Computers, How to Guides, Mac OS X Server, Networking, News

Using Apple OS X Lion Server as a Home Server (Part 6 – Storage and Network Configuration)

screen-capture-3

You’ll be asked to reserve space for your Time Machine backups – I went with 500GB for now, depending on the size of storage you have available, you may wish to select more or less. Once the app has completed, you’ll immediately receive a pop up asking you to configure a location for your Time Machine backups – remember, this is just for the server backup at this point. We’ll configure client backup a little later.

Select your Drobo as the target for the backup, and that’s our storage expansion completed.

2. Networking

Next, we’re going to jump in with our Networking setup. There are a few tasks to sort out here, which vary depending on whether you wish be able to access your server remotely from outside the home. I think this is an important requirement for a home server, so we’ll set up the server to accommodate. Now, those Windows Home Server gurus amongst you will recall that Microsoft have a great remote access setup experience on the platform – you get a free homeserver.com domain, security certificate (so you can be sure the server you access is really your home server) and special sauce to configure DNS (so you can type in your server’s URL in any browser and it’ll magically find your home server). Depending on your router, WHS will also forward the necessary ports on your router (so that requests that are received by the router from the outside world are sent to your server, rather than other computers on the network). It works brilliantly (with the exception of router configuration, mostly).

Here’s the bad news. None of that exists in OS X Lion Server, so we’re going to need to set it all up manually. “The Server For Everyone”, says Apple – well, not quite yet, chaps. Fortunately, we’ve got your back with the steps required to get your remote access on.

a. Register a Domain

So, working from the top down, we’re going to need a domain with which to access our server. Domains are pretty cheap nowadays, and there are a plethora of hosting companies online, such as godaddy.comnetworksolutions.com, tzo.com and more. Register your domain, drop the hosting company a little cash, and your domain should be available without too much delay. Note: if your ISP uses Dynamic IP addresses (see below), you can use a free Dynamic DNS service which provides a domain, so you can skip this step unless you want to pick your own name.

b. Point Your Domain Name to Your Server

Once the domain is available, we need to tell it the public IP address of our router. Before you do anything else, check with your ISP whether you have a static (fixed) or dynamic IP address. Static is the easiest to work with as it never changes – dynamic IP addresses change each time your router connects to your ISP, so can be more problematic.

If you have a static IP address the easiest way of finding it is to go to http://www.whatismyip.com/ from one of the computers on your network (connected to the Internet via your router) and write down the address listed. Then, head over to your domain registrar’s website where they should have an option to configure the DNS Settings for your domain. Here’s mine:

In my case, I clicked Manage DNS Settings, and then typed in my Public IP address (I’ve made up the IP address in the screenshot below – just to prevent 350,000 people testing out whether they can connect to my server!).

DNS settings usually take up to 24 hours to change, so we can get on with the rest of our server configuration whilst your registrar makes the change in the background, and it propagates around the Internet.

If your ISP only offers Dynamic IP addresses, then you’ll need to register with a Dynamic DNS service such as http://dyn.com/ and configure your domain with their software so it can keep track of your IP address as it changes. There’s a very good walkthrough on configuring Dynamic DNS services here.

c. Configure Your Host Name and Static IP Configuration On the Server

With our external access to our server partially configured, we now turn to the server itself. The next job to do is to configure our Server’s Host Name. OS X Server is a little fussy about naming conventions and we need to let it know that we wish to be able to access the server remotely – with this information, the server can configure itself accordingly. So, open up the Server app (if it isn’t already) and towards the bottom of the window, click Configure Network. In the panel adjacent, you’ll read:

Your server’s host name can only be used on your local network. To allow secure access outside your network, give your server a host name ending with “.private” in the Server pane, and then turn on VPN service. To allow direct Internet access to services without using VPN, register an Internet host name for your server and configure port mapping on your router.

That’s a succinct explanation of the steps we need to take to complete our network configuration. So, click the blue word “Server” which is highlighted, and you’ll be taken to the Network Settings page.

As you can see, the iMac was automatically configured with a computer name (Terry Walsh’s iMac) and has a .local hostname. We’ll need to switch this is a .private hostname to ensure we can access the server remotely. (If you’re just going to access the server on your local home network, you can leave this .local name in place).

