VNC: no screen refresh controlling Lion Server

Similar Messages

• What ports need to be open to control Lion Server from a remote location (through Server.app)?

  I need to control a Lion Server from a remote location and need to poke some holes in the firewall, unfortunately, I have no idea what ports those need to be. I can control the Server via the Server Admin application, but it will simply not connect via the Server.app.
  Suggestions?
  Thanks in advance.
  Marius

  Try in the Lion Server Forum?
  Regards,
  Colin R.

• How To Install A (Almost) Working Lion Server With Profile Management/SSL/OD/Mail/iCal/Address Book/VNC/Web/etc.

  I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
  Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
  Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
  Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
  DVD>Disk Utility>Erase Disk  [or Recovery Partition>Disk Utility>Erase Partition]
  DVD>Install Lion
  Reboot, hopefully Lion install kicks in
  Update, update, update Lion (NOT Lion Server yet) until no more updates
  System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
  Terminal>$ sudo scutil --set HostName server.domain.com
  App Store>Install Lion Server and run through the Setup
  Download install Server Admin Tools, then update, update, update until no more updates
  Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
  System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
  A few DNS set-up steps and these most important steps:
  A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
  B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
  C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
  D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
  E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
  F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
  G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
  H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
  I. Test from web browser server.domain.com/mydevices: Lock Device to test
  J. ??? Profit
  12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
  You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
  Firewall
  Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
  SSH
  Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
  PermitRootLogin no
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
  Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
  client$ ssh-keygen -t rsa -b 2048 -C client_name
  [Securely copy ~/.ssh/id_rsa.pub from client to server.]
  server$ cat id_rsa.pub > ~/.ssh/known_hosts
  I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
  $ diff denyhosts.cfg-dist denyhosts.cfg
  12c12
  < SECURE_LOG = /var/log/secure
  > #SECURE_LOG = /var/log/secure
  22a23
  > SECURE_LOG = /var/log/secure.log
  34c35
  < HOSTS_DENY = /etc/hosts.deny
  > #HOSTS_DENY = /etc/hosts.deny
  40a42,44
  > #
  > # Mac OS X Lion Server
  > HOSTS_DENY = /private/etc/hosts.deny
  195c199
  < LOCK_FILE = /var/lock/subsys/denyhosts
  > #LOCK_FILE = /var/lock/subsys/denyhosts
  202a207,208
  > LOCK_FILE = /var/denyhosts/denyhosts.pid
  > #
  219c225
  < ADMIN_EMAIL =
  > ADMIN_EMAIL = [email protected]
  286c292
  < #SYSLOG_REPORT=YES
  > SYSLOG_REPORT=YES
  Network Accounts
  User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
  2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
       User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
  Oh well.
  Email
  Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
  root:           myname
  admin:          myname
  sysadmin:       myname
  certadmin:      myname
  webmaster:      myname
  my_alternate:   myname
  Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
  cd /etc/postfix
  sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
  sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
  sudo serveradmin stop mail
  sudo serveradmin start mail
  Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
  If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
  iCal Server
  Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
  Web
  The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
  $ diff httpd.conf.default httpd.conf
  95c95
  < #LoadModule ssl_module libexec/apache2/mod_ssl.so
  > LoadModule ssl_module libexec/apache2/mod_ssl.so
  111c111
  < #LoadModule php5_module libexec/apache2/libphp5.so
  > LoadModule php5_module libexec/apache2/libphp5.so
  139,140c139,140
  < #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  < #LoadModule encoding_module libexec/apache2/mod_encoding.so
  > LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  > LoadModule encoding_module libexec/apache2/mod_encoding.so
  146c146
  < #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  > LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  177c177
  < ServerAdmin [email protected]
  > ServerAdmin [email protected]
  186c186
  < #ServerName www.example.com:80
  > ServerName domain.com:443
  677a678,680
  > # Server-specific configuration
  > # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
  > Include /etc/apache2/mydomain/*.conf
  I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
  Alias /eyetv /Users/uname/Sites/EyeTV
  <Directory "/Users/uname/Sites/EyeTV">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
  <Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
  Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
  One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
  Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
  User-agent: *
  Disallow: /
  Misc
  VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.

