Mac Server Update Breaks Profile Manager

Profile Manager 3.2.1 Error – Symptoms

With the recent “Shellshock” exploit floating around, I just went through my servers to get them all up to date. I updated my Mac OS X Mavericks Server to Server.app 3.2.1. In doing this update – it actually broke my profile manager with an error:

We're sorry, but something went wrong. We've been notified about this issue and we'll take a look at it shortly.
We’re sorry, but something went wrong. We’ve been notified about this issue and we’ll take a look at it shortly.

I also received other errors with Profile Manager:
syntaxerror json parse error unrecognized token '>' ok profile manager
Profile manager 3.2.1 was also giving 500 Server errors and in general just would work. I could get to the login screen – but was unable to actually log in. It would redirect to the above error page. More or less, profile manager was completely broken – and I didn’t have a backup to restore to.

After some digging around – it appears that something goes haywire in the upgrade process.  (Like you didn’t already know that! :D)

Profile Manager 3.2.1 Error – The Fix

If you are having the same problems as I posted above, all you need to do to fix Profile Manager 3.2.1 errors is the following.

  1. Run the command:
    sudo psql -U _devicemgr -d devicemgr_v2m0 -h /Library/Server/ProfileManager/Config/var/PostgreSQL -c "UPDATE auto_join_profiles SET usage_log = NULL"
  2. Run the command:
    sudo /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/config/migrateDB

The first command clears out the usage log in the PostgreSQL database. All I can figure is there is something in that Log that the migrateDB command does not like. Once you reset that log – you are then able to successfully migrate the database. You may get one more error page – but just hit the reload button and it will actually load the page after.

Change Active Directory DisplayName Script

I recently imported users to Active Directory and made a mistake on the import script. I accidentally swapped the first name and last name within the Name and DisplayName fields for a few hundred users. I didn’t really want to fix this manually- so I did some digging and pieced together a couple of scripts to do just what I needed within powershell.

This is what I had:

Name: Hunter Daren
DisplayName: Hunter Daren
GivenName: Daren
Surname: Hunter

Basically – I had the correct Given and Surname – but mixed them up in the script for DisplayName and Name.

  1. Open windows powershell with administrator privileges.
  2. You will need to import Active Directory Module. import-module activedirectory before you can run the commands below.
  3. To swap the DisplayName – I created the following script:
    Get-ADUser -SearchBase ‘OU=Your,OU=Organizational,DC=test,DC=com’ -Filter * -Properties displayname | % {Set-ADUser -Identity $_ -DisplayName (“{0} {1}” -f $_.GivenName,$_.Surname)}You will just need to swap out your SearchBase with the OU information where your users are located.
  4. Here is the script I used to change the Name in Active Directory:Get-ADUser -SearchBase 'OU=Your,OU=Organizational,DC=test,DC=com' -Filter * -Properties displayname | % {Rename-ADObject -Identity $_ -NewName ("{0} {1}" -f $_.GivenName,$_.Surname)}

These two Active Directory Scripts will change the Name and DisplayName for all users in the specified OU. Keep in mind – I was changing to first name and last name.

You can change the ("{0} {1}" -f $_.GivenName,$_.Surname) to meet your specific needs. ("{0} {1}" -f $_.GivenName,$_.Surname) is just concatenating the First Name and Last Name together with a space between.

For example – you might want to use ("{0}.{1}@{2}" -f $_.GivenName,$_.Surname,"yourdomain.com") which would give you firstname.lastname@yourdomain.com

Dish Network Hopper Rebate Promo Codes – Save $50

Rebate Codes For Dish Network Hopper

It is easy to save $50 on your bill – just give the redemption code below when you are signing up for Dish Network Hopper!  Please let me know if you use these so I can take them offline!

Hop110905187
Hop091632354

If you would like to save $50 when switching to Dish Network – use one of the following Dish Network promo codes.

Dish Network Promo Codes

HOP01122312212/06/1212/31/14
HOP00898373812/06/1212/31/14
DRD75345818512/02/1212/31/14
DRD74951197212/02/1212/31/14
HOP15621875811/14/1302/10/14
HOP15279846611/14/1302/10/14
HOP15203045111/14/1302/10/14
HOP13273957311/06/1302/03/14
AHP00142261711/04/1301/20/14
HOP12643857709/26/1312/23/13
HOP11090518709/17/1312/11/13
HOP09575468309/16/1312/11/13
HOP09163235409/16/1312/11/13
HOP08202678709/10/1312/09/13
HOP05596174508/27/1311/25/13
HOP05267280808/06/1310/31/13
HOP04389127206/28/1309/25/13
ADG17355495806/19/1309/14/13
HOP02839933705/13/1312/31/14
HOP02312630704/12/1312/31/14
HOP01572341304/12/1312/31/14
HOP01548278704/12/1312/31/14
DRD66822481003/16/1312/31/14
DRH87579988502/06/1312/31/14

Mac OS X Server Mavericks Profile Manager: “A Server Error Has Occurred” after uploading dock.plist

The Problem

I am using Mac OS X Server on Mac OS X Mavericks to manage the Apple devices at our school. Specifically – I set up the dock icons exactly how I wanted them arranged. I then uploaded the com.apple.dock.plist to profile manager. It detected all of the settings and everything was find until I clicked “Save.” Immediately after that – I was no longer able to load the device groups page and I got the dreaded “A Server Error Has Occurred” and to “Contact my system administrator if the problem persists”.