Previous ArticleNext Article
Terry Walsh is the founder of We Got Served. He started the community in February 2007 with a mission to help families, tech enthusiasts everywhere figure out the technology needed to run the modern home and small business. He's the author of a number of guides to Windows, Windows Server and OS X Server and runs his own successful publishing business. Born and raised in Liverpool, England, Terry has been awarded Microsoft's prestigious Most Valuable Professional Award each year since 2008 for his work on We Got Served.
  • Craig Givant

    Great work Terry. I'm right behind you and this information is very valuable. I have decided that with the demise of DE and what I feel is the impending "doom" of WHS, this is the way to go. I commented on the 1st of this series just last week not realizing that parts 2-5 had already been written. GREAT read!

    In that comment I stated that I had just recently purchased a Mac Pro and let me tell you THIS is the box to have. I am so impressed by it that words can't say enough. I never dreamed in the MS world of running a server as a workstation but that is exactly what I am going to do. I got an older (early 2008) box but it came with 12GB ram and dual 2.8 GHZ xenon's. It's a beast.

    I purchased a 128GB SSD for the O/S and an eSata Raid card from Other World Computing (OWC). The card was a steal at $59us and it is currently initializing 2 sets of Raid 1 drives. A 3TB mirror and a 2TB mirror which will net me 5TB of redundant storage. The drives are housed in an old external eSata enclosure that was previously used in my Ex470 (I forgot the brand). This leaves me with four (4) open drive bays because I ran a Sata cable from the MoBo to the SSD.

    The initialization is painfully slow but I have read good reviews on the Card ( MAXpower eSata 6G RAID PCIe 2.0 Controller Card) and expect to receive better transfer rates than if I used the "stock" drive bays. And, having those extra four will come in handy I'm sure.

    Tomorrow after both arrays are completely initialized I will install OS X Server and follow your great guide. When it's all said and done I would be happy to report back my personal findings if you don't mind. I'm excited about this project and might even snap some pic's and take some screenies.

    Thanks again for this wonderful piece!!

    • http://www.wegotserved.com Terry Walsh

      Hi Craig,

      Glad you're enjoying the series! The Mac Pro looks like a very powerful option – it most definitely is a beast! Look forward to hearing how you get on!

      Terry

      • Craig Givant

        I want to stress that when I purchased the pro it was not done for the purpose of making it into a "home" server but I had already realized that my current WHS (Ex495) would need to be upgraded to 2011 or that another "option" would have to be found. I'm concerned about the future of this product line and while I heavily embraced the theory back in 2007 I always wanted the devices to do more. This said, I feel that my experience placed me in a category that did NOT fall within the MS marketing strategy for the product line and why this site is so popular with the "technical" users.

        I say all this because my final cost will be way above that of a retail WHS box and honestly the steps involved (as Terry has already pointed out) are not for "everyone". Considering however that I will end up with a highly configurable server AND a highly functional workstation, I may not end up that far away on $$.

  • Chuck

    Thanks as well! I'll echo Craigs comments. I pooled some gift certificates and went and got myself a new Mac Mini server last week. The only major complaint I have right now is utilizing my eSata external arrays on it is a bit kludgy, since there's no thunderbolt adapter yet so I have to use USB.

    • Craig Givant

      Hi Chuck,

      I have an older mini that I use as a media player on the TV but I don't recall ever exploring its insides. I wonder if by some chance there is an extra on-board SATA port that could be cabled to the outside and rigged with SATA to eSata Cable? A nice flat cable might fit through the vents our require minimal "modding".

  • edk

    A well written article with thorough instructions.
    Been thinking about a Mac Mini 😉

    • Eric

      On setup you MUST pick your final host name or expect BIG problems (see comment below)

  • rpeet

    I've been thinking about moving to a mini lately and could not believe when I found this article series! That's exactly the kind of info I was looking for and the instructions are impeccable!
    Been thinking about replacing a Synology NAS used for file and media storage center (paired with a WDTV Live for playback) with a single Mac mini to do all that plus manage two Macbooks and iDevices.
    I'm not experienced with server admin and network setup and the certificate part looks complicated and expensive too. I read in this Apple support page https://help.apple.com/advancedserveradmin/mac/10
    that you can use a self-signed certificate provided by the OSX server. Is that too risky??

    Congratulations Terry and thank you for this guide!

