Archive for category Mac OS X Server

Can’t Add User Account to OS X Server

Recently had a request for help from a client who could not add a new user to their Open Directory.  I Googled around for a while before finding an answer that was easier than rebuilding all of Open Directory and its accounts.

Error: eDSRecordNotFound

Solution:  Get Open Directory to restart by turning the SSL option on, then off again.

After this, the user could be added normally.  The error did not occur.

Tags:

OS X Server Duplicate Serial Bug Fixed

An update to my earlier post on this problem: if you have a Mac running OS X Server 10.5.8 or 10.6 and it has more than one network connection to a subnet, it will see itself when it checks for other servers with the same serial number.

Apple has fixed it for 10.5.8 and 10.6.

http://discussions.apple.com/thread.jspa?messageID=10396995#10396995

Apple fixed this problem in the “Mac OS X Server 10.5.8 Update v.1.1”.
<http://support.apple.com/downloads/Mac_OS_X_Server_10_5_8_Update_v_1_1>

The “Network Registration Update” for 10.6 fixes it.
<http://www.apple.com/downloads/macosx/apple/macosx_updates/networkregistrationupdate10.html>

The 10.6.1 update contains the fix as well.
details here: <http://www.apple.com/downloads/macosx/apple/macosx_updates/macosxserverv1061update.html>

Tags:

Controlling Macs with No Keyboard: CD Tray

Titling this one was a little harder than most somehow.   I guess part of it is that there are so many ways to express this.

Today I needed to use a Mac whose monitor got … appropriated… by my family for other purposes. I just needed to use a piece of software there that is only needed once in a … well, almost never.

To get to the point, Apple’s Remote Desktop product is nice, and offers good control, but doesn’t have anything I could find that would eject the tray.  If a disk had been already in it, it could have been used to eject that of course.

Anyway,  the first solution I found is a command-line tool in the Mac:  drutil.  Just connect to the “headless” Mac with SSH in a terminal (there are plenty of how-to’s available via Google) then type this:

drutil -drive 1 tray open

The tray popped out and my problem is solved.

I tried putting this into an AppleScript application so that I could put it on the dock. Then it would only be a click away.  A quick test showed that this does nothing if a disk is actually mounted from the drive.  No error message is generated. It also became clear that this command is literal, it will only open the tray.   To close the tray, I had to issue the reverse command:

drutil -drive 1 tray close

(I suppose that’ll require another AppleScript application.)

If you’d like one, just type the following line into a blank document in the AppleScript Editor program.  The quotes are necessary to send the whole thing together,  othewise AppleScript will try to interpret each word in the line.

do shell script “drutil -drive 1 tray open”

I did search around to see if there was an open/close command.  After all, the eject button on the keyboard gets it right. (when one is connected) and so does the drive’s button (when its not covered up by the Mac case.)  But I didn’t turn up anything in the few minutes available.

Enjoy

Tags: , ,

Mac OS X Server 10.5.8 Problem

Here’s an interesting problem.  It makes you kind of wonder how many different things you need to test for when working on software.

Today I got a call about an XServe having problems serving files.  People had been getting errors that said no more connections could be made to the file server.  Well that didn’t make sense.  The server had an unlimited client license.  But a quick check showed that this was the error being received and that 10 clients were currently connected.

Eventually, it occurred to me that 10 clients was the limit for developer or demo licenses (set by the serial number)  so I went to check the number to see if something had gone wrong.  Selecting the server itself in the list on the left, then “Overview” from the toolbar, I see red text that says “Invalid Serial Number“. Selecting the “Settings” icon in the toolbar, then the “General” tab that appears (because I already know where to look for the serial number), I see:  “Invalid Serial Number: duplicate serial number.

Now my  favorite tool, Google, does well for me now that I know what to ask for. I quickly find this discussion on an Apple forum about this very problem. It reveals that the problem occurs on Mac OS X Servers that have more than one connection to the network on the same subnet, like this one.

Since the double-network setup was to get more network performance for FileMaker and file services, its good to note that the discussion points out Apple articles on suggested methods for combining ethernet ports and link aggregation. I haven’t had time to fully figure out how these suggestions will work with off-the shelf switches, so it looks like I’ll have another entry soon.

