Those of you who have taken the plunge into 10.7.3 on your server may have discovered (much to your dismay) that the VPN is broken.
There’s a support article on the Apple support site that will bring your VPN service back to life. Basically, you need to flip a bit on the system VPN account.
This applies to any server that was running VPN prior to the 10.7.3 update, which would be a great deal of us. The good news is… PPTP is now supposedly working. I primarily use L2TP, so I didn’t care so much about that one. But when L2TP was also broken after the 10.7.3 update, I was flummoxed.
If you have a Lion server behind a NAT router (for example, an Airport Extreme or Time Capsule) that is running a VPN service you may have difficulties connecting to it with Windows 7 using L2TP despite the correct setup.
I won’t go into the deep dive on this now, but just a total quick tip. You need to change the encapsulation parameters on Windows 7. Do that by setting a registry key:
There seems to be a great deal of misunderstanding around Apple’s “shared contacts” feature in Lion. If you spend some time searching the Apple Community forums and blogs, lots of folks are claiming that Apple has performed a feat of false advertising over this need.
Indeed, sharing contacts across an organization is a pretty big requirement. Not just do you want to share the contact info of the users in your directory, it would be more than beautiful if you could add shared contacts that everyone could search against.
I’ve published a screencast on how to do this. Here’s a hint: it involves a checkbox in your Lion server setup and some TLC with your Open Directory. Basically, you’ll make your Open Directory searchable by the Address Book Server and use the Directory Utility to put the shared contacts into your OD setup. It works like a charm and there’s no need to share a username and password amongst your users.
Sorry I spoiled the ending for you, but for details on this please watch the screencast. Comment below or contact me if you have any questions, comments or suggestions. I love to hear from folks!
Have any other heavy tips or requirements out of Mac OS X and you just can’t figure it out? Let me know and I’ll see if I can unravel it for you.
Quicktime Streaming Server is not supported on OS X Lion Server.
There are some changes to wikis and mailing list support as well. Here’s a paste from page 17/18 of the guide:
Understanding what can be reused
When you upgrade from Mac OS X Server v10.6 or later, virtually all existing data and settings remain available for use, but note the following:
NetBoot images created using Mac OS X Server v10.5 or later can be reused. NetBoot images created using earlier versions cannot be used.
When upgrading to Lion Server, the launch daemons (/System/Library/ LaunchDaemons) are replaced by the Lion Server version of these daemons.
Open Directory on Lion Server cannot be configured as a primary domain controller (PDC) or a backup domain controller (BDC) using the SMB service.
Lion Server does not support Print service, MySQL, Mobile Access, Tomcat, Axis, or QuickTime Streaming Server (QTSS).
Wiki-based mailing list and archives are not available in Lion Server.
If you are using Mail service with Mac OS X Server v10.6 and are performing the upgrade to Lion Server, make sure your mail data partitions and the mail database are accessible during the upgrade process. This automates the mail migration process and requires you to have no interaction.
I’m a little surprised that Mobile Access is also gone. They were pretty proud of that feature in Snow Leopard Server.
Final Cut Pro X shipped today on the Mac App Store for $299.99.
As I feared, the other utilities that normally ship with the entire suite are broken out as separate apps. Right now, Motion and Compressor have been introduced at $49.99 apiece. I’m a heavy user of all three, so that takes me up to $399.99 for the suite. I also use Soundtrack Pro, but there’s no sign of that program on the App Store yet. I’d imagine that will be released as well.
Since I have workflows that rely on FCP, I’m holding off on the upgrade at the moment. I’ll be watching though. One thing I should point out that is rather compelling. Xsan is built in to OS X Lion, so you will be able to get a nice, fast, redundant disk setup to feed FCP. That’s pretty exciting. The barrier to entry just keeps lowering.
It’s clear that Apple feels they are making money hand over fist with iOS and devices. They’re making so much money in fact that they feel they can push the new software initiatives for almost no price at all. The proof is everywhere:
Lion is practically free ($29.99)
Lion server is practically free, compared to the cost of the server product in the past ($49)
XSan is baked into Lion. Licenses for this product used to be quite costly. Won’t it be awesome when Mac Minis ship with Thunderbolt and you can add this to it?