    • Terry Walsh

      I think you’ll be okay with a self-signed certificate, but be prepared for the server to complain at various points during configuration of various features that the certificate “isn’t trusted”. For the purposes of this guide, I went by the book!

    • Eric

      On setup you MUST pick your final host name or expect BIG problems (see comment bellow)

    • Craig Givant

      http://www.cheapssls.com/

      Got 1 year SSL Certificate for $9.95. Go daddy was WAY up there in price. Don't know how you got one so cheap Terry but kudos'.

      Anyway…It took me about 3 hours to get the certificate working. The main issue was their "authentication" process. They would only send an email to the qualified domain name and in my case I was using DynDns. I had no way of creating and email address for that domain… OR … did I ??

      Yes I did… but I had to enable the mail server and figure out how to create a "user". You see, the only email addresses they would send the authentication email to were your standard "admin", "postmaster" etc…….

      My initial reaction to the email server is it's weak. Maybe It's just because I'm a rookie but for the life of me I can't figure out how to create a mail user other than the one that is tied to the local login user name.

      I had to create a user on the Mac called "admin" and only then could admin@mydomain receive email. And only after an hour once I realized I forgot to forward the proper mail ports in the router. Once that was figured out and the mail started flowing I returned to the certificate company and told them to send the email. At that step they balked because I believe they checked MX Records and there are none. They gave me the option to continue anyway and I did. The authentication email finally came through and I was ready to roll.

      I then experienced issues importing the certificate when I received errors that it didn't match the Certificate Signing Request (CSR). I was able to "reissue" the certificate by creating a new CSR and the second time was the charm. Then the intermediate key gave me issues and I had to find another one on their website.

      All in all a very painful experience but its done and I'm ready to move onto part 7.. whew..

      • http://www.wegotserved.com Terry Walsh

        Hi Craig,

        It was definitely a promo deal I picked up at GoDaddy. Shame if it's now ended at it was a cracking deal. The authorisation process is a little easier there, in that they'll email you at an address you nominate with authorisation details, but then you need to authenticate ownership by putting up a webpage on your server with the authentication code. Different vendors, different processes I guess….

        Research I've done to date suggests the mail server is indeed pretty weak – I'll most likely skip it from the series unless I'm a little bored! If i do cover it, it'll be towards the end, as it's lower down the priority order for most home users.

        Well done for sticking with it!

        Terry

  • Eric

    Hi Guys
    Just wanted to let you know I bought a mac mini server and have run into a known issue in the host name. This issue affects almost all aspects of the server operation especially profile manager. There is NO way to fix it other that a re-format.
    So to not run into it you must, on the initial setup, pick the host name you want to use permanently and use it. Even though there is an assistant if you change it, it can mess up a lot of things. It will create DNS problems in the server that must be reconfigured and deleted via server admin to even have access to the web and profile manager. If you get an "index error" on the web interface you must go into terminal and enter this: "sudo serveradmin command web:command=restoreFactorySettings" but be careful with that command it can really mess up your current setup.

    However even treating these specific symptoms profile manager will NEVER work properly and you will likely have enrollement issues with the errors: "SCEP", "Boot Strap", and "trust issues"

    Just wanted to give people a heads up

    • http://www.wegotserved.com Terry Walsh

      Thanks for the warning, Eric – there's definitely a few bugs knocking around in Lion Server for sure right now. So far, I've been reasonably fortunate to get away without hitting any show stoppers, but from time to time, it's a little like walking a tightrope!

      • Craig Givant

        Eric,

        This post worried the $hit out of me because I wasn't up to speed on host names and their role in server access. When you said "during setup" it wasn't clear if you meant the initial "server" set-up or if perhaps you meant all he way back to initial install. Hoping it was simply the former I proceeded and STILL managed to enter the qualified domain name incorrectly. I thought I totally screwed the pooch but I "changed" it to the proper host name and so far all seems to be well.

        At the time of my screw-up I did not have many services running so I think that may be what saved me but so far profile manager seems to work and I have received none of the "error" messages you posted about.

        Thanks for the heads up!

  • Craig Givant

    Regarding the Mail Server….

    I figured out that in order to add an email address you do NOT need to create a "local" user. The trick (well really just my inexperience) was:

    1. Create a user in the server app and give it the email address you wish to use during that initial setup.

    2) Login to your server via http and go to profile manager.

