Push keeps breaking on Lion Server

iCal Server push notiy keeps breaking. It will show (push) on client desktop iCal account setups and then suddenly days later it will dissapear from the drop down list and only show manual or a time interval.
Can anyone answer this one? Sorry that my questions are mostly advanded but that is because I do search these forums well before posting. Thanks in advance.

This error...  <error code='403' type='auth'><forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error> ...looks like the XMPP notification server is not allowing the calendar server's XMPP account (or "JID") to create/configure pubsub nodes.  The XMPP notification server keeps a list of privileged JIDs in /Library/Preferences/com.apple.NotificationServer.plist.
First, check to see that calendar server is configured to use the "com.apple.notificationuser@<your hostname>" account by running this command in terminal:
sudo serveradmin settings calendar:Notifications:Services:XMPPNotifier:JID
You should see something like:
calendar:Notifications:Services:XMPPNotifier:JID = "[email protected]"
Next, see who is in the notification server's "privileged users" list via:
serveradmin settings notification:privilegedUsers
You should see something like:
notification:privilegedUsers:_array_index:0 = "_notification_user"
notification:privilegedUsers:_array_index:1 = "com.apple.notificationuser"
If you don't see "com.apple.notificationuser", you'll need to edit /Library/Preferences/com.apple.NotificationServer.plist and add it to the "privilegedUsers" array like:
  <key>privilegedUsers</key>
          <array>
     <string>_notification_user</string>
     <string>com.apple.notificationuser</string>
          </array>
Then I would recommend rebooting the server so that you are sure the notification server is restarted and re-reads the plist.

Similar Messages

  • Who got caldav and carddav push running successful on lion server?

    Hello everybody,
    I am running OS X Server since 10.5 server which I upgraded to 10.6 server in the past without problems, upgrading 10.6 to 10.7 was is a mess and none of my serveral upgrades attempts were leading into a "stable" lion server so I ended up with manual upgrading my data into a clean install of lion server.
    After data migration most of my services are working as usual (some profilemanager quirks but that don't bother me for now).
    Only when it comes to push for calendar and addressbook services I am getting frustrated!
    Push mail is running fine for my iDevices (Push is listed on my iPhone and iPad and Mac) but for caldav and carddav my caldavd error.logs are throwing error messages like this if I access iCal or addressbook via Mac or iDevice (no Push available on iPhone or iPad neither on my Mac).
    Those for caldav
    2011-09-23 11:29:18+0200 [-] [caldav-0]  [-] [twistedcaldav.notify.Notifier#warn] Could not create node /CalDAV/myserver.fqdn/FEF253F7-9A6C-4242-A990-88960832BF5F/
    2011-09-23 11:29:18+0200 [-] [notifications] 2011-09-23 11:29:18+0200 [XmlStream,client] [twistedcaldav.notify.XMPPNotifier#error] PubSub node configuration error: <error code='403' type='auth'><forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error>
    2011-09-23 11:29:18+0200 [-] [notifications] 2011-09-23 11:29:18+0200 [XmlStream,client] [twistedcaldav.notify.XMPPNotifier#error] PubSub node configuration error: <error code='403' type='auth'><forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error>
    and those for carddav
    2011-09-23 11:24:35+0200 [-] [caldav-1]  [-] [twistedcaldav.notify.Notifier#warn] Could not create node /CardDAV/myserver.fqdn/FEF253F7-9A6C-4242-A990-88960832BF5F/
    2011-09-23 11:24:35+0200 [-] [notifications] 2011-09-23 11:24:35+0200 [XmlStream,client] [twistedcaldav.notify.XMPPNotifier#error] PubSub node configuration error: <error code='403' type='auth'><forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error>
    2011-09-23 11:24:35+0200 [-] [notifications] 2011-09-23 11:24:35+0200 [XmlStream,client] [twistedcaldav.notify.XMPPNotifier#error] PubSub node configuration error: <error code='403' type='auth'><forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error>
    I tried several thing (changing serveradmin settings, plist and other configuration files, checking passwords, renew apple push certificates etc.) but that changed nothing, so if one got those push services running correctly I would appreciate if one could share his configuration so I can compare it with mine.
    I think those files and output are interesting for the configuration, if some other files are important please note them.
    If one feel afraid to post his configuration for security reasons etc. please ask for my email address
    Output of terminal command:
    sudo serveradmin settings calendar
    sudo serveradmin settings addressbook
    sudo serveradmin settings notification
    sudo serveradmin jabber
    plist and other configuration files of interest
    /etc/caldavd/caldavd.plist
    /etc/jabberd/*
    /etc/jabberd_notification/*
    Best regards,
    Eldrik