  Privacy Enhancing Filtering Proxy and SSH Tunnel
  Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
  If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
  $ ./ssht 8080:[email protected]:3128
  $ ./ssht 8080:alice@:
  $ ./ssht 8080:
  $ ./ssht 8018::8123
  $ ./ssht 5901::5900  [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
  $ vi ./ssht
  #!/bin/sh
  # SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
  USERNAME_DEFAULT=username
  HOSTNAME_DEFAULT=domain.com
  SSHPORT_DEFAULT=22
  # SSH port forwarding specs, e.g. 8080:localhost:3128
  LOCALHOSTPORT_DEFAULT=8080      # Default is http proxy 8080
  REMOTEHOST_DEFAULT=localhost    # Default is localhost
  REMOTEPORT_DEFAULT=3128         # Default is Squid port
  # Parse ssh port and tunnel details if specified
  SSHPORT=$SSHPORT_DEFAULT
  TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
  while [ "$1" != "" ]
  do
    case $1
    in
      -p) shift;                  # -p option
          SSHPORT=$1;
          shift;;
       *) TUNNEL_DETAILS=$1;      # 1st argument option
          shift;;
    esac
  done
  # Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
  shopt -s extglob                        # needed for +(pattern) syntax; man sh
  LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
  USERNAME=$USERNAME_DEFAULT
  HOSTNAME=$HOSTNAME_DEFAULT
  REMOTEHOST=$REMOTEHOST_DEFAULT
  REMOTEPORT=$REMOTEPORT_DEFAULT
  # LOCALHOSTPORT
  CDR=${TUNNEL_DETAILS#+([0-9]):}         # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      LOCALHOSTPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEPORT
  CDR=${TUNNEL_DETAILS%:+([0-9])}         # delete shortest trailing :+([0-9])
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEHOST
  CDR=${TUNNEL_DETAILS%:*}                # delete shortest trailing :*
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEHOST=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # USERNAME
  CDR=${TUNNEL_DETAILS#*@}                # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%@}                            # delete @
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      USERNAME=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # HOSTNAME
  HOSTNAME=$TUNNEL_DETAILS
  if [ "$HOSTNAME" == "" ]                # no hostname given
  then
      HOSTNAME=$HOSTNAME_DEFAULT
  fi
  ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
      && echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
      || echo "SSH tunnel FAIL."

• Screen sharing to OS X Lion Server with non-admin account

  I have set up a Lion Server with one admin (in addition to the root user) and several non-admin normal accounts. In Server.app, I have enabled remote login with ssh, and remote management via screen sharing.  I am unable to use Screen Sharing to connect to the server from the non-admin accounts, but able to use the admin account. I've read that it is only enabled for admin users, but need to access from non-admin accounts, and I can't add these accounts to the admin group. Is there a way to do this with Workgroup Manager? I tried changing the Remote Management settings in System Preferences by adding the non-admin, but when selecting 'Observe' and 'Control' in the options for the user, they are not saved.

  I resolved this issue by deselecting the "Enable screen sharing and remote management" in Server.app and going to System Preferences, Sharing Preferences, Screen Sharing, and allowing access for "All Users".  If you have some users you want to allow VNC, you can create a group, add the allowed users to the group, and add the group under "Only these users".

• Accessing Xserve with Lion Server from Windows 7 PC via VNC Viewer

  Hello everyone-
  At work we have an Xserve running Lion Server that we are trying to access from a Windows PC runnig Windows 7. We have turned on Screen Sharing on the Xserve and we are using RealVNC's VNC Viewer client to access the Xserve.
  Everything works OK except the Control key is not being passed through to the Xserve, so you can't to teh usual copy/paste commands etc.
  I have checked on the Web but found nothing to resolve this problem. The settings in the RealVNC client are set to pass through special keys, but it is as if the VNC server on the Xserve isn't seeing them.
  Does anyone have any ideas?
  -Mike

  Hi Michael,
  Thank you for clarifying the issue for us.
  I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
  Thank you for your understanding and support.
  Regards
  Kevin
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback
  on our support quality, please send your feedback here.
   