    3) Under the left pane highlight Users and then highlight the new user you just setup and click the general "switch" in the right pane

    4) This should bring up a rather in-depth "settings" panel and EMAIL will be one of the options on the left. Click email and fill in the setup information to your liking. I used IMAP and PASSWORD authentication and matched the username and password to those set-up for the user.

    5) Once everything is filled out simply save and exit and if port forwarding has been set-up correctly on your router mail will get delivered .

    6) Go back to the main http server page and use webmail (at the bottom) to login and check email.

    Note: The mail server needs to be started and Webmail needs to be clicked "on" in the main server application.

    Since Terry does not start discussing the addition of "users" until part 7 of the series some of these steps jump ahead. I found them necessary because that was the only was I could satisfy the SSL company and retrieve my certificate as discussed in my post above.

    Have Fun!

  • Craig Givant

    Sorry for the multiple posts but I just realized that you can get to the profile manager WITHOUT going the http route I suggested above. Simply highlight profile manager in the server application and click "open profile manager" at the lower right side of the profile manager screen.

    You will still need to access your server via http to get to the webmail application but at least this saves a step.

  • Stephen Yuwono

    Thanks for writing this great articles Terry. I got a base mac mini 2011 and replaced the ram to 8gb from kingston. So far it's a great piece of machine. I was thinking about the $399 Drobo since macmini don't have esata and usb3. Do you think it would work like the Drobo S? Thx

    • http://www.wegotserved.com Terry Walsh

      Hi Stephen

      Broadly the same, although from memory I think the Drobo S picked up a little bit of a speed boost when it was released. Nothing too dramatic – 20-25% I believe. Worth trying out, for sure.

      Terry

  • http://www.thefinailmatrixs.com matrix

    Truly insightful appreciate it, I do believe your audience would probably want a good deal more posts such as this maintain the excellent work.

  • jcgomez

    Terry,

    First, thank you. Your series is the most comprehensive Lion Server setup tutorial on the web. I have a question about dynamic public ip's and DNS settings at my registrar.

    My ISP Time Warner Roadrunner does not support static ip's unless you upgrade to "business class," which is a tripling in price and a reduction in speed. Not a real option. Thus, I went to dyndns.com and set up an account with them. If I did this correctly, my router public ip is now being watched and updated by dyndns.com. Big "if." :-)

    My question is now that I have my public ip being monitored, how and where do I point my DNS name servers at my register, which is godaddy.com? For that matter, whose DNS servers am I supposed to point to?

    On your screen shot on Part 6, page 2, Networking b, you enter your static public ip. On godaddy.com, for my particular domain, entering an ip address does not seem to be an option. They are asking for word versus number name servers–for example, NS2.myemailserverhost.net & NS3.myemailserverhost.net, not 72.xxx.xxx.xxx.

    Thank you for all your help.

  • Curt

    This is a great guide and really helpful. I was wondering if it is safe to host file sharing/remote management without VPN, even with setting group permissions. I have been messing around with VPN and trying to get it to work with these services but with no luck.

    Thanks for the help in advanced.

  • http://twitter.com/monokrome Brandon Stoner

    Hey. Great articles! I just wanted to let you know that sometimes you need to quit and restart the Server app (not the hardware) before it recognizes that your key is trusted. I noticed this with mine. After installing the intermediate CA, it said untrusted – but I quit the server and started it again, and it was trusted.

    Might throw a few of people off. Again, thanks for the great article!

    • http://www.wegotserved.com Terry Walsh

      Great tip, Brandon – thanks for sharing it.

  • Kristin

    Hi Terry, Wondering if you have any experience or recommendations on setting up the new Promise Pegasus drive with Thunderbolt connections to a machine running the Lion Server.  I need to set up a storage system for video production and am considering the Pegasus drive with the Lion server and approximately 3-4 workstations.  Any additional info on such a set up would be greatly appreciated. Thank you!

    • http://www.wegotserved.com Terry Walsh

      Hi Kristin – apologies but I don’t. I recall a couple of readers having the Promise Pegasus, so perhaps they could jump in here….

  • http://twitter.com/Chris_Stump Chris Stump

    Great job, Terry et al posting here.  Having fired MS about 2 years ago I have a house full of Macs and my trusty EX475 with about 8Tb of storage.  I had been contemplating a move to WHS2011 but am now thinking the Lion route makes more sense.  I have two questions:

    1. How does the external storage show up on Lion Server?  As a single logical drive (as with WHS v1) or separate volume(s)?
    2. Can anyone tell me what I would need to use an extenral storage case just for storage (apart from drives and a PSU)? I have a Fractal Design case (as reviewed by Jim today) in an unopened box  originally intended for a new WHS2011 build but would much rather use this monster as an external drive atatched to my iMac.

    • http://www.wegotserved.com Terry Walsh

      On point 1 – Drobo’s multiple drives are shown as a single volume if that’s what you want… Or you can split it up into multiple volumes if you prefer – it’s up to you.

  • http://twitter.com/tgustafson85 T$

    So this is probably an incredible newbie question, but I’ve followed your port forwarding instructions “to the T” so I can set this up as a web server, but I’m still not able to access the server when I type in the public IP address.  Domain is forwarded, proper ports are forwarded on the router; but nothing will load on that IP outside this network.   (IE: when I try to access it from my phone)

    Am I missing something incredibly dumb?

  • http://www.facebook.com/mattmuelver Matt Muelver

    Looking for a bit of help… I set up my Lion Server several weeks ago but didn’t really know what I was doing and never really finished. I found this set of articles in my quest to figure it all out and get it going.

    Today I changed my server’s host name from the automatically created “.private” one to a dyndns.org host name. The change looks like it worked as it should have, entering my new address into http://www.whatsmydns.net shows my currently assigned public IP address. The “acid test” in step d however fails on my iPhone using 3G and on my MacBook Air on the same WiFi network as the server machine. When I try it on the server’s own browser it shows the same page as the screen shot. Have I done something wrong? Reading through the comments here there are some stern warnings about entering the “correct” host name from the very beginning, which apparently I did not do.

    What now? TIA

  • R. Roy

    A wonderful set of articles… does anyone have advice for setting up lion server when your ISP issues dynamic IP and blocks ports (like port 80).  It has been kind of a nightmare to get lion server online around these issues.  Thanks.

  • http://www.facebook.com/profile.php?id=639064065 Tom Chignell

    Terry

    Really appreciating your no nonsense guide.  Thank you.

    I’m at an early stage setting up Lion Server on my iMac and I have a 2TB firewire800 connected non RAID disk attached (Pleiades for SATA).  I have Time Machine switched on in the server with the disk selected as the backup destination but if I click on “edit” it asks “Choose destination volume for client Time  Machine backups”.  So I am now worrying whether it is set up to backup the server or only clients?

    I also get a warning on the same dialog box which says “This disk drive may not support Time Machine backup over the network.  Get more information about compatible drives.”

    “more information” points to http://support.apple.com/kb/TA24910?viewlocale=en_US which isn’t very helpful.

    Have I missed something?

    Thanks

    Tom

  • Jeff

    Terry,

    Thanks for this great Lion Server primer.  It has been very helpful.

    If our ISP uses dynamic IP and we register a domain for our server with dyndns, should the SSL certificate be for the dyndns domain or the custom/personal domain that will point to the dyndns address?

    Is it possible to register/transfer your custom/personal domain to dyndns and use it as the address for the server?  If so, any disadvantages? 

  • http://www.facebook.com/profile.php?id=639064065 Tom Chignell

    Terry

    I note that the Apple port forwarding not (http://docs.info.apple.com/article.html?path=Server/10.7/en/r_ServicesPorts.html) has a typo in it.  “Address Book Server” should be 8800 not 8008 which is allocated o iCal Server/

    Having quite a few problems setting all this up.  I have an Airport Extreme router and a DSL modem which is also a router (Vodafone DSL Router).   It is proving very difficult to port forward and to reserve an IP address to my Airport Extreme.

    Thanks

    Tom

  • http://www.facebook.com/profile.php?id=639064065 Tom Chignell

    Terry

    I note that the Apple port forwarding not (http://docs.info.apple.com/article.html?path=Server/10.7/en/r_ServicesPorts.html) has a typo in it.  “Address Book Server” should be 8800 not 8008 which is allocated o iCal Server/

    Having quite a few problems setting all this up.  I have an Airport Extreme router and a DSL modem which is also a router (Vodafone DSL Router).   It is proving very difficult to port forward and to reserve an IP address to my Airport Extreme.

    Thanks

    Tom

    • http://www.facebook.com/profile.php?id=639064065 Tom Chignell

      The Address Book Server SSL port was wrong in this list too.  Was 8443 but should have been 8843.   Sloppy work from Apple.  

      There is a good check list at http://support.apple.com/kb/TS1629 with lots of other port configurations on it too.

  • Ed B.

    Hello Terry,

    I too am having difficulty getting this set up. I am currently stuck because the server app states, “Your network is configured properly” but when I go to the domain name I registered for it, the screen reads…

    Index of /

    NameLast modifiedSizeDescription

    Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2
    PHP/5.3.6 with Suhosin-Patch Server at http://www.10thstreetfileshare.info Port
    443Any suggestions? Thanks!

    • Tomchignell

      Yes, I get similar message

      “Forbidden

      You don’t have permission to access / on this server.

      Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 Server at [domain name removed] Port 443”

      Any ideas?

      Tom

  • Garry

    Terry

    Great series Terry. I’m a computer novice and struggling, but determined to get this to work. When I get to the acid test on page 4 I get a message saying server is unavailable. I’ve checked static IP address and all working OK. I’ve checked with my domain registrar a couple of times and they have checked this out for me and assure me the domain is all set up with static IP adress ok. 

    So next thing I’m checking is configuration of network – on page 3 you say “Next to Configure IPv4, you’ll most likely see the DHCP option set – which means you’re allowing your router to allocate the server an IP address via the Dynamic Host Control Protocol. Click the arrows next to DHCP, and select “Using DHCP with manual address” (which basically means, “I’m happy for the router to allocate the address, but I want to select the address it allocates”) and then type in the IP address you want to use in the IP address field.” 

    The IP address you enter at this stage is what – any number you like? Mine is set to 10.1.1.6 by default – do I need to change this? Maybe I’m on the wrong track – Any suggestions would be much appreciated.

    Im running mini server, time capsule and DLink router.

    cheers
    Garry

    • http://www.wegotserved.com Terry Walsh

      Hi Garry

      Check your router’s IP address and ensure the number you give to the server is in the same series (subnet). So, if your router is 10.1.1.1 for example, then yes, 10.1.1.6 should be fine. Just ensure that the IP address you give to the server isn’t allocated to another device.

      Terry

      • Garry

        Terry – yes router is 10.1.1.1. When I look at the DHCP Clients listed in router I can see other devices (e.g. airport, phone, iPods etc) but 10.1.1.6 is not listed as being the server (10.1.1.6 is not listed at all). Should I try configuring the server with the next free number? Help / suggestions much appreciated.

        • http://www.wegotserved.com Terry Walsh

          You have a choice – you can configure it on the router by allocating an IP address there, or on the Server itself using the steps listed in the article. Either should work fine.

    • http://www.wegotserved.com Terry Walsh

      You’ve forwarded all of the ports, right?

      • Garry

        Hi Terry – many thanks for the reply. On the port forwarding notes (in server “Next Steps”) it states that the airport device should be listed in the Hardware Section of the Server app sidebar – mine is not listed in the sidebar so a little stuck at this stage – any suggestions?

        • http://www.wegotserved.com Terry Walsh

          You should do the port forwarding on your router (you have a D-Link router, right?). There should be a section in the router’s management console to do the port forwarding – without this, you won’t be able to reach the server from the outside world. 

          http://www.portforward.com is a great resource for learning more on how to do this – they have instructions for most routers.

  • Anonymous

    Terry,

    Great work! This series of articles has been a real life saver.

    I have a question regarding the host name: are you able to use a subdomain for directing traffic to the Lion Server?  I own subdomain “example.com” already, created a subdomain “server.example.com” in CPanel and added an A Record for the new subdomain to point it toward my ISP-provided static IP address.  However, I do not see the default OS X Lion Server page when I type “server.example.com” in my web browser.

    The OS X Lion Server was happy with my “server.example.com” domain name and automatically (I think) forwarded the appropriate ports on my Time Capsule, so I’m not sure where I missed out.

    Any ideas?