    This error...  <error code='403' type='auth'><forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error> ...looks like the XMPP notification server is not allowing the calendar server's XMPP account (or "JID") to create/configure pubsub nodes.  The XMPP notification server keeps a list of privileged JIDs in /Library/Preferences/com.apple.NotificationServer.plist.
    First, check to see that calendar server is configured to use the "com.apple.notificationuser@<your hostname>" account by running this command in terminal:
    sudo serveradmin settings calendar:Notifications:Services:XMPPNotifier:JID
    You should see something like:
    calendar:Notifications:Services:XMPPNotifier:JID = "[email protected]"
    Next, see who is in the notification server's "privileged users" list via:
    serveradmin settings notification:privilegedUsers
    You should see something like:
    notification:privilegedUsers:_array_index:0 = "_notification_user"
    notification:privilegedUsers:_array_index:1 = "com.apple.notificationuser"
    If you don't see "com.apple.notificationuser", you'll need to edit /Library/Preferences/com.apple.NotificationServer.plist and add it to the "privilegedUsers" array like:
      <key>privilegedUsers</key>
              <array>
         <string>_notification_user</string>
         <string>com.apple.notificationuser</string>
              </array>
    Then I would recommend rebooting the server so that you are sure the notification server is restarted and re-reads the plist.

  • Push Notification Problem with Lion Server

    Hello,
    i just upgraded my SL Server to Lion without any problems...... so far
    After enabling Push Notification i get this message every 10 seconds in the console:
    Jul 22 14:12:13 server jabberd_notification/router[185]: [127.0.0.1, port=52968] connect
    Jul 22 14:12:13 server com.apple.APNBridge[3287]: Unable to find identity com.apple.APNBridge.https
    Jul 22 14:12:13 server com.apple.APNBridge[3287]: Unable to configure SSL.  Not starting HTTP Server
    Jul 22 14:12:13 server jabberd_notification/router[185]: [127.0.0.1, port=52968] disconnect
    Jul 22 14:12:13 server com.apple.launchd[1] (com.apple.APNBridge[3287]): Exited with code: 1
    Jul 22 14:12:13 server com.apple.launchd[1] (com.apple.APNBridge): Throttling respawn: Will start in 10 seconds
    And of course... Push Notification does not work.
    Does anybody know how to get rid of this message and get Push Notification working?
    Thank you very much!

