1 2505780 6432 ?? S 12:38PM 0:00.03 /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/
osxadmin 325 0.0 0.1 2541832 8536 ?? S 12:38PM 0:00.10 /System/Library/Frameworks/InputMethodKit.framework/Versions/A/XPCServices/co
osxadmin 323 0.0 0.2 2598344 16280 ?? U 12:38PM 0:01.31 /System/Library/Services/AppleSpell.service/Contents/MacOS/AppleSpell -psn_0_
osxadmin 318 0.0 0.0 2514056 3992 ?? S 12:38PM 0:00.04 /System/Library/PrivateFrameworks/CommunicationsFilter.framework/CMFSyncAgent
osxadmin 317 0.0 0.1 2495524 9200 ?? Ss 12:38PM 0:00.02 /System/Library/CoreServices/NotificationCenter.app/Contents/XPCServices/com.
root 316 0.0 0.0 2535732 2980 ?? Ss 12:38PM 0:00.03 /System/Library/CoreServices/CrashReporterSupportHelper server-init
root 315 0.0 0.0 2507868 3724 ?? Ss 12:38PM 0:00.06 /System/Library/PrivateFrameworks/CoreSymbolication.framework/coresymbolicati
root 314 0.0 0.1 2550164 5268 ?? Ss 12:38PM 0:00.44 /usr/libexec/sandboxd -n PluginProcess -n
osxadmin 312 0.0 0.1 2537416 11976 ?? S 12:38PM 0:00.04 /System/Library/PrivateFrameworks/Notes.framework/Versions/A/XPCServices/com.
osxadmin 311 0.0 0.0 2516156 3932 ?? S 12:38PM 0:00.05 /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeych
osxadmin 308 0.0 0.2 2540828 16264 ?? S 12:38PM 0:00.38 /usr/libexec/fmfd
osxadmin 307 0.0 0.2 2543012 17632 ?? S 12:38PM 0:00.54 /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/
osxadmin 304 0.0 0.1 2537712 6356 ?? S 12:38PM 0:00.08 /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app/Contents/MacOS/iTune
osxadmin 303 0.0 0.2 2547160 16320 ?? Ss 12:38PM 0:00.94 /System/Library/CoreServices/Spotlight.app/Contents/XPCServices/com.apple.met
osxadmin 300 0.0 0.1 2537608 8956 ?? S 12:38PM 0:00.33 /System/Library/CoreServices/diagnostics_agent
osxadmin 299 0.0 0.1 2573092 11436 ?? S 12:38PM 0:00.11 /System/Library/CoreServices/WiFiAgent.app/Contents/MacOS/WiFiAgent
osxadmin 296 0.0 0.1 2538156 6000 ?? S 12:38PM 0:00.12 /System/Library/CoreServices/cloudpaird
osxadmin 295 0.0 0.1 2537144 11892 ?? S 12:38PM 0:00.05 /System/Library/PrivateFrameworks/AskPermission.framework/Versions/A/Resource
osxadmin 293 0.0 0.2 2542076 15044 ?? S 12:38PM 0:00.29 /System/Library/CoreServices/AppleIDAuthAgent
osxadmin 291 0.0 0.3 2620956 25636 ?? S 12:38PM 0:00.78 /System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/Notificati
osxadmin 289 0.0 0.2 2581580 17304 ?? S 12:38PM 0:00.13 /System/Library/CoreServices/Keychain Circle Notification.app/Contents/MacOS/
osxadmin 287 0.0 0.1 2537088 7168 ?? S 12:38PM 0:00.09 /System/Library/CoreServices/SocialPushAgent.app/Contents/MacOS/SocialPushAge
osxadmin 284 0.0 0.0 2506296 3584 ?? S 12:38PM 0:00.02 /usr/libexec/spindump_agent
osxadmin 282 0.0 0.2 2539492 13856 ?? Ss 12:38PM 0:00.82 /System/Library/PrivateFrameworks/CloudDocsDaemon.framework/XPCServices/Conta
osxadmin 280 0.0 0.2 2553068 17812 ?? S 12:38PM 0:00.33 /System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd
osxadmin 278 0.0 0.1 2537776 5464 ?? S 12:38PM 0:00.05 /System/Library/PrivateFrameworks/IMDPersistence.framework/XPCServices/IMDPer
