Tiger client cannot bind to 10.6.8 server

Similar Messages

• Tiger clients having difficulties accessing Snow Leopard update server

  Greetings! I have about 500 Macs in my network, running Tiger, Leopard, and Snow Leopard. I just installed a transparent Snow Leopard (Mac mini, 10.6.7) software update server. The update server sits within my network, with my internal DNS server directing all requests to it. The update server uses an external DNS server, so it is able to access the Apple server without any issues and download the updates. Leopard and Snow Leopard clients are able to access it with no issues and download updates.
  My Tiger clients, however, are not. When a Tiger client tries to access the update server through Software Update, it displays the message "A networking error has occurred: Error NSURLErrorDomain - 1100 (-1100). Make sure you can connect to the Internet, then try again." I tested this on about a half dozen Macs on different VLANs, including one set up on the same VLAN as the server. Several things: 1) the Tiger clients CAN access the network, network resources, and browse to the software update server's index.sucatalog file using a browser; and 2) the update server has no log entry indicating a connection was attempted by the Tiger client. (It does, however, show plenty of activity by Leopard and Snow Leopard clients.)
  If I enter the following command on one of my Tiger clients, it CAN access the update server:
  defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL "http://swscan.apple.com:8088/index.sucatalog"
  And the update server posts a log entry acknowledging the access. However, I get a message on the client that the software is up to date. The software is not. I tried to update a PowerPC G4 with a fresh installation of 10.4, and I KNOW it needs updating! I copied and enabled all update packages to my server, and I have seen the necessary updates in the list. My clients are unmanaged.
  So, after a morning of testing, trial, error, and digging around log files, I've concluded the following:
  1. My software update server is not automatically redirecting Tiger clients appropriately (the network error message)
  2. The server's index.sucatalog either does not contain the updates list for Tiger clients, or the Tiger clients are not processing it correctly.
  So, my questions are, what do I need to do on my server to redirect the Tiger clients appropriately (because it totally defeats the whole purpose of networking to touch every client and change the software updates .plist file), and what file do Tiger clients need to be directed to to get the appropriate updates list? I've looked at the swupd.conf file; it does not have a redirect for Tiger clients, so I added one (directing it to index.sucatalog), but it did not make any difference.
  At this point, I am perplexed. Does anyone have any suggestions? I have read the Mac OS X Server System Imaging & Software Update Administration Version 10.6 Snow Leopard manual, and it was not helpful. I've also searched extensively on Google and found little helpful information.
  Thank you for any assistance you can provide.

  Searching on the net brought me to the same solution that Mr. Hoffman found as well, I was a bit skeptical at first but since he recommended it, and all my other attempts failed, it was a last resort and I have some additional notes of my own for a successful solution. Read the two links below first before doing anything, as they contribute to the solution in tandem.
  http://forums.macrumors.com/showpost.php?p=7221295&postcount=20
  http://forums.macrumors.com/showpost.php?p=9081641&postcount=28
  I should probably just create an entirely new post with all of the steps that worked for me, but it's rather straightforward nonetheless.

• Ldapclient cannot BIND to an ldap consumer server

  We have an LDAP master server running iPlanet Directory Server 5.1 with Solaris 8 and two consumer servers running iPlanet Directory Server 5.1 with Solaris 9.
  The replication and the entries update works perfectly, as well as, when I perform an ldapsearch ....
  The problem I'm facing is described below :
  When I put a server (other than the 3 LDAP servers) to be ldapclient to one of the two consumer LDAPs,and try to bind using the proxyagent entry, im not getting a response (or the delay is so so so long.)Even if i increase the Bind timeout value in my client's profile the situation is not getting much better.
  Im getting back with that the entry i asked for DOES NOT EXIST on the ldap server,although it exists (performing ldapsearch I confirm that the consumer LDAP has the desired entry).
  The problem exist when im trying to bind through solaris (proxyagent) and not through LDAP (rootDN).
  I hope someone could help me with that.
  Thank you in advance for your time.

  I have similar problem,
  Apr 13 15:07:09 earth master[88]: [ID 293258 local6.error] libsldap: Status: 2 Mesg: Unable to load configuration '/var/lda
  p/ldap_client_file' ('').
  Apr 13 15:07:12 earth master[85]: [ID 293258 local6.error] libsldap: Status: 2 Mesg: Unable to load configuration '/var/lda
  p/ldap_client_file' ('').
  Apr 13 15:07:14 earth ldap_cachemgr[173]: [ID 722288 daemon.error] Error: Unable to refresh from profile:__default_config. (
  error=2)
  bash-2.03# ldd /usr/lib/nss_ldap.so.1
  sldaputil.so.5 => /usr/lib/sldaputil.so.5
  libsldap.so.1 => /usr/lib/libsldap.so.1
  libnsl.so.1 => /usr/lib/libnsl.so.1
  libsocket.so.1 => /usr/lib/libsocket.so.1
  libc.so.1 => /usr/lib/libc.so.1
  librt.so.1 => /usr/lib/librt.so.1
  libdl.so.1 => /usr/lib/libdl.so.1
  libmd5.so.1 => /usr/lib/libmd5.so.1
  libdoor.so.1 => /usr/lib/libdoor.so.1
  libmp.so.2 => /usr/lib/libmp.so.2
  libaio.so.1 => /usr/lib/libaio.so.1
  /usr/platform/SUNW,UltraSPARC-IIi-cEngine/lib/libc_psr.so.1
  /usr/platform/SUNW,UltraSPARC-IIi-cEngine/lib/libmd5_psr.so.1
  I was able login using ldap passwd.
  setup:
  =====
  Openlap server , Solaris 8 Client authentication.

• MFC Client cannot send message to a Java Server

  Hi All,
  I have a Java Server which listens on a TCP Socket. The client is a MFC based application and needs to communicate with the Server using simple raw text messages.
  We were able to connect to the Java Server using CSocket and CAsyncSocket objects but were not able to send messages.
  This is the code that we are trying:
  mySock = new CAsyncSocket(); // mySock is a CAsyncSocket object.,
  mySock->Create();
  mySock->Connect(strIP,lngPort);
  mySock->Send(strMessage, nSize);
  The server log shows that the connection is established, but the message doesnt reach.
  Please help !
  Thanks !!
  Sudhakar.

  I have the same problem.
  The Java (server) end is straightforward...
  Ian
  import java.io.*;
  import java.net.*;
  public class Serv extends Thread
       public static final int PORT = 3011;
       public static final String REQUEST = "REQUEST";
       /** Test */
       public static void main(String[] args)
            Serv s = new Serv();
            s.start();
       Serv()
            try
                 // Real code will set this class to be a daemon thread as we want it to stop is the main thread stops
                 //ss.setDaemon(true);
                 m_serverSocket = new ServerSocket(PORT);
            catch (IOException ex)
                 ex.printStackTrace();
       public void run()
            try
                 while (true)
                      // Launch a handler when a client connects:
                      final Socket clientSocket = m_serverSocket.accept();
                      ClientHandler clientHandler = new ClientHandler(clientSocket);
                      System.out.println("(Client " + clientHandler.getClientHostname() + " accepted on port " + PORT + ")");
                      clientHandler.start();
            catch (IOException ex)
                 ex.printStackTrace();
       private class ClientHandler extends Thread
            ClientHandler(Socket clientSocket)
                 try
                      setDaemon(true);
                      m_clientSocket = clientSocket;
                      m_socketWriter = new PrintWriter(new BufferedOutputStream(m_clientSocket.getOutputStream()));
                      m_socketReader = new BufferedReader(new InputStreamReader(m_clientSocket.getInputStream()));
                 catch (IOException ex)
                      ex.printStackTrace();
            public void run()
                 try
                      //m_socketWriter.println(getAlarmSummaryString());
                      //m_socketWriter.flush();
                      while (true)
                           final String request = m_socketReader.readLine();
                           System.out.println("Client request: " + request);
                           if (request.equals(REQUEST))
                                m_socketWriter.println("RESPONSE");
                                m_socketWriter.flush();
                           else
                                m_clientSocket.close();
                                break;
                 catch (SocketException ex)
                      System.out.println("(Client " + getClientHostname() + " disconnected)");
                 catch (IOException ex)
                      ex.printStackTrace();
            private String getClientHostname()
                 return ((InetSocketAddress)m_clientSocket.getRemoteSocketAddress()).getHostName();
            private Socket m_clientSocket;
            private PrintWriter m_socketWriter;
            private BufferedReader m_socketReader;
       private ServerSocket m_serverSocket;
  }