    Here is the full log after re-entering my credentials for push notifications:
    I noticed a couple of the lines that says Oct 13 09:54:04 ericpelletier jabberd_notification/c2s[1831]: [eric-pelletiers-imac.local] configured; realm=eric-pelletiers-imac.local, registration disabled
    this is my old hostname, I changed it recently, everything else is working except the push notifications, when could I change that host name for push notifications??
    t 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'session' added to chain 'in-router' (order 0 index 14 seq 0)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'validate' added to chain 'in-router' (order 1 index 1 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'presence' added to chain 'in-router' (order 2 index 12 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'privacy' added to chain 'in-router' (order 3 index 2 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'privacy' added to chain 'out-router' (order 0 index 2 seq 2)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'iq-last' added to chain 'pkt-sm' (order 0 index 0 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'iq-ping' added to chain 'pkt-sm' (order 1 index 6 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'iq-time' added to chain 'pkt-sm' (order 2 index 15 seq 0)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'iq-version' added to chain 'pkt-sm' (order 3 index 16 seq 0)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'amp' added to chain 'pkt-sm' (order 4 index 9 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'disco' added to chain 'pkt-sm' (order 5 index 8 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'announce' added to chain 'pkt-sm' (order 6 index 11 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'help' added to chain 'pkt-sm' (order 7 index 17 seq 0)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'echo' added to chain 'pkt-sm' (order 8 index 18 seq 0)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'presence' added to chain 'pkt-sm' (order 9 index 12 seq 2)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'roster' added to chain 'pkt-user' (order 0 index 3 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'presence' added to chain 'pkt-user' (order 1 index 12 seq 3)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'iq-vcard' added to chain 'pkt-user' (order 2 index 5 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'amp' added to chain 'pkt-user' (order 3 index 9 seq 2)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'deliver' added to chain 'pkt-user' (order 4 index 13 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'vacation' added to chain 'pkt-user' (order 5 index 4 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'offline' added to chain 'pkt-user' (order 6 index 10 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'iq-last' added to chain 'pkt-user' (order 7 index 0 seq 2)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'session' added to chain 'pkt-router' (order 0 index 14 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'disco' added to chain 'pkt-router' (order 1 index 8 seq 2)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'active' added to chain 'user-load' (order 0 index 19 seq 0)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'roster' added to chain 'user-load' (order 1 index 3 seq 2)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'roster-publish' added to chain 'user-load' (order 2 index 20 seq 0)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'privacy' added to chain 'user-load' (order 3 index 2 seq 3)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'vacation' added to chain 'user-load' (order 4 index 4 seq 2)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'active' added to chain 'user-create' (order 0 index 19 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'template-roster' added to chain 'user-create' (order 1 index 21 seq 0)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'active' added to chain 'user-delete' (order 0 index 19 seq 2)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'announce' added to chain 'user-delete' (order 1 index 11 seq 2)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'offline' added to chain 'user-delete' (order 2 index 10 seq 2)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'privacy' added to chain 'user-delete' (order 3 index 2 seq 4)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'roster' added to chain 'user-delete' (order 4 index 3 seq 3)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'vacation' added to chain 'user-delete' (order 5 index 4 seq 3)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'iq-last' added to chain 'user-delete' (order 6 index 0 seq 3)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'iq-private' added to chain 'user-delete' (order 7 index 7 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'iq-vcard' added to chain 'user-delete' (order 8 index 5 seq 2)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'iq-version' added to chain 'disco-extend' (order 0 index 16 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: module 'help' added to chain 'disco-extend' (order 1 index 17 seq 1)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: version: jabberd sm 2.2.14-373.2
    Oct 13 09:54:04 ericpelletier jabberd_notification/c2s[1831]: [eric-pelletiers-imac.local] configured; realm=eric-pelletiers-imac.local, registration disabled
    Oct 13 09:54:04 ericpelletier jabberd_notification/c2s[1831]: attempting connection to router at 127.0.0.1, port=5348