    • Anonymous

      Never mind Terry — I simply forgot to activate the service on both the Server AND on the Time Capsule.  It’s up and running now!  Thanks!

      • http://www.wegotserved.com Terry Walsh

        Nice catch!

  • http://robertsbrown.com/ David

    Terry 
    Thank you for a very informative series.  I have a problem with my network and I have been struggling for answers.  I notice that you recommend using a registered hostname.  I do have one but the person who set up my system used “x.x.private” hostname. Unfortunately he is now unavailable. However, it made sense to me at the time and I didn’t have a problem with the extra step it took.  I would prefer to have things the way they were but now I am wondering if I should change over. 

    Background information:    I have a mac mini set up as a file server running Lion OS 10.7.2. Public  Static IP address to an Extreme Airport router and a static private IP for the machine – VPN is set up on the server  (reserved n.n.n.201 – 220) and as a service for the router. I have a PC and two mac laptops. Everything was working (though the user accounts were a bit funny)  and I had ‘VNP on demand’ running so I could access my file server while I was on the road.  A couple of things happened and I had to reinstall 10.6 on one laptop (compatibility problems with some software) after which I could not use VPN while I was away – concurrently I could not restore the system with Time Machine (apparently because of some compatibility issues with 10.6 – thought that is a little fuzzy).  I spent a lot of time trying to fix things and probably made things worse.  

    Things work (moderately) well over the home network but I can’t get VPN to work over the Internet. I can ping the hostname over the net.  If I ‘connect’ using Network preferences I get an error message – the server did not respond”. I suspect it is an issue with the server setup or the router – though it could (also) be the settings on the clients.  Server.app gives the right hostname and private IP address. 

    I had not configured port mappings on the Airport router because I understood I should not.  At one stage I read I should NOT enable ‘Default Host’ or “NAT Port Mapping Protocol” so I have unchecked those boxes but it made no difference. (I have to say it seems wrong to have them unchecked).  The public IP address is correct.  The router address under TCP/IP is NOT the network IP address given in other places like the Server.app but it is greyed out.   DHCP has a reserved address for the server. IPv6 mode= Tunnel; Block incoming IPv6 is checked. IPv6 Firewall allows IPSec authentication.

    When I log on to the file server directly using a network account, I get an error message “There was a problem connecting to the server .  This file server is available on your computer. Access the volumes and files locally.” Local accounts don’t give an error message. Two network account servers are visible and active: ‘Local Server” & .private.  Local is above the .  Directory Utility shows two configurations:  one for   (Open Directory; SSL enabled)
    one for 127.0.0.1 (From Server).  The configuration Connections has the right details and ‘Encrypt’ checked;  Search and Mappings = Default; security = use authentication (uid etc.)

    If I log in from a client at home on the network I can’t see network accounts until after I have logged in using a local account.  (Or couldn’t – it just worked for me – after a long delay while I was typing this). Once I have logged in I can access network accounts and files.  (NB The PC has no problems with all this.)  One of my network accounts is the same as one of the local accounts but the local account takes priority when logging on from a client. I tried changing the name of the account on the local machines with no success. I suspect I may have to delete those local accounts and start again. but I am reluctant as there is still some data, browser settings, etc. associated with them.

    On the clients I can see as the only Network Account Server.  I have tried different Directory Utility settings and for the laptop running Lion I used the Profile Manager to export settings but none of them work over the Internet. One of the laptops has a  ‘BSD FlatFile and NIS’ service and I don’t know what that is about.  I can send screen shots of the latest Directory Utility settings if that would help. NB I have tried both the self-created SSL and a purchased one – neither seems to make much difference, I still get – ‘trust’ messages from time to time.

  • Jon

    Hi Terry, great article, thanks!  In my experience, you can easily setup a drobo as a time machine backup for you server and for all the macs on your network without using their time tamer tool, and that way you can actually enter the star wars interface if you like.  The only catch is that you have to be careful to keep an eye on your actual drobo storage, because the mac might think you have much more space available than you really do.  But its not really a big issue because with Lion you can now manually delete old backups very easily.