osxadmin 277 0.0 0.2 2551380 17648 ?? S 12:38PM 0:01.39 /System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Content
osxadmin 276 0.0 0.1 2541216 8344 ?? S 12:38PM 0:00.42 /System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd
osxadmin 275 0.0 0.3 2555700 25172 ?? S 12:38PM 0:08.23 /System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd
osxadmin 274 0.0 0.2 2593076 13792 ?? S 12:38PM 0:00.18 /System/Library/CoreServices/CoreServicesUIAgent.app/Contents/MacOS/CoreServi
osxadmin 273 0.0 0.2 2545472 12944 ?? S 12:38PM 0:00.08 /System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistorySy
osxadmin 272 0.0 0.2 2541052 15044 ?? S 12:38PM 0:00.43 /System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS
osxadmin 271 0.0 0.1 2545360 11772 ?? S 12:38PM 0:00.05 /System/Library/PrivateFrameworks/CallHistory.framework/Support/CallHistoryPl
osxadmin 270 0.0 0.2 2568952 20008 ?? S 12:38PM 0:00.24 /System/Library/PrivateFrameworks/MessagesKit.framework/Resources/soagent.app
osxadmin 269 0.0 0.3 2594616 26144 ?? S 12:38PM 0:00.50 /System/Library/PrivateFrameworks/InternetAccounts.framework/Versions/A/XPCSe
osxadmin 267 0.0 0.1 2518244 8112 ?? S 12:38PM 0:03.80 /usr/libexec/nsurlstoraged
osxadmin 266 0.0 0.3 2583088 21032 ?? Ss 12:38PM 0:00.20 /System/Library/CoreServices/Dock.app/Contents/XPCServices/com.apple.dock.ext
osxadmin 264 0.0 0.1 2541028 5364 ?? S 12:38PM 0:00.31 /usr/libexec/secd
osxadmin 263 0.0 0.0 2485344 3168 ?? Ss 12:38PM 0:00.02 /System/Library/CoreServices/Menu Extras/AirPort.menu/Contents/XPCServices/co
osxadmin 262 0.0 0.4 2570676 33472 ?? S 12:38PM 0:00.22 /System/Library/CoreServices/iconservicesagent
osxadmin 258 0.0 0.2 2543268 19860 ?? Ss 12:38PM 0:00.32 /System/Library/PrivateFrameworks/CalendarAgent.framework/Versions/A/XPCServi
osxadmin 257 0.0 0.1 2541760 5776 ?? S 12:38PM 0:00.54 /System/Library/PrivateFrameworks/TCC.framework/Resources/tccd
osxadmin 256 0.0 0.1 2541496 9572 ?? S 12:38PM 0:00.24 /usr/libexec/pkd
osxadmin 255 0.0 0.2 2549624 18152 ?? S 12:38PM 0:00.26 /usr/libexec/sharingd
root 254 0.0 0.1 2515924 11476 ?? Ss 12:38PM 0:00.10 /System/Library/CoreServices/backupd.bundle/Contents/Resources/TMCacheDelete
osxadmin 253 0.0 0.2 2544636 19632 ?? S 12:38PM 0:00.85 /System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Suppor
root 252 0.0 0.1 2514876 4460 ?? Ss 12:38PM 0:00.23 /System/Library/PrivateFrameworks/CacheDelete.framework/deleted
osxadmin 251 0.0 0.1 2539560 5212 ?? S 12:38PM 0:00.10 /System/Library/CoreServices/pbs
osxadmin 248 0.0 0.1 2572060 6088 ?? S 12:38PM 0:01.37 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.frame
osxadmin 246 0.0 0.5 3807188 44048 ?? S 12:38PM 0:03.61 /System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
osxadmin 245 0.0 0.1 2566432 11496 ?? S 12:38PM 0:00.12 /System/Library/CoreServices/AirPlayUIAgent.app/Contents/MacOS/AirPlayUIAgent
osxadmin 243 0.0 0.1 2542312 12016 ?? S 12:38PM 0:01.44 /usr/libexec/nsurlsessiond
osxadmin 242 0.0 0.4 2569976 29436 ?? S 12:38PM 0:02.90 /System/Library/PrivateFrameworks/CalendarAgent.framework/Executables/Calenda