    Oct 13 09:54:04 ericpelletier jabberd_notification/c2s[1831]: [5] [router] write error: Broken pipe (32)
    Oct 13 09:54:04 ericpelletier jabberd_notification/c2s[1831]: connection to router closed
    Oct 13 09:54:04 ericpelletier jabberd_notification/c2s[1831]: attempting reconnect (3 left)
    Oct 13 09:54:04 ericpelletier jabberd_notification/s2s[1832]: attempting connection to router at 127.0.0.1, port=5348
    Oct 13 09:54:04 ericpelletier jabberd_notification/s2s[1832]: [6] [router] write error: Broken pipe (32)
    Oct 13 09:54:04 ericpelletier jabberd_notification/s2s[1832]: connection to router closed
    Oct 13 09:54:04 ericpelletier jabberd_notification/s2s[1832]: attempting reconnect (3 left)
    Oct 13 09:54:04 ericpelletier jabberd_notification/router[1830]: [127.0.0.1, port=5348] listening for incoming connections
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: [eric-pelletiers-imac.local] configured
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: attempting connection to router at 127.0.0.1, port=5348
    Oct 13 09:54:04 ericpelletier jabberd_notification/router[1830]: [127.0.0.1, port=51646] connect
    Oct 13 09:54:04 ericpelletier jabberd_notification/router[1830]: [127.0.0.1, port=51646] authenticated as jabberd
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: connection to router established
    Oct 13 09:54:04 ericpelletier jabberd_notification/router[1830]: [sm] online (bound to 127.0.0.1, port 51646)
    Oct 13 09:54:04 ericpelletier jabberd_notification/sm[1829]: sm ready for sessions
    Oct 13 09:54:04 ericpelletier jabberd_notification/router[1830]: [eric-pelletiers-imac.local] online (bound to 127.0.0.1, port 51646)
    Oct 13 09:54:05 ericpelletier servermgrd[97]: servermgr_notification[N]: jabberd service startup completed.
    Oct 13 09:54:05 ericpelletier jabberd_notification/router[1830]: [127.0.0.1, port=51654] connect
    Oct 13 09:54:05 ericpelletier com.apple.APNBridge[1838]: Unable to find identity com.apple.APNBridge.https
    Oct 13 09:54:05 ericpelletier com.apple.APNBridge[1838]: Unable to configure SSL.  Not starting HTTP Server
    Oct 13 09:54:05 ericpelletier jabberd_notification/router[1830]: [127.0.0.1, port=51654] disconnect
    Oct 13 09:54:05 ericpelletier com.apple.launchd[1] (com.apple.APNBridge[1838]): Exited with code: 1
    Oct 13 09:54:05 ericpelletier com.apple.launchd[1] (com.apple.APNBridge): Throttling respawn: Will start in 10 seconds
    Oct 13 09:54:05 ericpelletier jabberd_notification/router[1830]: [127.0.0.1, port=51658] connect
    Oct 13 09:54:05 ericpelletier jabberd_notification/router[1830]: [127.0.0.1, port=51658] authenticated as pubsub.ericpelletier.com
    Oct 13 09:54:05 ericpelletier jabberd_notification/router[1830]: [pubsub.ericpelletier.com] online (bound to 127.0.0.1, port 51658)
    Oct 13 09:54:06 ericpelletier jabberd_notification/s2s[1832]: attempting connection to router at 127.0.0.1, port=5348
    Oct 13 09:54:06 ericpelletier jabberd_notification/c2s[1831]: attempting connection to router at 127.0.0.1, port=5348
    Oct 13 09:54:06 ericpelletier jabberd_notification/router[1830]: [127.0.0.1, port=51660] connect
    Oct 13 09:54:06 ericpelletier jabberd_notification/router[1830]: [127.0.0.1, port=51661] connect
    Oct 13 09:54:06 ericpelletier jabberd_notification/router[1830]: [127.0.0.1, port=51660] authenticated as jabberd
    Oct 13 09:54:06 ericpelletier jabberd_notification/router[1830]: [127.0.0.1, port=51661] authenticated as jabberd
    Oct 13 09:54:06 ericpelletier jabberd_notification/c2s[1831]: connection to router established
    Oct 13 09:54:06 ericpelletier jabberd_notification/router[1830]: [c2s] online (bound to 127.0.0.1, port 51661)
    Oct 13 09:54:06 ericpelletier jabberd_notification/c2s[1831]: [::, port=5218] listening for connections
    Oct 13 09:54:06 ericpelletier jabberd_notification/c2s[1831]: ready for connections
    Oct 13 09:54:06 ericpelletier jabberd_notification/s2s[1832]: connection to router established
    Oct 13 09:54:06 ericpelletier jabberd_notification/router[1830]: [s2s] set as default route
    Oct 13 09:54:06 ericpelletier jabberd_notification/router[1830]: [s2s] online (bound to 127.0.0.1, port 51660)
    Oct 13 09:54:06 ericpelletier jabberd_notification/s2s[1832]: [::, port=5268] listening for connections
    Oct 13 09:54:06 ericpelletier jabberd_notification/s2s[1832]: ready for connections
    Oct 13 09:54:07 ericpelletier com.apple.usbmuxd[90]: _SendAttachNotification (thread 0x7fff7973b960): sending attach for device a4:67:06:10:80:5b@fe80::a667:6ff:fe10:805b._apple-mobdev._tcp.local.: _GetAddrInfoReplyReceivedCallback matched.
    Oct 13 09:54:08 ericpelletier usbmuxd[90]: _AMDeviceConnectByAddressAndPort (thread 0x101f81000): IPv4
    Oct 13 09:54:12 ericpelletier postfix/postmap[1862]: warning: /var/amavis/local_domains.db: duplicate entry: "com"
    Oct 13 09:54:15 ericpelletier jabberd_notification/router[1830]: [127.0.0.1, port=51680] connect
    Oct 13 09:54:15 ericpelletier com.apple.APNBridge[1865]: Unable to find identity com.apple.APNBridge.https
    Oct 13 09:54:15 ericpelletier com.apple.APNBridge[1865]: Unable to configure SSL.  Not starting HTTP Server
    Oct 13 09:54:15 ericpelletier jabberd_notification/router[1830]: [127.0.0.1, port=51680] disconnect
    Oct 13 09:54:15 ericpelletier com.apple.launchd[1] (com.apple.APNBridge[1865]): Exited with code: 1
    Oct 13 09:54:15 ericpelletier com.apple.launchd[1] (com.apple.APNBridge): Throttling respawn: Will start in 10 seconds