• My Mac Mini client cannot find or connect with the server on my 4 station network.  I am able to connect with the server using the same ethernet connection with another Mac.  Any suggestions?

  I am using DHCP/automatic running OS 10.4.11.  I upgraded to 10.5 but this did not help.

  Ping has started ...
  PING 192.168.1.1 (192.168.1.1): 56 data bytes
  64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=1.158 ms
  64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.941 ms
  64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.911 ms
  64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.924 ms
  64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.995 ms
  64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=0.971 ms
  64 bytes from 192.168.1.1: icmp_seq=6 ttl=64 time=0.964 ms
  64 bytes from 192.168.1.1: icmp_seq=7 ttl=64 time=0.937 ms
  64 bytes from 192.168.1.1: icmp_seq=8 ttl=64 time=0.894 ms
  64 bytes from 192.168.1.1: icmp_seq=9 ttl=64 time=0.874 ms
  --- 192.168.1.1 ping statistics ---
  10 packets transmitted, 10 packets received, 0% packet loss
  round-trip min/avg/max/stddev = 0.874/0.957/1.158/0.075 ms

• Can Leopard Server update Tiger clients?

  Can anyone tell me if Leopard server can update the OS of Tiger clients? I know Tiger server can't update Leopard clients, but the other way around?

  Hi
  Not true. I have a 10.4 OD Master with a managed group using the SUS Service on a 10.5 Server. The 10.5 Server is connected to the 10.4 Directory. DNS Services for both servers are on the 10.4 Server as is the DHCP Service. 10.4 and 10.5 Clients that bind to the 10.4 Server are updated using the 10.5 SUS with no problems at all. The only issue I've seen is 10.5 clients occasionally can't use the 10.5.2 Combo Update on the SUS Server. There is the 'cant expand package properly' error message. At first I thought this was because the latest Intel iMacs were able to update but not Leopard installed PPC models. One solution was to keep a manually downloaded .dmg of the 10.5.2 update on the Server and push it out using ARD or copying it locally and installing it that way. However earlier Intel models - occasionally - are also not updating - pre-dominantly first generation macbooks and macminis but every now and again some of the later Aluminium model iMacs.
  This is an intermittent problem though and may be due to the small bandwidth that the SUS server is having to use to access apple's downloads server (1MB). When the SUS was on the 10.4 Server with a higher bandwidth connection (4-5MB) there was never any problems with the downloads but quite a few with the Service stopping itself and having to be restarted using the command line.
  The amount downloaded for 10.5 SUS is greater (approx 13-16GB) than 10.4 SUS (approx 10-11GB) - obviously. It took 4-5 days for the 10.5 SUS to make available all the downloaded updates - obviously due to the 1MB connection but also there were problems with accessing the updates server at that time. I think this was because Leopard Server had not long been made available and like a lot others it was in a testing environment where all the services were being tried to see what was worked and what did not.
  Tony

• New 2012 R2 domain - xp clients cannot join or print

  I just migrated a 2003  domain to 2012 R2.   Things were working ok & then XP clients became AD stupid.
  Steps I took:
  Added a VM 2012 R2 DC to the domain.  Server had DNS installed.  Ran dcdiag & bpa and resolved any issues. 
  About a week later I moved all roles over to the VM DC.
  Tore down one of the NT2003 DCs (not VM) and rebuit it as a 2012 R2 DC w/DNS.  Ran dcdiag & bpa and resolved any issues.   Had problems with DNS scavenging removing some static records.  readded records & made sure the  "Delete
  record when it becomes stale" was unchecked on all static records (all fwd & rev zones).
  Moved all roles from the VM DC to the hardware DC.
  After a week I tore down the 2nd (& last) nt2003 DC (not VM) and rebuilt it as a 2012 R2 DC w/DNS.  Ran dcdiag/bpa and fixed any issues.  Also ran it on the other DCs.
  Removed the VM 2012 R2 DC from the domain (demote, remove features, remove from domain, power off, delete VM).
  Everything seems to be working fine.  dcdiags look clean, event logs seem good.
  Bump forest/domain to 2012 R2 native.
  Then, a few days later,  it goes bad.  I (after hours) install all accumulated updates on both DCs.  Reboot both.
  Next AM a user calls.  Her thin client cannot connect to the terminal services server.  DNS has deleted its dns record, even though the delete when stale was unchecked.  :|  So I readd the static record and turn off scavenging. 
  Problem solved.
  Next call s from a XP user (we have XP, Win 7, and thin clients).  She cannot print.  Printers show "cannot connect".  Try various things to no avail.  Check Win 7 boxes and they're working fine & printers are connected. 
  Note that the XP & Win7 boxes all pull their DHCP address from the same dhcp server/scope.
  Review error logs and run dcdiag.  There are several somewhat esoteric errors.  After several hours or tail chasing I decide to take a more scorched earth tack.  I demote the 2nd DC and remove AD & DNS from it. After demotion and role
  removal I check AD and it still shows the DC.  I remove the now just a server from the domain.  Clean up DNS & AD removing all traces.  This takes a while as I have to run variuos scripts (tahnk you google) to ensure AD is clean.
  Run dcdiag and resolve issues.  Even a detailed dcdiag comes out clean.  Replication tests show the old server is now forgotten.
  Check XP boxes and they still show printers as "cannot connect".
  Remove a XP PC from the domain.  Try to rejoin and I get a error.  Rename it and still get the error.  I can ping, nslookup, etc and they return the correct IP.
  I've tried the simple change the join a domain in system properties.  That gives a somewht non descript error.  The network identification wizard seemed to find the domain but didn't work.  As it was trying to find the PC in AD, I went ahead
  and added it via AD users& Computer console.  Run the wizard and it tells me it found the record in AD.  It then says "a domain controller for the domain [ourdomain] could not be contacted."  !?  Yet the prior screen it told
  me it had found the record for the PC on the DC.
  nslookup for ourdomain.local as well as dcname.ourdomain.local resolve correctly.  Tried chenging the PC to static - no change.  Rename the old win 2012 R2 dc (now just a server outside the domain), reboot, and the try to rejoin the domain. 
  Works flawlessly.
  BTW - We're running tcpip w/o netbios over tcpip.
  So basically my XP boxes cannot use AD printers and cannot join the domain.  IDK if they're picking up gp updates (I'll check in the AM), but I suspect they're not.
  Short of buying a truckload of Win 7 licenses and reloading OSs, what can I do to fix this?
  Details on the XP box error (fyi - I did a record to record comparison to a Win 2008 domain's SRV records and they look identical (except, fo course, the domain& server names)) :
  The domain name [ourdomain] might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.
  If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.
  The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain [ourdomain]:
  The error was: "DNS name does not exist."
  (error code 0x0000232B RCODE_NAME_ERROR)
  The query was for the SRV record for _ldap._tcp.dc._msdcs.[ourdomain]
  Common causes of this error include the following:
  - The DNS SRV record is not registered in DNS.
  - One or more of the following zones do not include delegation to its child zone:
  [ourdomain]
  . (the root zone)
  For information about correcting this problem, click Help.
  dcdiag /test:dns results
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = Domctl1
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\DOMCTL1
        Starting test: Connectivity
           ......................... DOMCTL1 passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\DOMCTL1
        Starting test: DNS
           DNS Tests are running and not hung. Please wait a few minutes...
           ......................... DOMCTL1 passed test DNS
     Running partition tests on : DomainDnsZones
     Running partition tests on : ForestDnsZones
     Running partition tests on : Schema
     Running partition tests on : Configuration
     Running partition tests on : [ourdomain]
     Running enterprise tests on : [ourdomain].local
        Starting test: DNS
           Test results for domain controllers:
              DC: Domctl1.[ourdomain].local
              Domain: [ourdomain].local
                 TEST: Dynamic update (Dyn)
                    Warning: Failed to delete the test record dcdiag-test-record in zone [ourdomain].local
                 Domctl1                      PASS PASS PASS PASS WARN PASS n/a
           ......................... [ourdomain].local passed test DNS

  I see the following errors:
  "TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing
  connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period
  to elapse between successive connections from a given local endpoint to a given remote endpoint."
  Please read that: http://social.technet.microsoft.com/Forums/windowsserver/en-US/d770e9fd-53a2-4ae9-99b3-2754c4564592/tcpip-connection-issue-on-windows-server-2008-sp2?forum=winserverPN
  "DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID      b70 (C:\Windows\system32\dcdiag.exe)."
  As you can see, it is pointing to 8.8.8.8. You need to make sure that public DNS servers are configured as forwarders and not in IP setting of your DCs. Better if you could use your ISP DNS servers as public ones instead of 8.8.8.8.
  Please read this Wiki article for recommendations about IP settings: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
  "               TEST: Dynamic update (Dyn)
                    Test record dcdiag-test-record added successfully in zone [ourdomain].local
                    Warning: Failed to delete the test record dcdiag-test-record in zone [ourdomain].local
                    [Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]
  Here, you need to make sure that only secure DNS updates are allowed if you would like to secure dynamic updates. This is detailed in here:http://social.technet.microsoft.com/wiki/contents/articles/21984.how-to-secure-dns-updates-on-microsoft-dns-servers.aspx
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Cannot bind 10.6 client to 10.7 server

  Hi.
  I have a mac mini with lion on it, and am trying to set up mobile user accounts.
  Trying to bind a 10.6 mac book pro to the server, I go into open dir utility, LDAPv3, edit, click on the server, edit, bind
  and I get the error msg: Unexpected Error while binding. Unexpected error while attempting to bind. Operation cancelled.
  I am sure I have all the admin info correct. This error occurs on a new computer that has never been bound to the computer before.
  Previously I have been able to bind computers to the server (although that was when I was on my own personal network, not at the clients....)
  Please help I'm stuck! I have googled extensivley and nothing has come up.
  Thanks in advance, rhys

  check if the machine all ready exists in OD
  (mac address)
  if it does try removing it and binding the client machine again
  can you join the server without binding

• Samba on Linux with Tiger clients

  Maybe someone can help me with this, I am not sure if this is the place to ask or not... I have a new Linux (SuSE 10) server running Samba. My issues are two-fold. My Tiger clients have to authenticate manually -twice in order to be able to log in. Second, and this is more important, I cannot write to the Home directory once connected, I get a message saying I do not have permission whenever I try to transfer files. Has anyone seen this? Permissions are set to Read/Write on the Linux box. Any help would be appreciated!

  It was answeres in the Networking forum.

• Tiger Clients

  Anyone know if Snow Leopard Server has any issues authenticating Tiger clients?

  I keep getting an "unexpected error while binding" when I try to bind my 10.4.11 clients to my OD.
  My 10.5 server was fine.