• A stable, fast reliable VNC connection to Lion or Lion server

  I hope this post help people with VNC setup from non Mac machines to a Mac running Lion or Lion Server 10.7.4.
  Apple has changed quite a few things in Lion regrading VNC and screen sharing. As a consequence many VNC viewers are no longer compatible until the VNC software is upgraded to be Lion compatible. You will find many posts about this topic in this forum, eg
  https://discussions.apple.com/thread/3289794?start=0&tstart=0
  Often, the result is that  the user can't proceed beyond the gray login screen (screen locks up etc).
  This post describes how configure Real VNCs VNC server on Lion Server 10.7.4 to work in conjunction! with ARD, thus allowing you to keep screen sharing enabled and still use ARD from client if that is desired)
  Download the VNC server at (Version 5! necessary)
  http://www.realvnc.com/download/vnc/latest/
  and install the VNC server on the host (the computer you want to login to via VNC)
  Single User Host setup
  ==================
  - Install the VNC server and follow the intsruction
  (If you your Mac is configured for remote management, screen sharing, remote apple events the installation may complete with error stating to contact the manufacturer....ignore the error as it most likely caused by a port conflict because VNC server and ARD (or apple scrren sgaring both use port 5900 per default), the software was still completely and correctly installed.
  - start VNC Server by opening Finder -> Applications -> Real VNC -> VNC Server (User Mode)
  You will see a small VNC icon in the top tsak bar of the screen.
  (if you open the "information Center" the issues tab will show a port 5900 conflict)
  - open VNCserver Options and select the connections tab:
  +Change the default port from 5900 to 5901 and serve Java viewer on Port from 5800 to 5801
  + Change Authetication to "Mac password"
  + Select Encryption "always on"
  - Selct the expert tab
  +scroll down to the bottom of the list and change "StopUserModeOnSwitchOut" to "no"
  (this settings prevents the VNC server to be stopped automatically if you have Fast Switching User Mode enabled on the host.)
  - select "Apply"
  (now if you open the Information Center" again, the port conflict problem should be solved.
  - select "open" from the VNC server menu:
  If the configuration was succesful, thw window will show a check mark in a green box stating everything is ok.
  - In addition you will find the address that the client user will need to connect to the VNC server on the host
  it will say something like "VNC viewer user can connect using the address 192.168.x.y:1"
  Note: If you start several VNC servers, each session will need a dedicated port (like 5902, 5903 etc)
  Router/Firewall Settings:
  ===================
  Depending on the router/firewall you use your ports may have been automatically configured for you (airPort extreme for example).
  You need to open port 5901 and 5801 and forward these ports to the IP address of the host. If ARD was alredy working in your setup, you can copy the port coniguration for ports 5900, 3283 and 3306 that are used by ARD and implement the same rules for the new port used by VNC 5901.
  Review the settings of your firewall/router.
  VNC client
  ========
  - download the VNC client for your OS from
  http://www.realvnc.com/download/viewer/
  and follow the install instructions.
  - Start the VNC client on your client PC (Windows for example) and enter the address that the VNC server reported to you earlier (192.168.x.y:1)
  - Encryption : "Let VNC Server choose"
  - select "connect"
  - enter your Mac username and password that was setup on your host
  you are now connected via VNC to your host.
  You can also configure the VNC server to allow other users to login to the same! VNC session using their user credentials (friends/family or serverAdmins that want to share access to the host)
  To do this open the options dialog box on the VNC server host computer and select "configure" next to authentication.
  - add the users that are supposed to get access to your VNC session using their own credentials. (make sure this is what you really want, otherwise read on in the multi user section of this post)
  Multi User Host Setup
  =================
  If multiple users are supposed to access the host computer using their own credentials logging into their own! desktop, follow these instructions:
  - first enable Fast User Switching on your host computer by going to
  System preferences -> User/Groups -> Login Options and select the check box  "show fast user switching menu as..."
  - For each user on the host that should be reached via a VNC session start VNC server (user) as described before and assign a new port number to the new user like 5902 etc.
  - repeat the configuration outlined above for each user (eg. "StopUserModeOnSwitchOut" to "no")
  (note initilally when you start the VNC server for the first time again, you will get notified that a port conflict exists again....this disappears as soon as the new port is configured)
  now another user can login via VNC into his own desktop using the server address : "191.168..x.y.:2"
  Final notes:
  =========
  I spent hours trying to get a variety of VNC viewers to work with the new screen sharing/VNC implementation in Lion and finally gave up. I called Apple Enterprise support and they confirmed that "a majority of the existing VNC products are not compatible with the new VNC implementation in Lion yet and that Apple recommends ARD". The discussion on what other non Mac users (Windows, Linux) should do did not go anywhere....
  I have tested the above configuration with the free version VNC server 5 on the host and the free version VNC viewer 5 on a client. It worked flawlessly, fast, reproducable and very stable. You need to be aware that depending on the features you want (number of desktops, users etc) that you may have to purchase the personal or enterprise edition for the server.
  The featurs are described here:
  http://www.realvnc.com/products/vnc/
  I personally installed the enterprise edition after I verified that the free editions worked stable and reliably as I needed them to work.
  I hope you now have a stable VNC link into your Lion host from the platform of your choice !