So, open suggestion to Apple, Inc:  It would be nice to have a major error like an invalidated serial number presented to the user or admin a bit more prominently.  Perhaps an automatic email about such a change in status, or a notification from the Server Admin application?

Tags: , ,

Don’t Pull Your Hair Out (That’s What You Hire Me For.)

Well, a “fun” day with an Apple X-Server that bears repeating (well, writing down). If your server suddenly stops functioning with no real changes worth noting, you know its going to be an interesting day.

I got called in by a friend and fellow consultant. He told me that the X-Serve would be connected to the network for a short while and then stop. He could make it work by disconnecting the ethernet cable and re-connecting it. That made MacOS reset the connection and it would work for a short while.

After looking over endless settings, preference files, notes online, and a call to Apple support, we were left with the conclusion that we should re-install the OS (reluctantly). This is really something we did not want. (And felt that this was like surrendering, but, being the biggest stick we could hit it with, we thought this would fix it.)

WRONG! After re-installing and following all the instructions from documents, setup wizards and Apple’s instructions from the phone call, IT STILL DROPS OFF THE NETWORK.

In a moment of inspiration (desperation), I thought that the problem might be with the router (a current-model Apple Airport Extreme base station) or with some other equipment hooked up to it all. So it was time to start testing the network.

I started up a TCPDump job on the X-Serve to see if it showed something noticeably weird. There was quite a bit, but the only noticeable was the slowdown in packets once it dropped off the network. One thing that was strange; once the X-Serve could no longer load a web page and no desktop could connect to it, I could still successfully PING the X-Serve from my laptop. WHA?!

OK, at some point, I noticed that “arp -a” on the X-Serve would return a strange entry for x.x.x.255. (Something like ff:ff:ff:ff:ff if I recall.) This seemed symptomatic of the problem, but deleting it accomplished nothing. But AHA! the result of arp -a on my laptop showed that the X-Serve’s IP address was associated with an INCORRECT hardware address (M.A.C. address).

SO! There’s ARP poison coming from somewhere. (Or some kind of hiccup in the Airport.) So, in short order, we disconnected EVERY other device in the network except the DSL modem, Airport and X-Serve. But it STILL happens! We even replaced with the Airport with a brand-new spare of the same mode. (Which happened to be there for expansion plans.) It was STILL getting dropped! (Now we know its a good bug-hunt.)

The last bit needed to root it all out; that bad MAC address. It was always off by 1. The X-Serve has two ethernet connectors, and the information utilities show the two MAC addresses. In this case, they ended with :b0 and :b1. However, whenever the X-Serve dropped its connection, the arp entry on the laptop show the number, but ending with :b2. Resetting the X-Serve connection with the ethernet cable unplug/plug trick would immediately cause it to show as :b0 on the laptop until the next drop.

Well, one more quick call to Apple and we find out that the X-Serve has two EXTRA MAC addresses for the Lights-Out Management (LOM) system. And yes, they are :b2 and :b3 for this X-Serve. This was something I hadn’t realized because I hadn’t looked into using LOM before. In fact, when I went through the setup wizard after the re-install, I had specifically opted out of setting this up.

A quick trip to the Server Monitor program gave it all up. We set it to monitor the X-Serve, used the Server menu’s “Configure Local Machine” option to show LOM and yes, LOM ports 1 and 2 had been configured with the SAME IP address as the manual configuration we specified in the wizard.

So, whenever LOM would do something, the ARP table in the Airport (and any other computer listening) would be updated with the wrong MAC address. (Kind of like ARP poison I suppose.)

A quick change to the LOM settings and all was well. A minute or two later, and I had ARP entries for both the MAC addresses with their separate IP addresses. And the X-Serve has been happy ever since.

Its strangely nostalgic. I recall working on the same problem many years ago (circa 1990 when the MacTCP driver for MacOS 6 had a “dynamic addressing” option. It would create an ARP poison situation too. It had been driving my group nuts and when we found the reason we were able to just set manual addresses for all the computers and keep everyone working with no more dropouts.

Now for some rest. 🙂

Tags: , ,

OS X SERVER 10.5 AND ITS ICAL SERVER

Just got through wrapping my brain around OS X Server’s included iCal or CalDAV server.  It was quite a struggle, but I got it to go for me.  In the end, it was deployed at the customer’s office and was working well to give them a central calendar.

Tags: