Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

A fix for an advanced firewall settings issue on Server OS X Server
I had big trouble with the Advanced Firewall settings in Server Admin. I had a lot of double entries in the rules list, but could not delete them. If I moved them up or down, they were copied instead of being moved. If I enabled a disabled rule and saved it, it was automatically disabled again. Many rule numbers were duplicated with different contents.

So here's the fix: Disconnect your server from the internet, then in Server Admin, stop the firewall. Quit Server Admin and open Terminal. Type in the following:
$ cd /etc/ipfilter
$ cp ip_address_groups.plist ip_address_groups.plist.orig
$ sudo open ip_address_groups.plist
Check, edit, and correct all the rules. To see a list of ports, use cat /etc/services. To learn how to set up rules correctly use man ipfw. When all rules are correct, then:
$ sudo mv
$ sudo ipfw flush
Start Server Admin, start the firewall, and check the Active Rules tab. If it is empty, make a dummy change in a rule and save. If everything looks good, bring your server online again.

[robg adds: I can't test this one easily, nor do I know anyone who runs Server regularly. If this hint isn't helpful, please let me know!]
  Post a comment  •  Comments (3)  
  • Currently 2.11 / 5
  You rated: 2 / 5 (9 votes cast)
[9,624 views] Email Article To a Friend View Printable Version
Install ARD Admin 3.0 on a system with ARD Client 3.1 OS X Server
The scenario: I had an OS X Server which I had been accessing via ARD (Apple Remote Desktop). I had recently updated the ARD Client software to v3.1. This morning I needed to install the ARD Admin software on the same server (to use it as a Task server, probably the most useful feature of ARD 3). No joy. The installer complained that the software already installed was a later version than I was trying to install -- 3.1 Client on the server, 3.0 Admin on the install disk.

The reason this happens is that the ARD Admin installer package is actually a metapackage -- a package of packages, if you will. It contains a package for the Admin application and also one for its own version (3.0) of the client software. It's this package that's blocking the install.

The solution is a simple, if not immediately obvious, one. Control-click on the RemoteDesktop.mpkg icon and choose Show Package Contents from the pop-up menu. In the new window that opens, burrow down through Contents -> Installers, and find the RemoteDesktopAdmin.pkg installer. Double-click on that one and ... Presto! one fresh clean installation of ARD Admin.

But it doesn't stop there, sorry. The last thing you must do before launching it is update it with the ARD Admin 3.1 updater. You can use Software Update or download it from Apple's update site.
  Post a comment  •  Comments (2)  
  • Currently 2.36 / 5
  You rated: 5 / 5 (11 votes cast)
[8,103 views] Email Article To a Friend View Printable Version
Work around some bugs with managed printers OS X Server
Managed printers (on managed clients) are convenient, but there are bugs. The problem is the system doesn't clean up after itself. One side effect is the user has old printer configurations that were deleted from the server (this can also result in what appears as duplicate printers, but the config was updated with the same name, or deleted and recreated). Another side effect is with computer list managed printers. For example, computer lab A has printer A managed only. Computer lab B has printer B managed only. The user logs into lab A, logs out, then logs into lab B. They shouldn't see the lab A printer at this point, but they do (because they logged into lab A once upon a time, and this saved in their home folder).

Read the rest for some workarounds to these problems...
read more (144 words)   Post a comment  •  Comments (4)  
  • Currently 1.75 / 5
  You rated: 2 / 5 (8 votes cast)
[10,389 views] Email Article To a Friend View Printable Version
Prevent Black Displays On Managed Clients OS X Server
There is a problem with managed clients and external displays: The user (a high school student, for example) can change the display to an unsupported resolution/frequency, rendering the display useless. When this happens, it's broken for that user on that machine, because of the By Host preferences folder. (What's with that folder anyways? I mean, why?) I know there is that warning and confirmation that will auto-revert, but sometimes it doesn't warn, when it 'thinks' it will work. Anyways, the kids manage to make the display black.

