[afterhours]

[QUOTE][u]Quote by: McDeth[/u][p]

I have run speed test after speed test on our internet connection that consistently yields a rock steady 337KB/sec UL and 319KB/Sec DL (We have bonded T1’s @ ~3.072 Mbps) yet when users are trying to download or access files using AFP or FTP the server will sputter between 0-120KB/Sec and never achieve anywhere close to its maximum theoretical throughout.
In order to try and narrow down the problem further, I have turned off the VPN service (thinking that perhaps the overhead for encryption for multiple users was causing the low throughput) and tried both secure and insecure AFP and FTP downloads from the server. Again, this yielded the same pathetic throughput.

Is there some issue with transferring files over the internet that I’m not aware of? [/p][/QUOTE]

What has your service provider said? I would like to think that you first checked with them to insure there is no filtering on their side that may affect your performance. Of course, the speedtest sites are a first step in testing that, but go beyond them and do your own tests FROM THEN SERVER for ftp’ing to a remote machine that is not on your network — preferably with better bandwidth than you buy so you can truly see any throttling effects.

If you are worried about the machine bogging down, I doubt that is the case. Do you have sufficient RAM installed for the machine? That’s one of the most common bottlenecks I see in servers. People go cheap and think a 512 Mb or 1Gb machine will be able to do all they need.

After you have spoken with your ISP (and gotten through the first level of tech ‘support’ from off-shore), and they claim to have nothing in your way, then you might simply try in the wee hours shutting off all services save for ftp. Test that. If you get close to your specs up and down, then reactivate services one by one, testing in between. You can also pull up something like the server monitor to watch network traffic, or a tool like menumeters instead.

We can speculate all day, but you need to isolate services to see if the behavior manifests irrespective of what is running, or is linked to any one service.

[afterhours]

I had forgotten about this thread. I, too, resolved all issues by picking up a PSU off of eBay and replacing the one that shipped. Not a recurrence of this problem in nearly 16 months since, including an upgrade to Leopard, installation of 6 Gb of RAM and a relocation.

[afterhours]

[QUOTE][u]Quote by: ToddJob[/u][p]Here’s process I use for exampleco.com

1) create a folder called exampleco.com in /Library/WebServer/Documents
2) set up the domain http Server Admin. ie http://www.exampleco.com
3) set up an account in WGM ‘exampleco’
4) set up ftp share point @ /Library/WebServer/Documents/exampleco.com

This is when the problem occurs. http service requires r/w permission to a folder in order to publish web pages. When you upload files via ftp the defaults 755 permissions with the users named ‘exampleco’ this is when the issues happen. http service needs to have user be ‘root’ or ‘www’ or group to be ‘www’ or ‘admin’.

Does this clarify what is happening?[/p][/QUOTE]

Yes, it helps — but you don’t tell us exactly how you create the folder or the share point. We all know the cliche ‘the Devil’s in the Details’ – translation: if you don’t tell us precisely what you are doing at each step, you and we make assumptions that can waste a ton of time. Be explicit on each step, or we just dance around each other.

Sounds like you are creating the folder from the console (you are directly controlling the server, logged in as root or admin) — hence the permissions assigned to whatever you create via command-shift-n.

Reread my post — and understand how Apple’s GUI is functioning. It creates a new user first, then a ‘home’ or series of directories FOR THAT USER when the WGM is used. Upon that creation, the rwx assignments for those folders are given to that new user. Hence the rest of the steps used via their GUI tools (SA as well as WGM) follow the permissions relative to that user’s account. For clarity:

With the WGM, the User account is generated first, then the Create Home Now button creates the subdirectories with the appropriate permissiions to that users’ home folders assigned.

Your method seems to suggest that you are creating a folder that would be owned by the root or admin account by which you log in (either via console, TB2, ARD or however you are getting to the server’s Finder). Bad form, that. And that is the source of your headache. If you are wedded to your method, then I suggest you either add in a step 3b.) where you reassign the permissions for the folder that you create in your Step 1 to the user you create in Step 3 — or you could simply start by creating a new user account as step 0 (System preferences:Accounts), then trudge along with my step 3b.

or you avoid going into the console altogether and adjust your management to start with WGM, followed by the SA as I outlined in my previous post. I’m not mocking you for being pointy/clicky. I’m describing how Apple designed the expected use of the server package, and it was not with the intent that one manually goes in to generate directories under one account, then reassign permissions to match another account. Does that make more sense?