Apple had already lowered the price of Apple Remote Desktop. I wonder what they’ll do with it next?
iOS 5.0 is a free update.
iCloud is mostly free unless you use iTunes Match, which is $24.99 a year.
That speaks volumes about how they’re making money. It speaks about the strategy and how it’s working. It speaks to how they will grow into other markets where they have not typically been dominant.
I did not use this site to live blog the WWDC keynote because frankly, other people did a fine job of it. I prefer to watch the keynote and let it simmer on my brain. I sprinkle it with a bit of flavor from the other blogs and information on the net.
Then I grab the products and I test it to death.
There’s a lot to like in today’s WWDC keynote. A lot. I wasn’t disappointed in the slightest. Apple has laid down the gauntlet on where they want to go. They’re going to the cloud and they’re creating the “post-PC” era groundwork.
I’ve seen many blogs call today’s announcements a “bloodbath.” In many respects, that’s accurate. If you work at RIM today you have to be thinking that your company’s lifespan just shortened a bit more. Apple is clearly listening to the consumers and learning from the jailbreak market, the Android devices and RIM. They are doing things the “Apple way” and that’s good.
This is, however, a blog about Apple in the Enterprise. I’m going to drop a few tidbits that I think are quite relevant.
Lion client is $29.99 and available from the Mac App Store only. I would assume there is a way to make an installer disk so you don’t have to download this over and over again. I would also assume there is a way to make this available to your Enterprise on a volume licensing-type of arrangement. I’ll be looking into this more.
Lion Server will cost an extra $49 on top of the $29 charge for Lion client. This is huge and will likely increase the install base of the server product.
iOS 5.0′s notification system, iMessage and other features are really huge.
What REALLY matters to the enterprises that I work for: S/MIME support in Mail. I’m so glad to see this. I’m cautiously optimistic that this will work well, but frankly, many folks have screwed PKI up so badly it may not matter.
iCloud is big, but it looks like some elements of iCloud are included in Lion Server so you can make your own private iCloud. I’ll also be looking into this more as time moves on.
MobileMe’s death sentence is interesting. It’s a rare admittance by Apple that something didn’t work. I’m glad to see they’re not afraid to stand up to the product’s failings (and victories) and learn from it. I’ve been looking for ways to migrate off of MobileMe for a while. I’ve only maintained a membership for the syncing of contacts and bookmarks and… well, to make sure I have it to test against in case customers need to know something about it.
Overall, it was a great keynote. Apple is doing fantastic things and I really look forward to delving into it even more. I’m sad that I’m not attending WWDC this year. It’s easily the biggest keynote since the introduction of the iPhone. Whenever there is a huge WWDC keynote like this I usually walk away from it exasperated. I stop and wonder, where in the hell can they take this now? this is already too good.
I know those folks are having a blast and loving life tonight… as am I. This is really quite exciting.
One of the advantages of Security Update 2011-003 (as noted all over the net) is the ability to protect your Mac from the MacDefender trojan and its known variants. It’s really nice to have “invisible” protection from these threats, but what if you need to feel a little safer? Would you like to know when these updates are occurring?
Initial investigations show that the job is handled by an executable by the name of “XProtectUpdater.” It’s located in /usr/libexec/XProtectUpdater.
If you want to see what launchd is doing with this executable, check out:
In there, it’s a good chance you’ll see the directive that fires up XProtectUpdater every 86400 seconds (that’d be 24 hours, by the way). Here’s what your plist file may look like:
If you’re interested in whether or not your XProtectUpdater is running properly, you can always look in your system’s logs. Search under the term “xprotect” and you should see everything pertaining to the updater’s operation.
But suppose you want to know the last time XProtectUpdater was executed? Try this command:
more /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist
You should get back a plist file with a date of the last update. If everything is operating correctly, that was within the last 24 hours.
Apple has released Security Update 2011-003. It is available from Software Update.
One interesting aspect of this update is that it provides a mechanism to automatically download a malware definition update. This setting is controlled in System Preferences/Security Preferences/General.
Blabber back