No matter what I did – I could not get the page to load. I knew it had to be a corrupt profile as it happened immediately after I pressed save. Resetting profile manager to default was not an option as I had many other profiles loaded already and didn’t want to lost them.

The Solution

There is a postgressql database that stores all the profiles. I went in and manually deleted the profile for the device group that I had created and that fixed the issue. I believe these commands will only work on OS X Server on Mavericks as the database is in a different location then past versions.

1.) Open up Terminal.app

2.) Command to list all of the tables:

sudo psql -h "/Library/Server/ProfileManager/Config/var/PostgreSQL" -U _devicemgr -d devicemgr_v2m0 -c "\dt"

3.) Command to list all profiles so you can find the corrupt one:

sudo psql -h "/Library/Server/ProfileManager/Config/var/PostgreSQL" -U _devicemgr -d devicemgr_v2m0 -c "select * from profiles"

This is going to spit out all the tables – you will need to widen out your Terminal window so you can see everything correctly.

4.) Find the id of the profile that you believe to be the culprit and delete it with the following command:

sudo psql -h "/Library/Server/ProfileManager/Config/var/PostgreSQL" -U _devicemgr -d devicemgr_v2m0 -c "delete from profiles where id=15"

Cisco ASA 5520 Won’t Boot – Booting System, Please wait.

I recently had an extended power outage at work in which our battery backups ran out of power and took our network offline. After the power outage – the network started coming back online.

The Problem

While the entire network came online and I could access everything locally – I was no longer able to pass traffic to the outside world.

A trip to my network closet showed the status light on my Cisco ASA 5520 firewall was blinking a steady green. After hooking up the serial cable to the console port on the firewall and monitoring the boot up with Tera Term – I was greeted with a message, “Booting System, Please wait.” The startup never went any further than that message.

The Fix

I decided to take the top case off the fire wall to see what I could do to recover the config file. There are 16 screws across the top and on the side of the unit that are extremely easy to remove. Once inside – I saw two pieces of ram(same that is in a computer). On a whim – I pulled one of the ram chips out and powered on the firewall. Sure enough – the Cisco ASA 5520 was able to boot again.

Long story short – I had some ram from other computers that I was able to replace the bad memory and was back up and going! Took me the better part of a Saturday to get the school back online and saved the school about $6,000 at the same time!

This ended up being a very easy fix. The ram was as easy to replace as a computer! Plus, I had enough spare ram to actually give the unit an upgrade.

AppleTVs losing connection on Cisco Wireless Controller

Problem:

Recently, I saw an issue with AppleTVs disconnecting from our Cisco Wireless Network. No matter what we did, the AppleTV would just lose its IP Address and Wireless Signal. This was actually happening at two separate location- both had a Cisco Wireless Controller. After about 60 seconds – the AppleTV would connect again. Then, after a very short amount of time, it would disconnect again.

The AppleTV would work just fine with a wired connection and it worked using an old Airport Extreme Basestation.

The Fix

The Apple TVs were tripping the IP Theft or IP Reuse Client Exclusion Policy on the Cisco Wireless Controller. If you have access to your wireless controller – you can search the “Most Recent Traps” section for excluded clients. This fix will only work if you see the mac addresses for your AppleTVs in this log and it should say excluded next to it.

Example:
Apple TV IP Excluded

 

All of our Apple TVs were being excluded for some reason due to that policy. There was also a rule that would unexclude after 60 seconds – which is why the AppleTV wireless connection would work and then disconnect.

Unchecking the IP Theft or IP Reuse setting under Security -> Wireless Protection Policies -> Client Exclusion Policies has solved this issue for us.

Windows 7 Can’t Connect to Mac OS X VPN Server

How To Connect Windows 7 To Mac VPN Server behind Firewall

Background of problem:

I had a Mac OS X VPN Server set up at a school district that was behind a firewall. It was set up with a static 1 to 1 NAT so that it could be reached publicly. I was able to connect to the Mac VPN with all of my mac devices and had no issues. However, my boss – a windows user – wanted access. Her Windows 7 machine was not able to connect to the VPN Server. No matter what settings we tried it just would not connect.