Webstar’s interface (supposedly) took care of permissions assignments, or who knows — maybe it 777’d every bloody folder on the machine. I abandoned all hope after 4D dropped the ball and Kerio bought it to poach the user list for sales calls. Pity that, but we move on.

Once upon a time, I had sketched together a manuscript for Internet serving on a Mac — including management of OSXS. Not exactly a complete work, but it contains some useful info. I can dredge up a PDF copy if you want it.

[afterhours]

How, exactly, are you creating your FTP accounts?

For instance, Apple’s OSXS GUI admin model is to use the WGM settings for each account as FTP access. If you are managing your FTP access in any other means, then return to the GUI for any reason, there’s a good chance your settings will be buggered up.

Let’s run through a setup strictly using the GUI (SA and WGM). Presumably, you would add a new user, and create a ‘home’ for that user. (You’re trying to imitate your Webstar experience, so you likely also set a quota for the account.):

+ New User, gave user/account a name, perhaps created an additional short name to match their existing account on your webstar machine so you don’t confuse them too much. Entered in a strong password (or their prior password) and selected the ‘access account’ checkbox.
Selected the Home tab, highlighted the location of where the new home directory will reside, and clicked on the ‘Create Home Now’ button. Then set a Disk Quota and clicked on Save.

At that point, from the Apple-way of doing things, you’ve just created your ftp account for this new user. Of course, because a home was created, a lot of extraneous folders were also generated that have nothing to do with web serving (and can be eliminated).

Now (again, doing this the ‘Apple GUI’ way), you would likely want to set up the ftp server and the http server to actually serve this account. I want to guess you’ve already figured this ou:

FTP server is pretty brain-dead… just turn it on, set up your authentication, messages, loggins and directory limitations.

Permissions are correct for the ‘Sites’ subfolder that is generated by the above process. Note that the other detris created will have different permissions that an FTP client will NOT be able to defeat.

Not that you asked, but the rest of the simplistic model of site management in a nutshell:

HTTP is the ‘web’ service pane. Go to Settings:Sites, set up your new site (domain), edit its ‘Web Folder location (the home you just created above – select the new Home directory — perhaps in your ‘users’ folder — and select a subdirectory the ftp client can edit fullly such as the default ‘Sites’ folder the WGM creates), check all of your other parameters, save, exit the edit mode, and be sure the ‘enabled’ checkbox is checked (save again). Note that your GUI will not be able to see subsequent Home directories created by the WGM if you try to generate more than one during an edit session as the SA GUI doesn’t update its directory list in realtime. It can only see the first newly-created Home directory after it has been launched. Subsequent Homes exist, but its visible list doesn’t update unless you close the server connection, then re-authenticate the SA back in.

Now that I’ve completely missed the question, can you restate what precisely you’re doing in your management?

[afterhours]

apr400 – thx for the update. I’d love to know what the -127 code means. I’ll go with your premise on -122, but cripes Apple – document this crap somewhere! This sick G5 of ours doesn’t have a video card… makes troubleshooting harder. Has anyone compiled a list of cards that work reasonably?

As for PSUs, you might want to check eBay. <http://cgi.ebay.com/Apple-Xserve-G5-or-Cluster-Node-Power-Supply-DPS-400GB_W0QQitemZ260081334736QQihZ016QQcategoryZ51044QQssPageNameZWDVWQQrdZ1QQcmdZViewItem>

[afterhours]

Holidays and work got in the way of this expensive mothballed monster, but now I need to have the Xserve back in production. I’ve replaced the PRAM battery again, reset the PMU, reset the NVRAM, did a completely clean install of OSXS 10.4.1 (including wiping the drives and setting up the RAID across the two working drives), allowed all updates to download and install — and the problem has resurfaced.