  I'm using the free VNC edition from RealVNC on Mt. Lion (10.8.5) and the basic information is in this article for Lion is confirmed for the VNC Server 5.0.6 (r113416) on Mt. Lion.
  The main Options... window shows the Connections tab and I just changed my port to something other than 5900 and the port conflict went away.
  The Free edition does not allow Mac password and encryption can't be enabled. (Ya gotta pay for that.)
  Connected to it from my iPod Touch using Mocha VNC with no problems.

• Mac OS X Lion Server screen freezes frequently

  I have recently purchased the Mac Mini Server with 8GB RAM Upgrade and have been experiencing screen freezes frequently. The Mac Mini is connected to a ViewSonic LED Monitor via an HDMI cable and is running Mac OS X Lion Server.
  It all started a month ago and I suspected it was due to an external hard disk I had. When I removed it the problem didn't crop up for a few weeks. So I thought the issue was resolved.
  Over the past week the problem re-surfaced again and nearly everyday I am experiencing screen freezing about five times a day and the only option is to power down my Mac Mini Server from the power button. This is becoming increasingly frustrating. When screen freezing occurs, everything freezes and I get some small rectangular boxes on screen moving.
  The only things that have changed over the past week was that I installed the latest Safari fix and connected the Harman Kardon Sounsticks II to the Mac Mini.
  Can't understand what is happening. From various threads I read, many mac users are experiencing screen freezes. If anyone has any resolutions please let me know.

  Lion has a screen refresh bug it is just the screen going to sleep and the the screen updating only where the curser moves.

• Screen sharing not working Lion Server

  I can't connect to my Lion Server from any other Mac. I got it working for a few minutes after the first restart but I can't get it to work now. It's a Mac mini server runnning headless. I've even tried connecting it to a TV for a screen and it looks like everything is still set correctly for screen sharing under remote management. I can connect via the Server Admin app (pretty slim compared to 10.6) and via ssh fine. Services seem to be running OK.
  For the life of me I can't see what the problem is. It worked fine under 10.6.8 before upgrading.

  My Mini is running server headless and it works fine for Remote Desktop.  Are you using ARD or standard Screen Sharing from OSX?  Or a VNC client?
  Take a look at:
  http://technotes.twosmallcoins.com/?p=279
  For some notes on how to start the VNC server from the SSH command line.
  But, screen sharing should work for you. 

• I'm trying to use Mountain Lion Server so my family can have separate logins via Screen Share to their iTunes.

  Using Mountain Lion Server so my family can have separate logins and connect via Screen Share.
  Works great, each has their own home directory and permissions are perfect.
  Now setting up iTunes for each with their own Library (not shared), thus keeping multiple Libraries.
  I get this;
  This Computer is already associated with an Apple ID.
  If you download past purchases with your Apple ID, you
  cannot auto-download past purchases with a different
  Apple ID for 90 days.
  What!
  So what it is on the same computer, they are completely separate Libraries never to be mixed.
  If this works, I only need to keep one computer up and running, instead of three.
  Each can do their syncing/backup and connect to the various Airplay/AppleTVs I have around the house.
  How do I fix this.
  Thanks

  Bottom line is you can't - easily.
  You need to make sure that you log out of the server each time otherwise the ID is running. To explain, if you had a laptop with different people using it, your solution works fine. Each time someone logs in, the iTunes ID is different so it works as you can only have one person using the laptop at any one time.
  Now, turning your problem inside-out, you want people to be able to log into iTunes concurrently to use their own version of the program with their own library. This does not seem to work and you get the conflicted ID error message. Even though iTunes is running under their own login ident, I have never been able to get this working reliably and was told that iTunes is NOT a network-aware application as it is designed to be single user.
  The way I got around this was to login as XYZ and to make sure that the ID was changed in iTunes accordingly. However, it did not always work so I gave up with the whole thing.

• Lion server on Mac mini server stop responding to ssh and VNC (other services like mail, ical works well)

  Lion server on Mac mini server stop responding to ssh and VNC (other services like mail, ical works well)
  Version is Lion server 10.7.4
  When I attach a monitor to it, I saw all the buttons and menus stopped responding too. I can only push and hold the power button on the box to shutdown.
  It only started happening recently.
  Anyone has any clue?
  Thanks for the help in advance!!!

  Found that the second hard drive is broken. I have to go to the apple store to have it replaced.
  I had to press the power button to turn the server off for several times, then the broken hard drive went disappeared. After that, I had to disable the Spotlight. Then the server went back to work normally.
  Now I made a CCC copy of the primary hard drive, and would like to have the server run on the external raid disk (connected through thunderbolt). Does anyone have previous experience with it? Any expectable drawback or issue with this setup?