  • How do I set up a push iCal using the Lion Server on a Mac Mini?

    I have the server set up to work as a remote server. I have added users. Now I want to set up iCal to push, what are the steps to do this?

    Create a separate iTunes library for each device. Note: It is important that you make a new iTunes Library file. Do not just make a copy of your existing iTunes Library file. it will work. I am using it through this

  • How To Install A (Almost) Working Lion Server With Profile Management/SSL/OD/Mail/iCal/Address Book/VNC/Web/etc.

    I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
    Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
    Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
    Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
    DVD>Disk Utility>Erase Disk  [or Recovery Partition>Disk Utility>Erase Partition]
    DVD>Install Lion
    Reboot, hopefully Lion install kicks in
    Update, update, update Lion (NOT Lion Server yet) until no more updates
    System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
    Terminal>$ sudo scutil --set HostName server.domain.com
    App Store>Install Lion Server and run through the Setup
    Download install Server Admin Tools, then update, update, update until no more updates
    Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
    System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
    A few DNS set-up steps and these most important steps:
    A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
    B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
    C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
    D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
    E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
    F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
    G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
    H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
    I. Test from web browser server.domain.com/mydevices: Lock Device to test
    J. ??? Profit
    12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
    You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
    Firewall
    Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
    SSH
    Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
    PermitRootLogin no
    PasswordAuthentication no
    ChallengeResponseAuthentication no
    I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
    Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
    client$ ssh-keygen -t rsa -b 2048 -C client_name
    [Securely copy ~/.ssh/id_rsa.pub from client to server.]
    server$ cat id_rsa.pub > ~/.ssh/known_hosts
    I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
    $ diff denyhosts.cfg-dist denyhosts.cfg
    12c12
    < SECURE_LOG = /var/log/secure
    > #SECURE_LOG = /var/log/secure
    22a23
    > SECURE_LOG = /var/log/secure.log
    34c35
    < HOSTS_DENY = /etc/hosts.deny
    > #HOSTS_DENY = /etc/hosts.deny
    40a42,44
    > #
    > # Mac OS X Lion Server
    > HOSTS_DENY = /private/etc/hosts.deny
    195c199
    < LOCK_FILE = /var/lock/subsys/denyhosts
    > #LOCK_FILE = /var/lock/subsys/denyhosts
    202a207,208
    > LOCK_FILE = /var/denyhosts/denyhosts.pid
    > #
    219c225
    < ADMIN_EMAIL =
    > ADMIN_EMAIL = [email protected]
    286c292
    < #SYSLOG_REPORT=YES
    > SYSLOG_REPORT=YES
    Network Accounts
    User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
    2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
         User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
    Oh well.
    Email
    Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
    root:           myname
    admin:          myname
    sysadmin:       myname
    certadmin:      myname
    webmaster:      myname
    my_alternate:   myname
    Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
    cd /etc/postfix
    sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
    sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
    sudo serveradmin stop mail
    sudo serveradmin start mail
    Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
    If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
    iCal Server
    Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
    Web
    The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
    $ diff httpd.conf.default httpd.conf
    95c95
    < #LoadModule ssl_module libexec/apache2/mod_ssl.so
    > LoadModule ssl_module libexec/apache2/mod_ssl.so
    111c111
    < #LoadModule php5_module libexec/apache2/libphp5.so
    > LoadModule php5_module libexec/apache2/libphp5.so
    139,140c139,140
    < #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
    < #LoadModule encoding_module libexec/apache2/mod_encoding.so
    > LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
    > LoadModule encoding_module libexec/apache2/mod_encoding.so
    146c146
    < #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
    > LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
    177c177
    < ServerAdmin [email protected]
    > ServerAdmin [email protected]
    186c186
    < #ServerName www.example.com:80
    > ServerName domain.com:443
    677a678,680
    > # Server-specific configuration
    > # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
    > Include /etc/apache2/mydomain/*.conf
    I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
    Alias /eyetv /Users/uname/Sites/EyeTV
    <Directory "/Users/uname/Sites/EyeTV">
        AuthType Digest
        AuthName "EyeTV"
        AuthUserFile /Users/uname/.htdigest
        AuthGroupFile /dev/null
        Require user uname
        Options Indexes MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
    <Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
        AuthType Digest
        AuthName "EyeTV"
        AuthUserFile /Users/uname/.htdigest
        AuthGroupFile /dev/null
        Require user uname
        Options Indexes MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
    Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
    One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
    Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
    User-agent: *
    Disallow: /
    Misc
    VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.

    Privacy Enhancing Filtering Proxy and SSH Tunnel
    Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
    If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
    $ ./ssht 8080:[email protected]:3128
    $ ./ssht 8080:alice@:
    $ ./ssht 8080:
    $ ./ssht 8018::8123
    $ ./ssht 5901::5900  [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
    $ vi ./ssht
    #!/bin/sh
    # SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
    USERNAME_DEFAULT=username
    HOSTNAME_DEFAULT=domain.com
    SSHPORT_DEFAULT=22
    # SSH port forwarding specs, e.g. 8080:localhost:3128
    LOCALHOSTPORT_DEFAULT=8080      # Default is http proxy 8080
    REMOTEHOST_DEFAULT=localhost    # Default is localhost
    REMOTEPORT_DEFAULT=3128         # Default is Squid port
    # Parse ssh port and tunnel details if specified
    SSHPORT=$SSHPORT_DEFAULT
    TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
    while [ "$1" != "" ]
    do
      case $1
      in
        -p) shift;                  # -p option
            SSHPORT=$1;
            shift;;
         *) TUNNEL_DETAILS=$1;      # 1st argument option
            shift;;
      esac
    done
    # Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
    shopt -s extglob                        # needed for +(pattern) syntax; man sh
    LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
    USERNAME=$USERNAME_DEFAULT
    HOSTNAME=$HOSTNAME_DEFAULT
    REMOTEHOST=$REMOTEHOST_DEFAULT
    REMOTEPORT=$REMOTEPORT_DEFAULT
    # LOCALHOSTPORT
    CDR=${TUNNEL_DETAILS#+([0-9]):}         # delete shortest leading +([0-9]):
    CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
    CAR=${CAR%:}                            # delete :
    if [ "$CAR" != "" ]                     # leading or trailing port specified
    then
        LOCALHOSTPORT=$CAR
    fi
    TUNNEL_DETAILS=$CDR
    # REMOTEPORT
    CDR=${TUNNEL_DETAILS%:+([0-9])}         # delete shortest trailing :+([0-9])
    CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
    CAR=${CAR#:}                            # delete :
    if [ "$CAR" != "" ]                     # leading or trailing port specified
    then
        REMOTEPORT=$CAR
    fi
    TUNNEL_DETAILS=$CDR
    # REMOTEHOST
    CDR=${TUNNEL_DETAILS%:*}                # delete shortest trailing :*
    CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
    CAR=${CAR#:}                            # delete :
    if [ "$CAR" != "" ]                     # leading or trailing port specified
    then
        REMOTEHOST=$CAR
    fi
    TUNNEL_DETAILS=$CDR
    # USERNAME
    CDR=${TUNNEL_DETAILS#*@}                # delete shortest leading +([0-9]):
    CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
    CAR=${CAR%@}                            # delete @
    if [ "$CAR" != "" ]                     # leading or trailing port specified
    then
        USERNAME=$CAR
    fi
    TUNNEL_DETAILS=$CDR
    # HOSTNAME
    HOSTNAME=$TUNNEL_DETAILS
    if [ "$HOSTNAME" == "" ]                # no hostname given
    then
        HOSTNAME=$HOSTNAME_DEFAULT
    fi
    ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
        && echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
        || echo "SSH tunnel FAIL."