If anything, it may be getting worse. Here’s a sampling of the logs:

Jan 16 11:38:12 mail /usr/sbin/serialnumberd[207]: serialnumberd: Firewall rule #1 added to allow port 626.
Jan 16 11:38:15 mail /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Noticeisabled firewall
Jan 16 11:40:30 localhost kernel[0]: standard timeslicing quantum is 10000 us
Jan 16 11:40:30 localhost memberd[45]: memberd starting up
Jan 16 11:40:30 localhost kernel[0]: vm_page_bootstrap: 253396 free pages
Jan 16 11:40:30 localhost mDNSResponder-107.4 (May 4 2006 16: 34:29)[35]: starting
Jan 16 11:40:30 localhost kernel[0]: mig_table_max_displ = 70
Jan 16 11:40:30 localhost kernel[0]: 89 prelinked modules
Jan 16 11:40:30 localhost kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
Jan 16 11:40:30 localhost kernel[0]: The Regents of the University of California. All rights reserved.
Jan 16 11:40:30 localhost lookupd[49]: lookupd (version 369.5) starting – Tue Jan 16 11:40:30 2007
Jan 16 11:40:30 localhost kernel[0]: using 2621 buffer headers and 2621 cluster IO buffer headers
Jan 16 11:40:30 localhost kernel[0]: DART enabled
Jan 16 11:40:30 localhost kernel[0]: Enabling ECC Error Notifications
Jan 16 11:40:30 localhost kernel[0]: FireWire (OHCI) Apple ID 42 built-in now active, GUID 001124ff fe3a31ec; max speed s800.
Jan 16 11:40:30 localhost kernel[0]: Security auditing service present
Jan 16 11:40:30 localhost DirectoryService[50]: Launched version 2.1 (v353.2)
Jan 16 11:40:30 localhost kernel[0]: BSM auditing present
Jan 16 11:40:30 localhost kernel[0]: disabled
Jan 16 11:40:30 localhost kernel[0]: rooting via boot-uuid from /chosen: 53F7EBFD-9B0E-334A-9052-12690DE9C1C0
Jan 16 11:40:30 localhost kernel[0]: Waiting on IOProviderClassIOResourcesIOResourceMatchboot-uuid-media
Jan 16 11:40:30 localhost kernel[0]: Got boot device = IOService:/MacRISC4PE/ht@0,f2000000/AppleMacRiscHT/pci@7/IOPCI2PCIBridge/k2-sata-root@C/AppleK2SATARoot/k2-sata@1/AppleK2SATA/ATADeviceNub@0/IOATABlockStorageDriver/IOATABlockStorageDevice/IOBlockStorageDriver/Hitachi HDS722580VLSA80 Media/IOApplePartitionScheme/Apple_RAID_OfflineV2_Untitled_3@3/AppleRAIDMember/AppleRAIDMirrorSet/server@0
Jan 16 11:40:30 localhost kernel[0]: BSD root: disk3, major 14, minor 11
Jan 16 11:40:30 localhost kernel[0]: jnl: replay_journal: from: 2788864 to: 5122048 (joffset 0x267000)
Jan 16 11:40:30 localhost kernel[0]: HFS: Removed 3 orphaned unlinked files
Jan 16 11:40:30 localhost kernel[0]: Jettisoning kernel linker.
Jan 16 11:40:30 localhost kernel[0]: Resetting IOCatalogue.
Jan 16 11:40:30 localhost kernel[0]: Matching service count = 0
Jan 16 11:40:30 localhost kernel[0]: Matching service count = 10
Jan 16 11:40:30 localhost kernel[0]: Matching service count = 10
Jan 16 11:40:30 localhost kernel[0]: Matching service count = 10
Jan 16 11:40:30 localhost kernel[0]: Matching service count = 10
Jan 16 11:40:30 localhost kernel[0]: Matching service count = 10
Jan 16 11:40:30 localhost kernel[0]: AppleRS232Serial: 2f262020 80013020 chip base, virtual, physical
Jan 16 11:40:30 localhost watchdogtimerd: Automatic reboot timer enabled.\n
Jan 16 11:40:30 localhost kernel[0]: IOPlatformControl::registerDriver Control Driver AppleSlewClock did not supply target-value, using default
Jan 16 11:40:31 localhost kernel[0]: jnl: replay_journal: from: 4423168 to: 4440064 (joffset 0x267000)
Jan 16 11:40:31 localhost diskarbitrationd[44]: disk0s3 hfs 9F4D646A-5DD0-369F-9C20-C63A48A6D1A2 c /Volumes/c
Jan 16 11:40:31 localhost kernel[0]: BCM5701Enet: Ethernet address 00:0d:93:9d:51:f6
Jan 16 11:40:31 localhost kernel[0]: BCM5701Enet: Ethernet address 00:0d:93:9d:51:f7
Jan 16 11:40:31 localhost kernel[0]: ApplePMU:MU forced shutdown, cause = -127
Jan 16 11:40:31 localhost lookupd[75]: lookupd (version 369.5) starting – Tue Jan 16 11:40:31 2007
Jan 16 11:40:31 localhost diskarbitrationd[44]: disk3 hfs 53F7EBFD-9B0E-334A-9052-12690DE9C1C0 server /
Jan 16 11:40:31 localhost /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Jan 16 11:40:32 localhost loginwindow[77]: Login Window Started Security Agent
Jan 16 11:40:32 mail configd[42]: setting hostname to “mail.rduonline.net”
Jan 16 11:40:34 mail mDNSResponder: Adding browse domain local.
Jan 16 11:40:36 mail kernel[0]: AppleBCM5701Ethernet – en0 link active, 10-Mbit, half duplex
Jan 16 11:40:36 mail configd[42]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network
Jan 16 11:40:36 mail configd[42]: posting notification com.apple.system.config.network_change
Jan 16 11:40:36 mail lookupd[90]: lookupd (version 369.5) starting – Tue Jan 16 11:40:36 2007
Jan 16 11:40:38 mail configd[42]: target=enable-network: disabled
Jan 16 11:40:44 mail /usr/sbin/serialnumberd[212]: serialnumberd: Firewall rule #1 added to allow port 626.
Jan 16 11:40:47 mail /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Noticeisabled firewall
Jan 16 11:42:02 localhost kernel[0]: standard timeslicing quantum is 10000 us
Jan 16 11:42:01 localhost mDNSResponder-107.4 (May 4 2006 16: 34:29)[35]: starting
Jan 16 11:42:02 localhost kernel[0]: vm_page_bootstrap: 253396 free pages
Jan 16 11:42:01 localhost memberd[45]: memberd starting up
Jan 16 11:42:02 localhost kernel[0]: mig_table_max_displ = 70
Jan 16 11:42:02 localhost kernel[0]: 89 prelinked modules
Jan 16 11:42:02 localhost kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
Jan 16 11:42:02 localhost kernel[0]: The Regents of the University of California. All rights reserved.
Jan 16 11:42:02 localhost kernel[0]: using 2621 buffer headers and 2621 cluster IO buffer headers
Jan 16 11:42:02 localhost kernel[0]: DART enabled
Jan 16 11:42:02 localhost kernel[0]: Enabling ECC Error Notifications
Jan 16 11:42:02 localhost kernel[0]: FireWire (OHCI) Apple ID 42 built-in now active, GUID 001124ff fe3a31ec; max speed s800.
Jan 16 11:42:01 localhost DirectoryService[50]: Launched version 2.1 (v353.2)
Jan 16 11:42:02 localhost kernel[0]: Security auditing service present
Jan 16 11:42:02 localhost kernel[0]: BSM auditing present
Jan 16 11:42:02 localhost kernel[0]: disabled
Jan 16 11:42:02 localhost kernel[0]: rooting via boot-uuid from /chosen: 53F7EBFD-9B0E-334A-9052-12690DE9C1C0
Jan 16 11:42:02 localhost kernel[0]: Waiting on IOProviderClassIOResourcesIOResourceMatchboot-uuid-media
Jan 16 11:42:02 localhost kernel[0]: Got boot device = IOService:/MacRISC4PE/ht@0,f2000000/AppleMacRiscHT/pci@7/IOPCI2PCIBridge/k2-sata-root@C/AppleK2SATARoot/k2-sata@0/AppleK2SATA/ATADeviceNub@0/IOATABlockStorageDriver/IOATABlockStorageDevice/IOBlockStorageDriver/Hitachi HDS722580VLSA80 Media/IOApplePartitionScheme/Apple_RAID_OfflineV2_Untitled_2@3/AppleRAIDMember/AppleRAIDMirrorSet/server@0
Jan 16 11:42:02 localhost kernel[0]: BSD root: disk3, major 14, minor 11
Jan 16 11:42:02 localhost kernel[0]: jnl: replay_journal: from: 5122048 to: 1510912 (joffset 0x267000)
Jan 16 11:42:02 localhost kernel[0]: HFS: Removed 3 orphaned unlinked files
Jan 16 11:42:02 localhost kernel[0]: Jettisoning kernel linker.
Jan 16 11:42:02 localhost lookupd[49]: lookupd (version 369.5) starting – Tue Jan 16 11:42:02 2007
Jan 16 11:42:02 localhost kernel[0]: Resetting IOCatalogue.
Jan 16 11:42:02 localhost watchdogtimerd: Automatic reboot timer enabled.\n
Jan 16 11:42:02 localhost kernel[0]: Matching service count = 0
Jan 16 11:42:02 localhost kernel[0]: Matching service count = 10
Jan 16 11:42:02 localhost kernel[0]: Matching service count = 10
Jan 16 11:42:02 localhost kernel[0]: Matching service count = 10
Jan 16 11:42:02 localhost kernel[0]: Matching service count = 10
Jan 16 11:42:02 localhost kernel[0]: Matching service count = 10
Jan 16 11:42:02 localhost kernel[0]: AppleRS232Serial: 2f262020 80013020 chip base, virtual, physical
Jan 16 11:42:02 localhost kernel[0]: IOPlatformControl::registerDriver Control Driver AppleSlewClock did not supply target-value, using default
Jan 16 11:42:02 localhost kernel[0]: BCM5701Enet: Ethernet address 00:0d:93:9d:51:f6
Jan 16 11:42:02 localhost kernel[0]: BCM5701Enet: Ethernet address 00:0d:93:9d:51:f7
Jan 16 11:42:02 localhost lookupd[64]: lookupd (version 369.5) starting – Tue Jan 16 11:42:02 2007
Jan 16 11:42:02 localhost kernel[0]: ApplePMU:MU forced shutdown, cause = -122
Jan 16 11:42:02 localhost diskarbitrationd[44]: disk1s3 hfs 9F4D646A-5DD0-369F-9C20-C63A48A6D1A2 c /Volumes/c
Jan 16 11:42:02 localhost kernel[0]: jnl: replay_journal: from: 4440064 to: 4456960 (joffset 0x267000)
Jan 16 11:42:02 localhost diskarbitrationd[44]: disk3 hfs 53F7EBFD-9B0E-334A-9052-12690DE9C1C0 server /
Jan 16 11:42:02 localhost /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Jan 16 11:42:03 localhost loginwindow[76]: Login Window Started Security Agent
Jan 16 11:42:03 mail configd[42]: setting hostname to “mail.rduonline.net”
Jan 16 11:42:05 mail mDNSResponder: Adding browse domain local.
Jan 16 11:42:07 mail kernel[0]: AppleBCM5701Ethernet – en0 link active, 10-Mbit, half duplex
Jan 16 11:42:07 mail configd[42]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network
Jan 16 11:42:07 mail configd[42]: posting notification com.apple.system.config.network_change
Jan 16 11:42:07 mail lookupd[89]: lookupd (version 369.5) starting – Tue Jan 16 11:42:07 2007
Jan 16 11:42:09 mail configd[42]: target=enable-network: disabled
Jan 16 11:42:16 mail /usr/sbin/serialnumberd[211]: serialnumberd: Firewall rule #1 added to allow port 626.
Jan 16 11:42:19 mail /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Noticeisabled firewall

Note that there are two separate error codes listed when the PMU restarts the machine: -122 and -127. I’ve not found what each of these means (someone kindly point me to a resource? Apple’s link on PMU resets: only touch on the issue (and these steps have not resolved my issues.

Having clues to what these error codes actually mean might assist — or having a way to isolate the problem as part of the power supply, drives, the motherboard or some other component would be exceptionally handy.

[afterhours]

OK — so I went to bed all smug that I had resolved my issue. No dice. This morning, the Xserve was back to its old tricks — same identical symptoms. Same errors in the log, same odd periodicity — between 3 and 6 minutes apart, the daemon restarts the server. I am back to ground zero. Syslogs indicate that my ‘fix’ lasted about an hour, and progressively returned to it’s ugliness.

What is it that the watchdogtimerd isn’t seeing that triggers the restart? Is there anything I should be seeking in the logs beyond timing issues?

[afterhours]

I’ll add to the discussion, ‘though I have (temporarily) resolved the issue.

One of our xserves is a G5 2.3 GHz DP running Tiger Server (unlimited). Had been stable and pretty rock solid for months. Sometime immediately following the security update 2006.007, it went south, but I didn’t notice until a website customer called in a complaint. The machine was not reliably reachable by SA or WGM — I could log in, but then there would be long pause (about a minute) where I couldn’t communicate with the server. During this outage period, the web serving and ftp access also went dark. ARD into the machine, and I found that I could not stay logged in as admin — I would lose the connection.