osxadmin 241 0.0 0.1 2541864 7636 ?? S 12:38PM 0:00.09 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARD
_locationd 240 0.0 0.1 2546964 8100 ?? Ss 12:38PM 0:01.76 /usr/libexec/locationd
osxadmin 239 0.0 0.1 2537692 6220 ?? S 12:38PM 0:00.96 /usr/sbin/usernoted
osxadmin 238 0.0 0.0 2497480 1156 ?? S 12:38PM 0:00.01 /usr/sbin/pboard
_coreaudiod 237 0.0 0.0 2537856 2536 ?? Us 12:38PM 0:00.06 /System/Library/Frameworks/CoreAudio.framework/Versions/A/XPCServices/com.app
_coreaudiod 234 0.0 0.1 2543576 9696 ?? Ss 12:38PM 0:00.93 /usr/sbin/coreaudiod
osxadmin 233 0.0 0.6 2637352 50092 ?? S 12:38PM 0:03.72 /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
osxadmin 232 0.0 0.2 2600648 17764 ?? S 12:38PM 0:02.04 /System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer
osxadmin 230 0.0 0.3 2596140 27276 ?? S 12:38PM 0:01.23 /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock
osxadmin 228 0.0 0.0 2516620 3020 ?? S 12:38PM 0:01.89 /usr/sbin/cfprefsd agent
osxadmin 226 0.0 0.0 2522656 4164 ?? S 12:38PM 0:03.07 /usr/sbin/distnoted agent
osxadmin 224 0.0 0.2 2541912 13468 ?? S 12:38PM 0:01.28 /usr/libexec/UserEventAgent (Aqua)
root 223 0.0 0.0 2529360 2288 ?? Ss 12:38PM 0:00.17 /usr/libexec/securityd_service
_nsurlstoraged 219 0.0 0.1 2514380 4696 ?? Ss 12:37PM 0:00.22 /usr/libexec/nsurlstoraged
root 218 0.0 0.1 2546836 10188 ?? Ss 12:37PM 0:00.17 /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/suhelper
_softwareupdate 217 0.0 2.0 3726564 165920 ?? Ss 12:37PM 0:19.22 /System/Library/CoreServices/Software Update.app/Contents/Resources/softwareu
_netbios 214 0.0 0.1 2515060 6808 ?? SNs 12:37PM 0:00.08 /usr/sbin/netbiosd
root 213 0.0 0.0 2516660 3888 ?? Ss 12:37PM 0:00.06 /System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.app
root 211 0.0 0.1 2540132 4480 ?? Ss 12:37PM 0:00.05 /System/Library/PrivateFrameworks/TCC.framework/Resources/tccd system
root 206 0.0 0.1 2522040 7852 ?? Ss 12:37PM 0:04.75 /usr/sbin/PasswordService -n
root 204 0.0 0.0 2466640 2076 ?? S 12:37PM 0:00.00 /usr/libexec/xssendevent
root 203 0.0 0.0 2495904 1204 ?? Ss 12:37PM 0:00.01 /usr/libexec/discoveryd_helper --loglevel Detailed --logclass Everything --lo
root 201 0.0 0.1 2538264 4704 ?? Us 12:37PM 0:00.21 /usr/libexec/smd
root 199 0.0 0.1 2541420 7780 ?? Ss 12:37PM 0:03.90 /usr/sbin/diskmanagementd
root 197 0.0 0.1 2539164 8576 ?? Ss 12:37PM 0:07.56 /System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd
root 195 0.0 0.0 2514280 1192 ?? Ss 12:37PM 0:00.05 /usr/libexec/networkd_privileged
root 194 0.0 0.1 2539132 5448 ?? Ss 12:37PM 0:09.65 /usr/libexec/ApplicationFirewall/socketfilterfw
root 192 0.0 0.6 2657512 48544 ?? Ss 12:37PM 0:00.54 /System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemm
root 191 0.0 0.0 2489528 2472 ?? Ss 12:37PM 0:00.02 /System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kadmind
root 189 0.0 0.0 2514700 3604 ?? Ss 12:37PM 0:00.02 /System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kpasswdd
root 187 0.0 0.1 2498660 4392 ?? Ss 12:37PM 0:00.09 /usr/bin/perl -T /usr/libexec/emlog.pl -l
_networkd 186 0.0 0.1 2519188 6404 ?? Ss 12:37PM 0:01.34 /usr/libexec/networkd
root 185 0.0 0.0 2514388 2864 ?? Ss 12:37PM 0:01.94 sysmond
root 184 0.0 0.0 2497552 2604 ?? Ss 12:37PM 0:00.03 /System/Library/CryptoTokenKit/com.apple.ifdreader.slotd/Contents/MacOS/com.a
root 183 0.0 0.0 2516212 1452 ?? Ss 12:37PM 0:04.30 /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g -p /var/run/ntpd.pid -
root 182 0.0 0.6 3067528 53912 ?? Ss 12:37PM 0:01.94 /usr/libexec/slapd -d 0 -h ldap:/// ldapi://%2Fvar%2Frun%2Fldapi
root 180 0.0 0.1 2537080 6056 ?? Ss 12:37PM 0:00.05 /usr/libexec/usbd
root 179 0.0 0.0 2518248 3312 ?? Us 12:37PM 0:00.04 /usr/libexec/nehelper
_nsurlsessiond 178 0.0 0.1 2519660 7980 ?? Ss 12:37PM 0:00.21 /usr/libexec/nsurlsessiond --privileged
root 177 0.0 0.0 2514272 1532 ?? Ss 12:37PM 0:00.09 /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/com.appl
root 169 0.0 0.1 2514716 5756 ?? Ss 12:37PM 0:00.07 /System/Library/PrivateFrameworks/AmbientDisplay.framework/Versions/A/XPCServ
root 166 0.0 0.0 2549388 1556 ?? Ss 12:37PM 0:00.10 /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/CVMServer
root 164 0.0 0.0 2497252 3584 ?? Ss 12:37PM 0:00.02 /System/Library/Frameworks/CryptoTokenKit.framework/ctkd -s
root 163 0.0 3.6 4765120 303824 ?? Ss 12:37PM 3:26.09 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framewo
root 146 0.0 0.1 2519316 4584 ?? Ss 12:37PM 0:00.17 /usr/sbin/filecoordinationd
_windowserver 144 0.0 1.0 3679744 82044 ?? Rs 12:37PM 2:58.68 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/CoreGraph
root 137 0.0 0.0 2507500 3612 ?? Ss 12:37PM 0:00.02 /System/Library/Frameworks/PCSC.framework/Versions/A/XPCServices/com.apple.ct
root 136 0.0 0.1 2459172 4992 ?? Ss 12:37PM 0:03.70 /usr/libexec/watchdogd
root 111 0.0 0.0 2516356 1236 ?? Ss 12:37PM 0:00.03 /usr/libexec/diagnosticd
root 85 0.0 0.0 2522720 3596 ?? Ss 12:37PM 0:07.23 /usr/sbin/cfprefsd daemon
root 84 0.0 0.1 2542036 7776 ?? Ss 12:37PM 0:03.51 /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/authd.xp
_distnote 81 0.0 0.0 2521608 2132 ?? Ss 12:37PM 0:00.89 /usr/sbin/distnoted daemon
root 80 0.0 0.1 2548900 10272 ?? Ss 12:37PM 0:01.78 /System/Library/CoreServices/coreservicesd
root 78 0.0 0.1 2539308 8052 ?? Ss 12:37PM 0:03.60 /usr/libexec/amfid
root 77 0.0 0.0 2516908 1908 ?? Ss 12:37PM 0:08.50 /usr/sbin/notifyd
root 76 0.0 0.1 2537072 5360 ?? Ss 12:37PM 0:03.31 /usr/libexec/taskgated -s
root 75 0.0 0.0 2497380 1328 ?? Ss 12:37PM 0:00.01 /usr/libexec/hidd
root 73 0.0 0.0 2489720 1104 ?? Ss 12:37PM 0:00.02 /usr/sbin/KernelEventAgent
root 72 0.0 0.0 2513788 2680 ?? Ss 12:37PM 0:00.04 /System/Library/CoreServices/logind
osxadmin 71 0.0 0.3 2619492 23172 ?? Ss 12:37PM 0:02.80 /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow conso
root 70 0.0 0.1 2543272 4724 ?? Ss 12:37PM 0:00.12 /System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/Su
root 69 0.0 0.0 2514316 1400 ?? Ss 12:37PM 0:00.02 /usr/libexec/stackshot -t -O
root 66 0.0 0.1 2518248 5724 ?? Ss 12:37PM 0:00.96 /System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kdc
root 64 0.0 0.1 2538200 5468 ?? Ss 12:37PM 0:00.10 /usr/sbin/blued
root 63 0.0 0.0 2514580 3628 ?? Ss 12:37PM 0:00.03 autofsd
root 58 0.0 0.1 2539708 4868 ?? Ss 12:37PM 0:08.86 /usr/sbin/securityd -i
_usbmuxd 57 0.0 0.0 2516596 3840 ?? Ss 12:37PM 0:01.71 /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources
root 56 0.0 0.1 2539856 6724 ?? Ss 12:37PM 0:01.90 /System/Library/CoreServices/launchservicesd
root 55 0.0 0.2 2543752 13604 ?? Ss 12:37PM 0:01.64 /System/Library/PrivateFrameworks/ApplePushService.framework/apsd
_mdnsresponder 54 0.0 0.1 2548656 8856 ?? Ss 12:37PM 0:01.78 /usr/libexec/discoveryd --udsocket standard --loglevel Basic --logclass Every
root 52 0.0 0.1 2517780 5136 ?? Ss 12:37PM 0:00.06 /usr/sbin/wirelessproxd
root 51 0.0 0.4 2619460 36356 ?? Ss 12:37PM 0:20.64 /usr/libexec/opendirectoryd
root 50 0.0 0.1 2533284 5772 ?? Ss 12:37PM 0:00.07 /System/Library/PrivateFrameworks/WirelessDiagnostics.framework/Support/awdd
root 48 0.0 0.1 2498180 5508 ?? Ss 12:37PM 0:00.03 /usr/libexec/wdhelper
root 47 0.0 0.1 2516496 11656 ?? Ss 12:37PM 0:00.16 /System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd-helper
root 46 0.0 0.1 2544732 8540 ?? Ss 12:37PM 0:04.10 /usr/libexec/coreduetd
root 43 0.0 0.0 2539440 2844 ?? Ss 12:37PM 0:02.82 /usr/libexec/diskarbitrationd
root 42 0.0 0.0 2514460 3700 ?? Ss 12:37PM 0:00.03 /System/Library/CoreServices/iconservicesagent
_iconservices 41 0.0 0.1 2519280 4268 ?? Ss 12:37PM 0:00.11 /System/Library/CoreServices/iconservicesd
root 37 0.0 0.9 2662580 71792 ?? Ss 12:37PM 3:06.11 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framewo
root 36 0.0 0.1 2515488 7360 ?? SNs 12:37PM 0:00.14 /usr/libexec/warmd
root 34 0.0 0.1 2540736 5692 ?? Ss 12:37PM 0:00.14 /usr/libexec/airportd
root 30 0.0 0.0 2539008 2428 ?? Ss 12:37PM 0:00.92 /System/Library/CoreServices/powerd.bundle/powerd
root 29 0.0 0.1 2542068 7280 ?? Ss 12:37PM 0:01.26 /usr/libexec/configd
_appleevents 28 0.0 0.1 2537528 4848 ?? Ss 12:37PM 0:00.14 /System/Library/CoreServices/appleeventsd --server
root 26 0.0 0.1 2514072 5608 ?? Ss 12:37PM 0:00.10 /usr/libexec/thermald
root 24 0.0 0.1 2542276 12316 ?? Ss 12:37PM 0:00.83 /usr/libexec/kextd
root 23 0.0 0.1 2537252 8604 ?? Ss 12:37PM 0:06.88 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEve
root 21 0.0 0.0 2519584 2124 ?? Ss 12:37PM 0:10.02 /usr/sbin/syslogd
root 20 0.0 0.2 2544336 18572 ?? Ss 12:37PM 0:06.56 /usr/libexec/UserEventAgent (System)
root 9369 0.0 0.0 2432928 804 s000 R+ 12:57AM 0:00.00 ps aux
root 1 0.0 0.2 2539208 13600 ?? Ss 12:36PM 1:13.51 /sbin/launchd -
I just set up Profile Manager on a 10.8 Server and so far so good. Well, except for one thing I can't seem to figure out. Push notifications are not working on one of my vlans at my workplace. They work fine on the LAN (10.5.5.x) and work fine on our WLAN (10.5.7.x) vlan for corporate. However we have a seperate WLAN vlan(10.100.100.x) for guest access. It is segragated from the two. I can push information to machines while they are on the LAN and the WLAN corporate, but not the guest WLAN. All of our iOS devices connect to the guest network (for compatibilty). Any thoughts?