You can always lock out the Displays prefpane with managed preferences, but they can still switch it with the menu extra. So the simple solution is to take away read access for "others" on the menu extra:
sudo chmod 750 /System/Library/CoreServices/Menu Extras/
[robg adds: This older hint explained one way to recover from invalid resolutions. I'm not sure if it's still applicable or not...]
  Post a comment  •  Comments (5)  
  • Currently 1.67 / 5
  You rated: 1 / 5 (9 votes cast)
[6,779 views] Email Article To a Friend View Printable Version
One possible fix for a network user login hang OS X Server
I have seen a network user on a Managed Client logging in hang before the Finder and Dock load, so it just sits there with the desktop picture and only the Spotlight part of the menubar visible. The fix is simple. Delete these folders:


That should resolve the issue for the user whose login was hanging.
  Post a comment  •  Comments (2)  
  • Currently 1.44 / 5
  You rated: 1 / 5 (9 votes cast)
[7,378 views] Email Article To a Friend View Printable Version
Use GeekTool to help with remote monitoring OS X Server
Like many OS X admins, I inherited a bunch of Macs which all look the same, but serve different functions. Since they all pretty much look the same from my VNC/Timbuktu/Apple Remote Desktop window, it's hard to know where I am when I log in. I can't tell which one is an Xserve, and which is a Mac mini...

I could place a folder with the name of the server in the Dock (along with sub folders or files named with IPs or hostnames for quick reference). Or I could use this hint (shameful plug, I know). The problem is, with all of the monkeys' changes, I have more important things to do than modifying screenshots all the time...

Enter our friend GeekTool. Set it up to read/display a text file of the services on the box, as well as current IP addresses and or hostnames, and you've got a dynamic 'desktop' which displays useful information. Someone who's handy with shell scripting might know how to write the scripts to grab the IPs and/or hostnames on the fly. That'd make for a really nifty and useful hint. Happy administering!

[robg adds: GeekTool is a popular topic around here...]
  Post a comment  •  Comments (3)  
  • Currently 1.88 / 5
  You rated: 4 / 5 (8 votes cast)
[12,230 views] Email Article To a Friend View Printable Version
10.4: Another way to view the Server serial number OS X Server
You can obtain the Mac OS X Server serial number (for Tiger) via the command line. At the Terminal on the server itself (or via ssh if you wish), type:
more /etc/systemserialnumbers/xsvr
Press Return, and you should see the serial number displayed. I can't help but think that this could be made more secure rather than being stored as clear text.
  Post a comment  •  Comments (8)  
  • Currently 2.50 / 5
  You rated: 3 / 5 (12 votes cast)
[25,398 views] Email Article To a Friend View Printable Version
Set up server monitoring with Nagios and sendPage OS X Server
I have been running a host monitoring solution (among other things) on an Xserve G5 for about a year now. It has been rock solid stable and has proven to be better than any other solutions I've looked at. It uses Nagios and sendPage, installed on OS X Server.

I've created a fairly detailed writeup covering exactly what I did, in case you'd like to set up the same on your server.

[robg adds: Typically I would ask the author's permission to mirror the actual writeup here. However, in this case, the provided solution is quite lengthy and detailed, and may not be of interest to a huge number of readers, so I think a link to the writeup will suffice.]
  Post a comment  •  Comments (1)  
  • Currently 2.10 / 5
  You rated: 2 / 5 (10 votes cast)
[7,100 views] Email Article To a Friend View Printable Version
Fix Server Monitor's 'waiting for server' message OS X Server
I recently transferred data from an old G5 running 10.4.6 Server to a G5 XServe. All was running well until I launched the Server Monitor application to check the hardware status of the server. The Server Monitor application reported "waiting for response from server." I finally found out that the hwmond config needed to be modified. Rather than editing the file, I ran the hwmondSetup tool via Terminal.

Log in with root access (normally via sudo on the main admin account), then run this command:
When you next relaunch the Server Monitor app, the Status summary is updated showing the correct status of the server. So simple it hurts!
  Post a comment  •  Comments (0)  
  • Currently 2.27 / 5
  You rated: 2 / 5 (11 votes cast)
[11,778 views] Email Article To a Friend View Printable Version
Fix Quark QLA server after Java update OS X Server
After installing the Java 2Platform Standard Edition (J2SE) 5.0 Release 4 on my OS X server running QLA 3.5, the QLA server would not open, run or even uninstall. I had to do the following to revert it back to Java 1.4.2:

In Terminal, run the following commands:
$ su root
$ cd /
$ cd System/Library/Frameworks/JavaVM.Framework/Versions/
$ sudo rm -rf CurrentJDK
$ sudo ln -s 1.4.2 CurrentJDK
After executing the above mentioned commands you should be able to install QLA.

[kirkmc adds: I haven't tested this, but there's always a risk in removing anything rather than backing it up first. So at the rm -rf command, I'd suggest making a copy of the directory with a different name.]
  Post a comment  •  Comments (11)  
  • Currently 1.56 / 5
  You rated: 2 / 5 (9 votes cast)
[11,922 views] Email Article To a Friend View Printable Version