Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Francesco DellaPorta

Pages: [1]
1
Device self-enrollment service unavailable with Server 4.0.3

Right after upgrading and updating my OS X Server to the version 4.0.3 on Yosemite 10.10.1 an issue with the device management service of the Profile Manager feature just raised. The process of enrolling additional devices, be it a Mac computer or an iOS device, was simple not "happening" any more.

Accessing the user profile page (https://host.example.com/mydevices) via the web browser went through. However, clicking on the ENROLL botton did not produce the expected result: downloading the MDM profile and hence asking for installing it on the device. This message instead was what the OS X Server was sending back to the enrolling device:

Quote
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Apache Server at host.example.com Port 443

By looking into the system.log file it turned out to be a PHP (Hypertext Preprocessor) web service error message coded 503. Ups, the php-fpm (PHP FastCGI Process Manager) service was not running. Such a daemon service is controlled by the system launchd at /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.DeviceManagement.php-fpm.plist
Further investigation on the web, through the man pages, and inside the file system brought me to the following conclusion.

In order for the PHP service, and in so doing the device self-enrollment procedure, to work two configuration files needed to be manipulated inside the Server.app bundle: the com.apple.DeviceManagement.php-fpm.plist and the php-fpm.conf.

1. php-fpm.plist
/Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.DeviceManagement.php-fpm.plist
# Comment out:
<!--
        <key>UserName</key>
        <string>_devicemgr</string>
        <key>GroupName</key>
        <string>_devicemgr</string>
-->

2. php-fpm.conf
/Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/php/php-fpm.conf
# Remove comment (";") for:

        user = _devicemgr
        group = _devicemgr

The first modification is to launch the php-fpm command as root user. The second is needed by php-fpm to define a user for the process to run as.
After changing the files, one needs to reload the php-fpm daemon. This command is made persistent by the system. Unload it first if the operation is already in progress.

Code: [Select]
sudo launchctl load /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.DeviceManagement.php-fpm.plist

'Hope it helps some admins not deploying Device Enrollment Program (https://deploy.apple.com) but instead allowing anyone with a domain login to self-enroll devices.
 
-- Francesco Della Porta

2
Mapping a backup and restore command-line procedure from OS X Server Mountain Lion leads to archiver database error.

Below there is the set of commands which should be able to backup first and, if so required, to restore the Wiki (collab) database.

# Backup Wiki
sudo pg_dump -h /Library/Server/Wiki/PostgresSocket -Fc -Z9 -b -U _teamsserver collab -f /tmp/collab.pgdatabase

# Restore Wiki
sudo pg_restore -h /Library/Server/Wiki/PostgresSocket -1 -U _teamsserver -d collab /tmp/collab.pgdatabase

Both commands have been adapted to match the changes on OS X 10.9.2 and Server 3.1.1 (PostgreSQL 9.2.4). Before restoring the database, the Wiki service needs to be stopped, and hence later restarted. If successful, the backup command returns no standard output. The restore command instead gives an error output:

pg_restore: [archiver (db)] Error while PROCESSING TOC:
pg_restore: [archiver (db)] Error from TOC entry 762; 1247 16905 TYPE acl_action collab
pg_restore: [archiver (db)] could not execute query: ERROR:  type "acl_action" already exists
    Command was: CREATE TYPE acl_action AS ENUM (
    'read',
    'write',
    'delete',
    'own',
    '*'
);

Once cleared, this procedure may well be integrated in the second book "Mavericks Server - Control and Collaboration".

3
The version 1.2 of Mavericks Server - Foundation Services by Reid Bundonis is now available for download on iBook Store.

https://itunes.apple.com/book/mavericks-server/id737392044

New topics include how to monitor the health of your RAIDs, expanded details on what impact the use of RAID has on other features, and how to enable port 311 for managing the server with a web browser.

Happy reading!

Pages: [1]