• Leopard server, Tiger clients, 'IP address in use' error messages

  I am really at my wit's end here. We have about 100 iBooks running 10.4.11 and a couple hundred MacBooks running Leopard. I took away the job of DHCP from my Windows Server 2003 servers because it couldn't seem to keep the Tiger clients straight, and now the Leopard server is doing the same thing. The laptops are shut down and booted often 10 times a day for use in different classes by different students in different segments of the building, but all the same subnet. Very often, iBooks get an "IP in use by [some other Mac's MAC address], server [IP address of Xserve]" it looks just like this: http://podfeet.com/NosillaCast/NC2006_05_21/iperror.jpg
  In addition, when I go to look up the client list on the Leopard server via Server Admin, it shows several instances of the same computer name, same MAC address, different IP address, as well as same computer name, different MAC address, same IP address, and, of course, same IP address for two or three different computers. This is as bad as, if not worse, than Windows server! But it's only the Tiger clients, and I can easily see the duplications in the list, why can't the server see that and do something about it?
  I am going to be moving to SL server, but not soon enough. Apparently, it's much easier to assign static IP assignments in SL server than Leopard server. I need a resolution for this now, though. I have Googled quite a bit, but nothing I've found matches my situation. And it causes chaos. After the students clear away the IP conflict box, they often cannot log in until a local admin logs in and "renews IP address" or they restart and clear the error boxes until it gets an IP address it will accept.
  I can paste in some console logs if that would help, but essentially, the client refuses the IP address offered by the server, so that suggests that it arps the address itself and determines it's already in use. This whole system, which should be so intelligent, seems so clueless. Why doesn't the server realize it's giving the same IP to different computers, listing the same computers twice with the same and different IPs, etc.? Why doesn't the laptop keep trying to get an IP address? It's extremely frustrating for teachers and students alike.
  I really thought this would get better using Leopard server instead of the Windows server, but it actually seems worse now. I've done tests to see if there is a different DHCP server somewhere, but none ever shows up.
  Anyone with insight, I'd appreciate it. Thanks

  MrHoffman wrote:
  One big 172.16.0.0/12 subnet? Ok. Not my first choice.
  It's /16, but still was not my choice either. With about 50 printers and servers with static IPs that would all need the mask changed, I put off clipping the subnet mask since VLANs were in the works anyway.
  MrHoffman wrote:
  The network traffic for a DHCP lease or a lease renewal is negligible.
  Figure a few messages at intervals of half the lease time for each client.
  There already appears to be a DHCP failure here.
  I tried many different things with the 2003 Servers, usually two at a time handing out IPs (same subnet, different range, i.e. one serving 172.16.2.1-3.254/16 and the other 172.16.4.1-5.254/16), and the iBooks would often sit for minutes without getting an IP at all. I'd have to turn on the Xserve's DHCP server to hand out an additional range in the subnet (172.16.6.1-254/16), and the iBooks would then snap up IPs and authenticate to AD.
  MrHoffman wrote:
  And as for the weirdness, I'd be wondering if the DHCP traffic is being filtered by some of the devices present in this network; it's very easy to have a DHCP server active on a WiFi device (which is why most larger sites have them all configured as APs) and it's also easily feasible to have a rogue WiFi around.
  Thanks, all good ideas, but I don't think the problem here. I have all Airport Extreme base stations in Bridge Mode. I regularly do scans for rogue APs, and the iBooks would not associate to one anyway - they only know the school network and need admin access to change. In fact, so inflexible is Tiger that when I started changing to WPA2 from WPA, same SSID and password, the iBooks would not associate to the WPA2 networks without local admin login and manually choosing the SSID (and the password was still in the keychain and worked). I then brought some iBooks back to an area with just WPA (older firmware on older Airport could not do WPA2) and the iBooks were once again stranded. Leopard laptops moved seamlessly between the same APs.
  I've also done some testing for rogue DHCP servers, but nothing was found, and I've not seen any wierd IPs coming up.
  MrHoffman wrote:
  Subnetting and vlans are options. If this is a decent-sized network, I'd definitely look to subnet it; you're already in line for subnetting now, what with what is probably mixed faculty and student traffic.
  The reason that VLANs are on hold was that I told admin that with our limited wireless network (1 SSID, Airport not VLAN-aware), when they were not in an office with their laptops on ethernet, they'd only get Internet through the wireless (which would be on student/teacher VLAN), no access to admin servers or printers. I was surprised at the vociferous response.
  MrHoffman wrote:
  I'd probably toss a monitor onto different parts of the network - if you've not already tried this - and go hunting for "surprises". (If you're spec'ing out for bids on an upgrade, having packet-monitoring capabilities and rogue detection is really handy. That'll tell you if you have a rogue, or if DHCP traffic is pushing you over the edge.)
  I have an old PC catching syslogs and it has Wireshark, but I haven't turned that on in a while. If I have time, I will see if I can capture anything. I did get bids on Cisco and Procurve wireless and network infrastructure upgrades last year, and pretty much got the 'no way, talk to the hand' response (and a few more Apple APs).
  MrHoffman wrote:
  Go talk to the finance folks and to the school board, and tell them that their servers and their network traffic are all exposed to the students. If they're not running encryption, they're toast. (And they're potentially toast even if they are.) That discussion both for reasons of budget, and to cover you, as this looks to be the textbook network configuration case that eventually "blows up" on the IT staff.
  We're a medium-sized independent high school with a strapped budget. I have requested and explained everything, but it hasn't sunk in. Last year, I made everything work. This year, without all the special qos settings and tweaks to the switches I made last year to keep things mostly together, things are much more wonky (I stripped out all the qos settings over the summer while preparing for the VLANs, which I assumed was a no-brainer to happen. Unfortunately, I didn't document the settings before I cleared them, and I can't quite achieve the same balance this year). And, by the way, IT staff is pretty much me.

• Using 10.6 NetBoot v1.0 with Tiger client images on PPC tray-loading iMacs

  Hi all - I'm a bit confused over some documentation I'm reading. I'm reviewing the "System Imaging and SW Update Admin" guide for Snow Leopard Server (available at http://images.apple.com/server/macosx/docs/SystemImaging_and_SW_Update_Adminv10.6.pdf) and am puzzled on a few things.
  We have several older tray-loading iMacs that currently have client images served up from an old Xserve running OS X Server (Tiger). In the first part of the guide, I saw that the Snow Leopard System Image utility would not work for creating images from older PPC-based systems. However, later in the guide it refers to enable NetBoot 1.0 (which can run alongside NetBoot 2.0) for older clients - specifically including the tray-loading iMac.
  So my question is, how can I go about retiring the old Xserve and still serve/maintain these Tiger client images on Snow Leopard Server?
  Can I simply copy the images to the share point in the new Snow Leopard Server and enable NetBoot 1.0? Would I need to create a new image (using the Snow Leopard Server System Image Utility) that starts from a source Tiger installation disc and then add appropriate software as packages? Or can I simply use those existing images (with what I presume means software cannot be added) and serve them up on Snow Leopard Server?
  Basically, I have those tray-loading iMacs running a fairly minimal setup (base operating system, ability to join to our LDAP server, and very lightweight open source programs). As (if) they die, we are replacing them with newer Intel-based systems. Having said that, there are still at least 9 or so of these tray-loading iMacs quietly humming along with no indication of failure in the near future (nice job, Apple). It's not a problem if I cannot add software to the images (as it seems most software would require Leopard anyway) - but I would like to serve these up on the network. Any thoughts/ideas?

  You can copy your existing images to the 10.6 server, enable NetBoot 1.0, and they will be served up just fine. The only thing you would need 10.4 server for is to create new images.

