Mac Thread, Profile Manager (Mountain Lion) in Technical; Hi Guys
First thing to say I now hate macs
Ok I have reinstalled our xserve to 10.8 from 10.6 ...
16th January 2013, 11:59 AM #1
Profile Manager (Mountain Lion)
First thing to say I now hate macs
Ok I have reinstalled our xserve to 10.8 from 10.6 (Not an Upgrade)
Things I have done
- Installed Server Manager
- Configured the server (Out of the following choices, 'Local Network' 'Local Network and using VPN' 'Domain Name' I choose, 'Domain Name') - Don't know weather the above option affects my problem.
- my host name/computername of the server is osxserver.theockendonacademy.com I have not setup any external DNS, or opened any ports, or assigned an external IP address to this server.
- Installed a trused ssl cert
- Created a new open directory
- Static IP Address
- Turned off DNS, add added two forwarders to our two 2012 Windows Servers. Which as a static DNS arecord of the mac server. Also added a reverse lookup zone as I heard you need that. Say for example the IP address of this server is 96.123.12.01. I typed this in for the zone 12.123.96.inaddr.arp. Is that right? And then made ptr record pointing the ipaddress of the server and the hostname.
- Bind the server to AD
- Setup profile manager
- Turned on the webserver
- Install logmein for remote access, so I don't need to stay in the server room.
Right now the actual problem
Any setting i apply after the everyone profile in installed, it doesn't push the update.
I can choose settings on the profile manager, install the everyone profile and it gets alll the correct settings, it just the settings after, it doesnt update.
Thats just the everyone profile. If I customize for example and active directory, nothing happens, its stuck in the queue
Is it because the mac doesn't have an external IP address with a external DNS name?
IDG Tech News
17th January 2013, 08:31 PM #2
- Rep Power
The "stuck in the queue" problem is usually because of firewall rules and the required ports not being open.
Check with your ISP that the following ports are open:
Port TCP 443 (https)
Port TCP 1640 (SCEP)
Port TCP 5223 (APNS)
Port TCP 2195 (APNS)
Port TCP 2196 (APNS)
Hope this helps.
18th January 2013, 12:50 PM #3
Both the firewall on the mac client and the mac server is turned off.
Does the mac server have to have external access for this to work?
It doesn't have an external IP Address/name, it won't have one unless it really need it.
If it does can it go through TMG2010?
23rd January 2013, 02:57 PM #4
pritchardavid - I have come across this before, unfortunately by flaw of design or some great idea depending on your view, the Apple Server running the profile manager and all the devices that you want to communicate the profiles to need to be able to be able to get out to Apple in there (184.108.40.206/8) address range with out the the device will not do anything. Now this is done through a number of ports which need to be open your firewall, if you use your County Council as your ISP then they will need to do it. You need;
1. Ports TCP 5223 need to be open inbound and outbound to/from Your Mac Server and 220.127.116.11/8 addresses (with a RIPE IP)
2. TCP 2195 and 2196 outbound from Your Mac Server to gateway.push.apple.com (18.104.22.168/8)
3. TCP1640 open inbound from http://tools.ietf.org/html/draft-ietf-ipsec-cdp-0 (22.214.171.124) & 126.96.36.199/8 to Your Mac Server (using the RIPE IP)
4. TCP 80 and 443 open inbound and outbound from/to Your Mac Server and 188.8.131.52/8 (using the RIPE IP)
5. Ports TCP 5223 need to be open inbound and outbound to/from Your managed Devices and 184.108.40.206/8 addresses (with a RIPE IP)
6. TCP 2195 and 2196 outbound from Your managed Devices to gateway.push.apple.com (220.127.116.11/8)
7. TCP1640 open inbound from http://tools.ietf.org/html/draft-ietf-ipsec-cdp-0 (18.104.22.168) & 22.214.171.124/8 to Your managed Devices (using the RIPE IP)
8. TCP 80 and 443 open inbound and outbound from/to Your managed Devices and 126.96.36.199/8 (using the RIPE IP)
There is a white paper on the net which has all the address that all managed devices must be able to contact but I cant remember where I got that from.
I hope that helps.
As a side the 188.8.131.52/8 range and all other apple address need to be clean out through any filtering you do.
Thanks to jdell from:
pritchardavid (3rd February 2013)
3rd February 2013, 09:21 PM #5
@jdell Sorry only was looking back at my old treads I started and just saw you posted. Looks like this is not worth mucking around with this then, we don't use ipads, iphones, so configuring outside the network is not needed. Do you know how to use Workgroup Manager? I have added a mac onto the open directory but I cant seem to find it, I know before upgrading to 10.8 from 10.6, I saw macs on there, is there another step?
15th February 2013, 03:24 AM #6
- Rep Power
Originally Posted by pritchardavid
After you bind a Mac to Open Directory, it does not automatically appear in OD as it would in Active Directory. You have to create a manual entry for the computer record and enter the MAC address of the Mac. Then either apply settings to the computer record or create a group record, add the computer record as a member, and apply settings to the computer group.
Last Post: 1st August 2012, 03:17 AM
Last Post: 26th July 2012, 09:04 AM
Last Post: 28th May 2012, 01:57 PM
By ranj in forum Windows Server 2000/2003
Last Post: 24th July 2009, 12:39 PM
By Willott in forum MIS Systems
Last Post: 6th July 2009, 09:52 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)