  • Anonymous

    I don’t know if anyone can help me or not, but I have OSX Server running on a Mac Mini server and everything was working fine until about a week ago when I could no longer access the server via the domain name.  I found that my ISP had changed my IP address, so I quickly went to GoDaddy and changed the A Host Record to the correct IP address…  I then restarted my server and was able to connect…   But now, no matter what I do it will not connect to the domain, I have tried adding new web sites in the Web server, and they keep defaulting back to Var/Empty, so I even went as far as copying the default files into that directory, and still I get nothing when trying to access the server via the internet using the domain name.

    I can connect to the VPN without any issues, and can Screen share all my macs on the network remotely over the VPN… but for what ever the reason I cannot get the WEB Server part to work correctly anymore…  I have even purchased a new Airport Extreme thinking something was wrong with the old one… I have also check the port mapping and everything is good on that end.

    Its very frustrating… Any ideas?  Suggestions?

  • http://codingstable.com Adam @ Coding Stable

    After having gone through the pain of setting up a Lion based home server I stumbled across a DNS problem on the client machines and/or a nat loopback problem. Thought I’d share how I’d solved it here (just in case).

    I have a router which connects to another router/modem. The later is used as both as the former can’t connect to it any other way. That all works fine. Popping the domain name in the browser loads the site fine (indicating that loopback is working) however when trying to load shares via afp they were incredibly slow (getting 1MB/s instead of the 90MB/s I was expecting). After lots of playing around (and also thanks to the latest server update) I noticed that the first router loopback wasn’t kicking and the request was going to the modem/router. The latest server update added a “Connected Users” tab to the File Sharing pane which shows you the IP of the user and I could see that all users were connected from the modem/router IP. The slow speeds, I believe, are down to using that router loopback which is only a 10/100. (Other router is gigE).

    I couldn’t force the first router to kick in (not knowledgable enough about how these things works) but found that if I added the Mac Mini server IP to the client DNS tab (before the others) then it all kicks in nicely and works much quicker. Also aids in the loading of the network login.

    Might help someone, might not and if anyone has any suggestions on how to get it to work properly let me know!

    Should just say that I couldn’t have done half of it without this guide and the e book!

    Adam

  • http://twitter.com/kenhan kenhan

    Thanks for this wonderful post! I think this is the best I’ve seen on this topic by far!
    I’ve somehow cobbled together an install of 10.7.3 server using dynamic dns, set up port forwarding on the router, and set the time capsule that sits between the router and the iMac to have static ip addresses, as well as the iMac. When I attempt to browse to my .dyndns.org site it seems to reach the server, but I get 403 Forbidden page saying “You don’t have permission to access / on this server. Apache/2.2.21 (Unix) DAV/2 Server at somename.dyndns.org Port 80” instead of the screen shot you post above. Do you know what’s causing this? Thanks!

  • Igor Tomashov

    Terry could yu please contact to me and help me to find out what is wrong? Im already 1 week trying to fix the problem but nothing change! My Skype is: bogatirj-ru   Will be very glad to get answer from you!  Thank You! 

  • Randy Thomas

    I bought your book as I was wanting to setup my Mac Pro with OS X server to run a web server. I followed the instructions, including add a SSL certificate. Now my web server is not responding. I had it working without the SSL, but based on your recommendations and being in the security industry I felt it was important to do so.

    I get: “The connection has timed out
         
    The server at http://www.mywebsite.org is taking too long to respond.

    The site could be temporarily unavailable or too busy. Try again in a few
        moments.
      If you are unable to load any pages, check your computer’s network
        connection.
      If your computer or network is protected by a firewall or proxy, make sure
        that Firefox is permitted to access the Web.”

    I find the managing of the web server on Mac OS X to be cumbersome. Can you recommend a good resource to get this thing up and running?

  • Christian Christian

    Hey Terry, thank you so much for this article, it really helped me a lot to get through most of the road bumbs. Now that I want to finalize my server as Mountain Lion comes out I wonder if there will be something similar from you, or an ebook to buy? Thanks!

    • http://www.wegotserved.com Terry Walsh

      Yep, expect to see this towards the back end of the year.

  • skyjumper2012

    Hi Terry im loving the articles on setting up osx server as a home server but am stuck on one thing ,it says osx server does all port mapping for you if you have a time capsule ,i have one and it is set in bridge mode with my normal router will this work ok

Subscribe to We Got Served

Get the latest news and reviews from We Got Served in your inbox. Simply add your name and email address below. You can unsubscribe at any time.

x