There was some periodicity to it — between three to six minutes.

Figured it was related to the watchdog daemon. You’ll see log events like this:

Dec 19 12:08:05 localhost watchdogtimerd: Automatic reboot timer enabled.\n

Finally was able to grab some log files from either the system log via SA or ARD and console. We were seeing the -122 error where log events looked like:

Dec 19 12:05:36 localhost kernel[0]: ApplePMU::PMU forced shutdown, cause = -122

This event coincides with every loss of connectivity — time stamps are precise. And it does average about every 5 minutes.

The SA also once reported that my serial number was invalid. Fearing the MacIntel server issue that is currently widely reported after the 10.4.8 update, I thought the same problem slipped into the PPC code in the universal binary — or feared that. They both assured me that mine was the first report of a serial being reported invalid on a PPC OSXS machine. There are plenty of indications that the server is also phoning home or querying the subnet to identify any other same-license machines. That’s apple’s intention to thwart piracy — and bully for them. But all of my systems are legit, so what gives?

In depth discussions with two separate Apple engineers suggested the firewall was to blame. During boot, the newest releases of OSXS invoke the firewall with a dedicated daemon (hence the port 626 getting opened) and it is here where OSXS phones home:

Dec 19 11:54:57 mail /usr/sbin/serialnumberd[215]: serialnumberd: Firewall rule #1 added to allow port 626.
Dec 19 11:55:00 mail /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Notice:Disabled firewall

Both engineers confirmed that this was newer code and doing what we think it is doing, ‘though they offered no information about which database it might be querying. I don’t care about phoning home — I care about server stability. Was this part of the problem? The first engineer told me to boot from the installer and run some diagnostics (including repair permissions — that magic bullet of BSD mysteries). The second engineer wanted me to restore my serial number (re-enter it) — something that really hadn’t occurred to me. I did so, restarted, and the problem remained. But after doing so, while still on the phone with him, I noticed my server time was 3 hrs retarded (left coast time, where we are in EST). OK — so why didn’t it occur to me that this could be PRAM or PMU? Particularly when the PMU is part of the restart cycle. Thinking that I had missed the most obvious of hardware issues, I drove down the to colo facility with battery and kit in hand.

I got there and sat watching the indicator lights on the Xserve. Just watching for ten minutes. I watched without doing anything to the machine. And it restarted, all on its own. About six minutes later, it did it again. Hmmm.

But it wasn’t the PRAM battery. Shut down, pulled the existing battery and it was — ok. 3.6 VDC. Hmmmm. So I reinstalled it, waited the 10 seconds recommended, hit the PMU reset by the power supply once — and slid the server back into the rack. Plugged it back in, restarted, and it’s PRAM date/time was messed up, but it did keep the locality time zone I had repicked just before shutdown. Within a minute, it picked up the correct time, too.

And it has been rock solid since. 10.4.8 (no, I’ve not installed today’s security update). Serving fine and fast, allows for virtually unlimited admin and ARD access. No unexpected behavior.

What corrupted the PMU (or a PRAM setting)? Was it some kind of voltage surge or brownout from my colo’s very expensive power conditioning system? Was it a setting corrupted by one or more software updates? Is there bad code in the latest update(s) or anything else? I don’t know (yet), but I got a gentle reminder that ALL troubleshooting is worth consideration. Methodical and complete diagnostics is far more important than just relying on forums and rumor. I chased a lot of dead ends today because I didn’t initially cover the basics (all in an effort to avoid driving to the machine itself).

Good luck to you all — and don’t forget the basics.

[afterhours]

[QUOTE BY= afterhours] If I wish to run two or more public sites with SSL certs for each one (shopping carts or priviledged content), do I not still need to set the server up for multihoming?

If so, obviously we’ll set up our DNS properly, but is multihoming on OSXS (Tiger) the same as with OS 10.4 Client (replicate a Network preference with the new static IP information for the second IP)?

And if this is the case, do I need to do anything with Apache settings or does its default of wildcarding listening over any IP for that machine take care of serving (provided I install the public cert properly)?

(No, I do not wish to install a self-signed cert… too many chuckleheads would freak about any unexpected dialog or warning onscreen. KISS.)