• Cannot bind (2100)

  Hello everyone,
  I am not able to bind to my server from outside the LAN, but I am within it. I have forwarded every port that could have anything to do with Open Directory and it is still not working. I have verified that the ports are open. I have tried not using SSL (disabling it in Server Admin) and tried with it, neither work. I always get the error Connection failed to the directory server. (2100)
  The reason I'm trying to do this is I am trying to integrate the directory into Wordpress and wordpress cannot bind either, presumably because nobody can from outside the LAN.
  Thank you in advance for any help you can provide.
  Brian

  Indeed the server's certificate isn't trusted.  That's a first hint.  Couldn't hurt trying to install the certificate on the client computer, and then trying to bind.
  If it still isn't working:
  Secondly... Get a copy of the server admin tools for 10.7 if you don't have them already.
  In Server Admin, Connect to your server and click on the Open Directory Service.
  Click the Settings button at the top.
  Click the policies tab
  Click the binding tab.
  For testing purposes ONLY and only do this temporarily...
  Uncheck everything in terms of security.
  Then try to connect.
  After a bit of hunting online, there's another person that had the same issue with no resolution.
  Until he set up a VPN.  Which IMO is probably a better option for you.
  Setting up a VPN will allow you to connect to your network in a secure way across the internet as though you were inside the network.
  It's a bit more letwork on each client, but the security benefits are probably worth it.

• Win 8.1 2010 Outlook Error message: "Either there is no default mail client or the current mail client cannot fulfill..."

  When trying to open Outlook in Win 8.1 I get the error message: 
  "Either there is no default mail client or the current mail client cannot fulfill the messaging request. Please run Microsoft Office Outlook and set it as the default mail client."
  It eventually opens but none of my Mail accounts load. When I click on one of the accounts I get 
  "Cannot expand the folder. Internet mail is not registered properly. Re-install and try again."
  Outlook is set with all its defaults. I've tried going through the Repair routine for Microsoft Office but it doesn't help.

  Hi,
  To delete a profile, you may try the steps below:
  Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps
  carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.
  1. Press Windows key + R to open the Run command.
  2. Type regedit in the Open field and click OK.
  3. Locate the key then right click on it and choose Rename:
  HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem
  4. Type OLD at the end of the name.
  5. Try opening Outlook and it may prompt that you need to create a new profile.
  I hope this can help.
  Regards,
  Melon Chen
  TechNet Community Support

• Windows 7 pro client cannot access folders on server 2003 domain server

  I added a windows 7 64 bit client to a server 2003 32 bit domain 3 weeks ago and file sharing was working fine until today, 5/4/12. Now, when trying to access shared folders that reside on the server,
  I get the following "access denied" message:
  […folder…] is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
  The user name could not be found.
  Strangely enough...
  The windows 7 client
  can open shared folders that reside on the XP clients in the domain
  All the XP clients in the domain can access the server 2003 folders
  All the XP clients and the server 2003 machine can access shared folders and printers on the windows 7 client.
  The windows 7 client can ping the server 2003 machine and vice versa
  I can “see” the server in my network list, but when I click on it, I get the same “access denied” message listed above.
  So... the only problem is that the windows 7 client cannot access folders that reside on the windows server 2003 machine. There must be some sharing setting that got changed
  by a recent windows update.
  Here is what I have done/verified so far on the windows 7 client:
  In advanced sharing settings for Home/Work, Public and Domain profiles:
  network discovery is enabled
  file and print sharing is enabled
  use user accounts and passwords to connect to other computers is selected (I also tried allowing windows to manage homegroup connections instead, but the problem remained.)
  40 -56 bit encryption is enabled
  In “gpedit.msc” Local Policies/Security Settings:
  enabled the following policies:
  Network access: Allow anonymous SID/name translation
  Network access: Let Everyone permissions apply to anonymous users
  disabled the following policies:
  Network access: Restrict anonymous access to Named Pipes and Shares
  Network access: Do not allow anonymous enumeration of SAM accounts
  Network access: Do not allow anonymous enumeration of SAM accounts and shares
  What am I missing? Are there policies on the server that need to be adjusted?
  Please help! My business is crippled if I cannot access server files from this workstation. Thank you in advance.

  As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous
  steps should be helpful for many similar scenarios.  <o:p></o:p>
  If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You
  can also choose to unmark the answer as you wish.  <o:p></o:p>
  In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar
  problems.  <o:p></o:p>
  Thanks!<o:p></o:p>
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.