  • I downloaded OS X Lion Server using my apple developer account? Will it stay after my enrolment is over?

    The title says it all. I downloaded OS X Lion Server using my apple developer account? Will it stay after my 1 year enrolment is over? I basicaly signed in and redeemed a code to download OS X Lion Server. It is now in my purchased list in the Mac App Store. But I got it by redeeming a code that I got through being an Apple Mac Developer. I wanted to know if I decided not to pay $99 next year to renew my enrolment, will I still be able to keep OS X Lion Server in my purchased list in the Mac App Store. When I click on More Apps by Apple in the Mac App Store, it takes me to the page with all their apps. OS X Lion Server says it is installed. But I want to know if it will still be in the purchased menu after the enrolment is finished and not renewed.

    I am a new Mac Developer. I checked the page you gave me and I think it's more to do with topics about programming and using the developer tools and pre-release software. I don't think my question relates to any of the topics there. OS X Lion Server has already been released and is available for the public. I was planning on buying it. But before I did that I wanted to become a developer. So I enrolled in the Mac Developer program and I went to download OS X Mountain Lion Developer Preview 2 when I realized that I could also download the already released OS X Lion Server which was available for $50. So instead of buying it from the Mac App Store, I just got the redemption code from the Mac Developer Center and downloaded it free of charge (I did pay the $99 to be a Mac Developer though). Now it has been added to the purchased list in the Mac App Store and when I click the More Apps by Apple button in the Mac App Store, it takes me to the page with all Apple apps. And now on that page it says that OS X Lion Server has been installed. I am just wandering if once my enrollment is over next year April, and I decide not to renew my enrolment, will I still be able to have the OS X Lion Server in my list of purchased apps and still be able to re-download it? Sorry if this is too long, but I am trying to be as clear as possible. Sometimes when I ask questions, I wait a whole day and go back there, only to find out that they didn't understand what I meant. Thank you .

  • I am trying to allow guests on windows to connect to shares on my Lion server but it keeps asking for a password for guest. I have allow guest users to access this share enabled but it still does not work.

    I am trying to allow guests on windows to connect to shares on my Lion server but it keeps asking for a password for guest. I have allow guest users to access this share enabled but it still does not work.

    Ditto. Guest accounts shouldn't have a password. No way to enter one in System Prefs...

  • Pushing content to iPads, possibly by using OS X Lion Server?

    Is there a way to wirelessly push content/make content available using Lion server for iPad users on Macs AND PCs? We have an iPad pilot project for sales reps at my company, and we're trying to find a way to get the users their content without having to have iPads FedExed back and forth so we can update them on our iMac (it was the easiest way for me to manage the content). The sales reps are not particularly iPad-adept and we want to ensure they all have precisely the content we'd like.
    Not sure what our next big step should be.
    Thanks!
    Emily

    We have photos, videos, lots and lots of PDFs. Ideally I think we'd like to push something like an iPad backup so the reps could have the categories and keywords loaded on automatically as well. It's a medical products company, and I think the biggest thing is the organization on the iPad. We have it right now so that the reps can search for a keyword in spotlight (say, "hip") and get all of the items associated with hips—videos, photos, and PDF brochures.
    Haven't looked into MDM. I don't have any experience with that.

  • Revoking push certificate for lion server does not work

    After reinstalling my Lion Server - based on a Mac Mini Server - I generated also a new Push Certificate since I changed a lot of names/config. Now I found that an older Push Certificate is shown as active althoug I allready revoked it. When I hit the Revoke Button besides that Certificate (that is shown as valid and active until 9-12) I get an error - allready revoked!? Does this harm my configuration and can I do anything to solve this problem?
    Thanks for any help/suggestions.
    Best,
    Torsten

    The truth is, I shouldn't have posted this. Sorry. Late. Frustrated. I really just want it to work. I got Lion in hopes of learning how it worked. Now that I know it doesn't, I know not to recommend to my clients.
    Apple should give up trying to "make believe" you can manage an Enterprise Network Server using a GUI. They have successfully proven it over and over. Lion is their coup d' gras of "Don't try this at home".
    Now, I will search the forum for the answer, sure to discover that after a long, long, session in Terminal, using cryptic unix commands, I'll solve my problem.
    That's all. It will be doubly frustrating, as I'll have to turn off the Server so I can even see the internet, to find answers, create pdf's of web pages, turn the server back on, and try to fix.
    It is simply unacceptable. That's all.

  • Lion Server push notifications to iOS 5 only partially working

    I'm attempting to enable push notifications from my 10.7.2 Lion Server to my iOS 5 and Lion clients. All services (OD, Calendar Server, Mail, DNS, etc.) are running off of the same server. Push for Lion clients works fine for IMAP and CalDAV. I see "Push" in iCal preferences -> account settings.
    For iOS 5 however I  only see push enabled for Mail. I have confirmed it works as well. However, Calendars and Contacts show "fetch" in Settings -> Mail, Contacts, Calendars -> "Fetch New Data" -> Advanced.
    iChat is running. I've verified all the iChat related ports are opened in the firewall.
    I have a "real" certificate for my domain and clients are pointed to that domain name.
    There are no errors in the logs. The caldavd configuration file in /etc/caldavd/ looks fine.
    I'd appreciate any ideas where else to look!

    Not sure but in well known ports is this
    2195
    TCP
    Apple Push Notification Service (APNS)
    Push notifications
    2196
    TCP
    Apple Push Notification Service (APNS)
    Feedback service

  • Lion Server push notifications to iOS5

    Hello All,
    I'm having trouble with push notificaitions to iOS 5 devices from Lion Server.  Mail, Contacts and Calendar services appear to be working but any time new mail or new meeting invite is sent, I see the below error message regarding APNS:
    Nov 21 12:40:57 zion com.apple.APNBridge[10240]: Disconnected from apn server gateway.push.apple.com for topic com.apple.calendar.XServer.6ac5b2cd-6c4b-4801-bb11-48ec449e5e7e: error The operation couldn’t be completed. Operation timed out
    Nov 21 12:40:57 zion com.apple.APNBridge[10240]: Will attempt to reconnect stream APN to host gateway.push.apple.com:2195 in 15 seconds
    Nov 21 12:41:04 zion fseventsd[63]: SLOWDOWN: client 0x7fbf7c010000 (pid 30) sleeping due to too many errors (num usleeps 132)
    Nov 21 12:41:46 zion com.apple.APNBridge[10240]: Received stream error (The operation couldn’t be completed. Operation timed out) on incoming stream APN to host gateway.push.apple.com:2195
    Nov 21 12:41:46 zion com.apple.APNBridge[10240]: Disconnected from apn server gateway.push.apple.com for topic com.apple.mail.XServer.3c925dd7-41fd-4892-b386-24146dc772f3: error The operation couldn’t be completed. Operation timed out
    Nov 21 12:41:46 zion com.apple.APNBridge[10240]: Will attempt to reconnect stream APN to host gateway.push.apple.com:2195 in 15 seconds
    I recently updated my APNS certificate, which I believe could be part of the problem.  All iOS devices are on the same subnet as the server, so firewalling is not an issue.  Moreover,  I'm not blocking traffic outbound (to the internet) so I know the server can connect to the APNS.  Any ideas or assistance would be greatly appreciated.
    Regards,
    -SD

    re Question 2 APN & 2195
    Looks like you need to forward Port 2195 & maybe also port 2196
    To use Profile Manager, you should ensure that the following ports are open on your network.
    Port
    TCP/UDP
    Description
    2195, 2196
    TCP
    Used by Profile Manager to send push notifications
    5223
    TCP
    Used to maintain a persistent connection to APNs and receive push notifications
    80/443
    TCP
    Provides access to the web interface for Profile Manager admin
    1640
    TCP
    Enrollment access to the Certificate Authority
    SEE -> http://support.apple.com/kb/PH8044 for the COMPLETE LIST OF PORTS USED FOR LION SERVER