Has anyone written up a white paper on all of the steps to install a cert in Tiger Server yet? Information seems piecemeal at best — but I’m uncertain if my searches of the kb here and on Apple’s site exhausted the most likely resources.[/QUOTE]

I think I’ve answered some of my own questions. Yes, multihoming seems to work with OSXS just peachy. Generating the cert seemed to work as well via the GUI as through the old CLI method. Josh — do you want a short whitepaper on this?

[afterhours]

If I wish to run two or more public sites with SSL certs for each one (shopping carts or priviledged content), do I not still need to set the server up for multihoming?

If so, obviously we’ll set up our DNS properly, but is multihoming on OSXS (Tiger) the same as with OS 10.4 Client (replicate a Network preference with the new static IP information for the second IP)?

And if this is the case, do I need to do anything with Apache settings or does its default of wildcarding listening over any IP for that machine take care of serving (provided I install the public cert properly)?

(No, I do not wish to install a self-signed cert… too many chuckleheads would freak about any unexpected dialog or warning onscreen. KISS.)

Has anyone written up a white paper on all of the steps to install a cert in Tiger Server yet? Information seems piecemeal at best — but I’m uncertain if my searches of the kb here and on Apple’s site exhausted the most likely resources.

[afterhours]

[QUOTE BY= macshome] Local accounts should show up in WGM just fine. Just make sure you aren’t looking at the LDAP domain, but rather the local NetInfo one.[/QUOTE]

Sure enough, the LDAP was displayed. Once the local directory was displayed, WGM displays the local accounts. I’ll need to dig through Bartosh’s book to grok how the accounts are stored and why these items show up grouped as they do. Guys, I appreciate the nudge in the right direction.

As this is strictly a webserver, OSXS is likely overkill, but it’s certainly nice to be able to play with Panther OSXS for the exposure.

[afterhours]

Yep… our fried geeklog strips out the addresses. One more time with text mode on:

Nov 3 16:21:41 mail postfix/smtpd[20742]: connect from ms-smtp-03-lbl.southeast.rr.com[24.25.9.102]
Nov 3 16:21:41 mail postfix/smtpd[20742]: C3D86A9150: client=ms-smtp-03-lbl.southeast.rr.com[24.25.9.102]
Nov 3 16:21:41 mail postfix/smtpd[20742]: C3D86A9150: reject: RCPT from ms-smtp-03-lbl.southeast.rr.com[24.25.9.102]: 554 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<ms-smtp-03-eri0.southeast.rr.com>
Nov 3 16:21:47 mail postfix/smtpd[20742]: disconnect from ms-smtp-03-lbl.southeast.rr.com[24.25.9.102]

[afterhours]

[QUOTE BY= MacTroll] Convolute the addresses if you want, but please leave them in the logs.

1. How have you attempted to make the server an open relay?
2. What domains do you have set up on the server?[/QUOTE]

Odd — I didn’t strip out the addresses in the post. Naturally, we have to protect our customer’s identity, but they weren’t stripped initially ?!? Perhaps Geeklog does it if text/html mode is toggled.

1. Yes, I opened everything up on the server, yet it won’t accept inbound.
2. mail.domain.com (the same as the MX record in the DNS tables.

I’ll repost the log:

Nov 3 16:21:41 mail postfix/smtpd[20742]: connect from ms-smtp-03-lbl.southeast.rr.com[24.25.9.102]
Nov 3 16:21:41 mail postfix/smtpd[20742]: C3D86A9150: client=ms-smtp-03-lbl.southeast.rr.com[24.25.9.102]
Nov 3 16:21:41 mail postfix/smtpd[20742]: C3D86A9150: reject: RCPT from ms-smtp-03-lbl.southeast.rr.com[24.25.9.102]: 554 : Relay access denied; from= to= proto=ESMTP helo=
Nov 3 16:21:47 mail postfix/smtpd[20742]: disconnect from ms-smtp-03-lbl.southeast.rr.com[24.25.9.102]

where domain.com is the customer’s domain

[afterhours]

Then how would one go about managing email or sharepoints for such an admin account, if it is unavailable through the workgroup manager?

[afterhours]

I have a user account on the server for logging in and administering the Xserve. I cannot use that exact same name for a Workgroup user account (with the identical short name).

[Author]

Posts