I've got the exact same issue, except that my network that won't take the push notifications is exactly the same as the network that does, just a different range.
I'm wondering if there is a configuration file that sets the local networks that the server can push to without using the APNS from the apple servers, and if we have to add the extra ranges to that? I am yet to locate said configuration file although!
Anyone else have any ideas? -
Profile management push setting always sending
Hello everyone.
I'm newbie for mac administrator. I was configure my mac mini server and looks like works. But i've a problem with profile management. It's always sending.
When the task is complete, the device is not included in the devices list. In the user portal for enroolment device, it's not shown wipe and lock options. Just the server can be shown in device list in profile manager.
I'm use mac mini server with OSX mountain lion 10.8.2, and my clients running 10.8.3 and 10.7.2.
Anyone heeelpp mee~~Push
You've opened the secure iChat port to have push notifications working? Take a look here for the right ports:
http://help.apple.com/advancedserveradmin/mac/10.7/#apdCA9A73CE-5F0C-4BDC-93E8-2 952C362FA3E.
On that page are all port numbers you need to forward to your server.
Email
The addresses being displayed as [email protected] is a bug in Lion Server in my opinion, you can file a bug report at apple.com/feedback.
Kerberos
Is as poorly documented as invisible in OS X Lion Server. Single Sign-On is a great tool for making services more user-friendly, it should be top of mind at Apple. You can file an enhancement request at apple.com/feedback.
Regards,
Mark -
Problems setting up Profile Manager
Hi everyone,
I've got 35 iPads in one room and I'd like to be able to configure them to use Profile Manager. I am running OSX 10.7.3 and all the tools are up to date.
I cannot get Profile Manager to run on the iPads. Here's what I've done so far:
- Enabled Profile Manager on the server
- Created a Self-Signed Certificate using Server.app
- Able to login to Profile Manager via the browser
I am stuck on the next part which is enroling the devices to Profile Manager. When I login to profile manager on the iPad, I get the option the "Enrol" the iPad, when I click "Enrol" I get the following error message:
"Unverified Profile" - "The authticity of "Device Enrollment" cannot be vertified. Installing this profile will change settings on your iPad.". I select 'Install Now', enter my passcode and I get this error: "The server certificate for "https://servername.domain/devicemanagment/api/device/ota_service" is invalid. When I press OK, I go back to the "Install Profile" window.
Has anyone had this issue before or know what's causing it? I suspect it's to do with certificates but I have created a Self-Signed one - do I need to do something else?
Thanks is advance,
MorganI had a similar issue before. I had changed the cert so many times that my keychain started having issues; ended up reformating the drive and reinstalling server.
I set my server up with a public domain and bought a UCC certificate from go daddy. Spending the money on a cert does bypass installing the whole trust profile as TeenTitan said.
Here's how I did it:
Setting up w/ Signed CA:
Establish your host name (ex. server.domain.com)
Don't turn on Profile Manager before setting up certs
Open Server.app, click on your server under "Hardware"
Go to "Settings"
Click on "Edit" next to SSL Certificate
In the drop down screen click the gear wheel in the left corner, select "Manage Certificates"
Click the "+" in the window, Click "Create a Certificate Indentity"
In the Name field type in your servers host name (ex. server.example.com)
Click the check for "Let me override defaults"
Fill out the next two windows with your organization's info
Click through the next few windows leaving all the defaults until you get to the window labeled "Subject Alternate Name Extension"
In the "dNSName" field add the the following records: yourdomain.com; server.yourdomain.com; www.yourdomain.com; autodiscovery.yourdomain.com (you could add more if you plan on hosting mail, address book, etc..)