  • Push Notification Issues - Lion Server 10.7

    Hey All,
    Am having a few issues with Push on Lion, it seems to work for a short period of time after setting up, then seems to stop being able to push.  Today I woke up to a server running at a constant ~60% processor utilisation and this error repeating itself over and over again in the log...
    Jul 29 15:11:05 mail push_notify[105]: discarding message; not connected to notification server
    There is also single errors from com.apple.APNBRidge saying "Disconnected from apn feedback server feedback.push.apple.com for topic com.apple.mail.xserver.xxxxxxxxxxxx: error (null) - there is one for each different service push supports and they are straight after connect messages.
    Do Push services require any ports opening up? I did have the server set up in DMZ for a while but it still managed to fall over, so I took it back out.  However I'd imagine the server is sending notifications out rather than listening in for anything.
    I've reinstalled this server around 5 times now and am reaching the end of my patience!  Everytime Push starts working then stops, last night Web services fell over and I was getting database connection errors, as there were push notification errors in the log, I un-ticked and re-ticked the Apple Push notification checkbox and things came back up.  It's a shame it seems very temperamental as it's such a huge feature.  I have this one set with a self signed cert, set up as per when you enable profile server.  This is also trusted by any devices testing.
    I've turned Push off for the moment as it seems intent on bringing down the rest of the services I have set up Just turned off Mail and the processor use dropped to almost nothing, restarted it and things are now calm.
    Also anyone know how to set up automount's from the command line?  My production environment has NFS sharepoints for User directories - for the purpose of being able to use fast user switching on client machines (AFP doesn't support this).  Exports are easy as are in a file, but I'm struggling with the automounts.
    Any ideas?
    Cheers all.

    Any luck on this?  I got my Lion Server running and managed to get puch notifications on Mail, but no luck with iOS.  Appear to have the same problem:
    Aug  1 10:20:25 server push_notify[102]: notification server connect failed, will retry in 300 seconds
    Aug  1 10:20:28 server push_notify[102]: discarding message; not connected to notification server
    Aug  1 10:20:58 server push_notify[102]: discarding message; not connected to notification server
    Aug  1 10:21:29 server push_notify[102]: discarding message; not connected to notification server
    Aug  1 10:21:59 server push_notify[102]: discarding message; not connected to notification server
    Aug  1 10:22:29 server push_notify[102]: discarding message; not connected to notification server
    Aug  1 10:22:59 server push_notify[102]: discarding message; not connected to notification server

  • Lion Server and mail push notifications stop after reboot

    Hi, I have a Lion Server mail server setup with push notifications to iOS devices.  Everything works fine until I reboot the server.  At that point none of the iOS devices receive push notifications until I kill their Mail app; once I relaunch it, push notifications start working again to that device until the next reboot.  Has anyone else seen this, and know how to solve it?  Thanks.

    You don't believe me but I just start to close the tons of opened in background apps on my iPhone and when I close all apps the mail push start working just great! Checked it several times!

  • Can Lion server keep my photos in sync between two macs?

    can Lion server keep my photos in sync between two macs?  Where should I keep them, we have Aperture 3 and my wife still likes iphoto '11.  I've already tried plenty of 3rd party solutions with little success.  I simply want my MBP to "mirror" the imac with the exception of iMovie footage.  Is this what the server app can do?  I am bad enough with computers, but even thinking about a server gives me migraines!

    discussing this right now at this link...
    http://discussions.apple.com/message.jspa?messageID=1473705#1473705

  • Setting up Push Notification in Lion Server

    Dear all,
      I am setting up a Lion Server which allows users to enroll their ipad, and want to send out push notification.
    After I got a SSL cert, enroll the ipad.However, I could not see any way to push my notification to application  in my ipad. So here is my question:
      1. Does the APNs set up in the Lion Server Connecting to the gateway.apple.com:2195 or directly connect to the ipad? Because my target environment will be a private network.
      2. How can I configure Lion Server so that it could send out push notification? ( either from apple or direcly push )
    Thanks

    Thanks for your reply,
    However,
    http://support.apple.com/kb/HT3947
    Referring to the above documents,
    " Additionally, the service can be configured to provide Push Notifications to third-party applications which use the ServerNotification "
    This really confuse me

Maybe you are looking for

  • HT202879 Where can I find a tutorial for Numbers on Maverick?

    I need help learning Numbers. I have a very basic understanding of MS Excel. Is there a tutorial targeted to financial spreadsheets?

  • File problem or something.

    So I get some new CDs from my uncle and decide to put them onto my itunes. When I uplink my ipod, it stops after a while and a message pops up and says "The ipod [insert name] cannot be synced since the required file cannot be found." Also, a message

  • Why won't my iMessage register my phone number?

    I had recently had to restore my iPhone 4 because I had forgotten my passcode. After resetting, my phone number hasn't registered for my iMessage, allowing me to only be able to use my email. I tried almost everything: turning it off then back on, re

  • Stuck at "about to enable constraints..."

    Hi, I am new to Oracle,pls help me: I am importing a dump file into the dbs using IMP on oracle 10g. The import process stopped at about to enable constraints... for the whole day. would u pls tell me what is the reason... thanks in advance

  • Issue with embedded google map

    When copying and pasting html from google maps to my website, the map shows correctly in preview mode.  After publishing however, the target property is no longer at the center of the map but off the map at the extreme upper left hand corner.  Any su