• Lion Server Java Control Panel and Java applications empty?

  I have installed FileMaker Server 12 on a Lion Server (10.7.5). The server is pretty clean, only a few users have been set up for CalDAV and CardDAV use in a small company. While installing the FileMaker software shouted for Java, which I installed from Oracle, version 7 update 10 (used the link).
  But Java is not running fine as it seems. When I open System Preferences - Java to open the Java Control Panel, the panel shows up but is completely empty. And so for any Java program I run, all windows will show up empty.
  Any ideas anyone?

  Try clearing the java cache manually.
  /Users/username/Library/Caches/Java/cache/
  if that doesn't work follow this process.
  Uninstall the JRE7
  Restart
  Install Java for OS X 2012-006
  Restart
  Install JRE7
  Restart
  Lastly, if this is a hackintosh you may be fighting a uphill battle. I saw a known issue posted by oracle with some graphics cards that produced this issue on windows.  

• Any control of iPad system prefs in Lion Server or Configurator

  I've been working with Configurator to set up some test iPads to be used in a library environment, and haven't seen any place where I can disable system sounds, keyboard clicks etc - does anyone know if this is possible under Configurator or Lion Server ?
  Also is there a way to not allow logging out of the Apple ID once the device is configured or to block system preferences all together once configured.
  Thanks
  Rich

  If you do not see something listed on the restrictions list on an individual ipad under settings- general- restrictions then there is not a way to block or disable it.  IOS 6 may provide for more control.  It will allow for disabling the home button but beyond that we will have to see.

• How do I switch remote desktops with lion server screen sharing?

  When I sometimes use the Lion Server screen sharing feature to take over my iMac using my Macbook, I find that I'm not able to switch desktops on the remote computer, i.e. using the three finger swipe.
  Both are running the latest versions of Lion Server.
  Now there MUST be some way to do that right?
  Who knows?

  Hi John, perhaps I did not express myself clearly.
  My desktop iMac is set up with multiple desktops (desktop 1 for system stuff, desktop 2 for mail, messages, skype etc, desktop 3 for Safari and desktop 4 for text proessing, VM-Ware and other work).
  When I work on that machine I'm logged in as one user and use the three finger swipe left and right or the Cmd-1 thru Cmd-4 keys to switch between those desktops.
  I haven't founf how to do that from my a remotely connected MacBook Pro.
  Both of which are running Mountain Lion in the mean time. The iMac runs Mountain Lion Server and the MBP has ML Server installed as well, but nut implemented. Just to be able to use the remote screen...
  Hope this makes my question a bit mre clear...
  Gerard

• Lion Server Screen Sharing for Adminstrator

  I'm having difficulty using my Administrator account for remote screen sharing after the upgrade to Lion Server.  All other remote access tools work (Server Admin, SSH, file sharing, etc.).  I'm also using LogMeIn to get to the server and, if I make an adjustment to standard user account to allow for server administration that account can use screen sharing with no problems.  Only my administrator account does not seem to work.  Has anyone else seen this?

  Hi John, perhaps I did not express myself clearly.
  My desktop iMac is set up with multiple desktops (desktop 1 for system stuff, desktop 2 for mail, messages, skype etc, desktop 3 for Safari and desktop 4 for text proessing, VM-Ware and other work).
  When I work on that machine I'm logged in as one user and use the three finger swipe left and right or the Cmd-1 thru Cmd-4 keys to switch between those desktops.
  I haven't founf how to do that from my a remotely connected MacBook Pro.
  Both of which are running Mountain Lion in the mean time. The iMac runs Mountain Lion Server and the MBP has ML Server installed as well, but nut implemented. Just to be able to use the remote screen...
  Hope this makes my question a bit mre clear...
  Gerard

• REFRESH CONTROL tbcl1 FROM SCREEN '9001' .    ??

  Hi experts,
  I have a doubt.
  I have a tablecontrol TBCL1 in screen 9001 .
  I want to refresh all the tablecontrol data at once ,
  I think *REFRESH CONTROL tbcl1 FROM screen '9001' *.... this statemnet fulfil my needs? But where to use in PBO or PAI,  ?
  Please Explain What is the Exact Use of this staement ??
  Thanks to u all people for your valuable time .

  HI,
  Do exactly as Sachin has said.
  It will solve your problem.
  Write the code for 'Cancel' in PAI and refresh your internal table under this code and see to it that the internal table is not populated again in the PBO.
  Hope it helps you,
  Regards,
  Abhijit G. Borkar