IMPORTANT- make sure you add those "dNSName" addresses as Alternate name extensions when you are creating your SSL cert from an Authorized CA issuer like GoDaddy for example.
Click continue and finish creating your self generated cert
When you are finished you will return back to the Manage Certificates window and see your newly self generated SSL cert.
Click on the gear wheel and select "Generate Certificate Signing Request (CSR)"
Copy the following text
Close the window
Next, you need to go to your CA issuer and generate your cert. Copy the text into the field for generating your own SSL cert. (Your milage may vary in this process; I only know how to do it in GoDaddy)
After creating your cert, download it from your CA issuer's website. You should have two files, one being your "gd_intermediate.crt" and the other "yourdomain.com.crt"
Go back to the Settings section in Server.app and select "Edit" in "SSL Certificate" section
click the gear wheel icon and select "Manage Certificates"
Highlight your self genereated ssl that you created in the last steps
click the gear wheel icon and select "Replaced Certificate With Signed Or Renewed Certificate"
drag the "gd_intermediate.crt" that you downloaded into the window
Allow the keychain to add the record
Close Server.app
Open "Keychain Access" in your App folder
Click the lock in the bottom left corner and authenticate
In the top left pane select, under Keychains, "System"
in the bottom left pan, under Category, select "Certificates"
Drag the "yourdomain.com.crt" file that you downloaded from you CA issuer
Close keychain
Go back to Server.app in the settings section
select your newly generated SSL cert as your primary cert
Next, Enable Apple Push Notifications
Go to Profile Manager
Configure your directory services (I created an Open Directory Master)
Click Sign configuration profiles and choose your new SSL cert
Finally, turn on Profile Manager and if all goes well, you should be able to add your devices.
Hopefully this is helfpful; these were the steps I took to get my server going with a public address.
Other Info:
iOS devices enrolled had iOS 5.0.1 or higher (Models 3GS, 4, 4S)
I had ports 1640 & 2195 open for Profile Manager on my router
OS X Lion 10.7.3
Lion clients enrolled were 10.7.2 and up -
Profile manager + Caching server 2
Is it possible to push an app already with an in-app purchase applied to it through profile manager, apple push notification and the caching service without any user intervention to install the in-app module? Synching such an app from a backup through iTunes over USB doesn't apply the in-app purchase automatically.
Hi all,
I can acknowledge the problem with unsigned configuration profiles. However, this seems to be inconsistent between installations.
After getting into trouble by upgrading two different servers from 10.9.4 both got a clean install from me. The fresh 10.9.5 installations both contain profile manager 3.2.1 and were made quite similar in different LANs and by independent Apple-IDs. Now there is only one of the two servers with profile manager showing the behavior discussed.
Patrick, I very much appreciate your a.m. fail list.
Maybe you are looking for
-
Re-registering comctl32.dll on Windows 8.1
I was advised to re-register the common control after upgrading both my OS (to Win 8.1) and MS Access (to 2013). Events that worked on Win 7 and Access 2010 no longer appear in the development environment or fire when the app is run. (See: https://so
-
Ipad2 iOS version 5
-
Hi, I have installed Ex2013 on a separate box. Over the weekend I have switched the 2010 CAS role to my new CAS server. I update the external url's on the virtual directories on the new CAS server swapped out the ip's of my 2010 exchange putting i
-
Hi, A 30gb table with direct=y option in export 10.2.0.3 is getting failed with ora-01555 snapshot too old error. What is the best way to avoid the error? 1)Increase undo 2)Increase undo_retention 3)Use direct=n or anything else?
-
How PI works with DTR of NWDI together?
Hello I know we can use CMS of NWDI for PI object transport. But I wonder what we can do with DTR to versioning PI objects or DTR just doesn't fit in the case of PI. If we can use DTR to versioning PI objects, how that will work? How can we check-out