I spend hours googling and searching the internet for a solution to my problem. I figured that it must be something incompatible between the Mac server and Windows 7. As it turns out – it really had nothing to do with the fact that it was a Mac server. According to Microsoft, Windows by default does not support IPSec over NAT. What this means is that no matter how hard your try to connect to an IPSec VPN that is behind NAT – Windows is not going to connect.

How To Fix:

  1. Log on to the Windows Vista client computer as a user who is a member of the Administrators group.
  2. Click Start Start button, point to All Programs, click Accessories, click Run, type regedit, and then click OK. If the User Account Control dialog box is displayed on the screen and prompts you to elevate your administrator token, clickContinue.
  3. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
     Note: You can also apply the
    AssumeUDPEncapsulationContextOnSendRule
    DWORD value to a Microsoft Windows XP Service Pack 2 (SP2)-based VPN client          computer. To do this, locate and then click the following registry subkey:     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
  4. On the Edit menu, point to New, and then click DWORD (32-bit) Value.
  5. Type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.
  6. Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.
  7. In the Value Data box, type one of the following values:
    • 0
      A value of 0 (zero) configures Windows so that it cannot establish security associations with servers that are located behind NAT devices. This is the default value.
    • 1
      A value of 1 configures Windows so that it can establish security associations with servers that are located behind NAT devices.
    • 2
      A value of 2 configures Windows so that it can establish security associations when both the server and the Windows Vista-based or Windows Server 2008-based VPN client computer are behind NAT devices.
  8. Click OK, and then exit Registry Editor.
  9. Restart the computer.

How to allow non-admin mac user to use App Store

How to allow non-admin mac user to use App Store

There are times you may need to provide a non-admin user access to purchase and install apps from the Mac App Store.  However, out of the box – the Mac Operating System does not allow this due to that user not having full permission.  When a user installs an app – it installs to the /Applications folder which requires administrative rights. In a situation where giving admin rights to that user isn’t feasible – there is a work around.

I have a non-admin user named “Tom Foolery”. I would like him to stay a standard user – but have access to purchase and install from the App Store.  Here is what I do:

Add Non-Admin User to _appstore Group

  1. Log in to the computer as a user with Administrative Rights
  2. Open up your command line by clicking the Spotlight   located in the top right of your Mac screen to search for the Terminal command line.
  3. Type in “Terminal” and then click on the Terminal app. 
    Once Terminal.app opens  you are now ready to type commands to add the non-admin user to the _appstore group.
  4. Type the following command:
    sudo dscl . -append /Groups/_appstore GroupMembership tomfoolery

    You will need to replace “tomfoolery” with your username. Don’t know what username you should use. Use the following command to list the users on your OS.

    sudo dscl . -list /Users

    Be sure to copy the username exactly as listed and insert it into the dscl command.

  5. Now login as the non-admin user and enjoy your access to the App Store!

Keep In Mind

When a user installs an app from the App Store – the App Store is actually controlling the installation and setting the permissions.  Meaning – an app installed by a non-admin user is going to be installed in the /Applications folder as user System and group Wheel.  What this means is that they will not be able to delete the app after they install it because they won’t have permission.

DISH Network Whole Home DVR Hopper and Joey

DISH Network Whole Home DVR Hopper and Joey – My Thoughts

I recently made the switch from Time Warner Cable to DISH Network.  There were many reasons for this change.  The two main reasons were 1.) DISH had better features and 2.) DISH was less expensive. This was a big change for me as I was always pleased with the service Time Warner provided.  Let me clarify, pleased in that the cable rarely went out. Ever since I was a kid I heard horror stories of satellite losing signal. This really turned me off as I knew it would really annoy me to have the satellite go out every time it rained or snowed.

After seeing some pre released information about the Hopper and Joey system, I realized the features of whole home DVR out weighed the chance of signal outage.  Living in Northern Maine, I called Time Warner to see if they have whole home DVR.  While they do provide it in some locations, it is not available in Northern Maine. That settled it! I decided to switch and am now getting way better features while saving about 40% off my bill!

The Good

Whole Home DVR

First of all – I have to say the Hopper offers some incredible features.  With Time Warner Cable – I had one HD DVR.  The Hopper provides me with one HD DVR as well – but I can access it anywhere in my house! I have three TVs and they all link back to the hopper. This allows me to watch anything I want – wherever I want.  Previously, with Time Warner, every time I wanted to watch the DVR in another room – I would unhook the cable box and bring it to another room.  I no longer have to do that. The Hopper makes it so the DVR is right at your fingertips.

You are able to set up recordings from any TV. You can watch your DVR at any TV. You can watch OnDemand content at any tv.

The Guide

The Guide works great as well.  One thing that always annoyed me with Time Warner Cable was that every time the power went out, or you had to unplug the DVR – the guide would have to re download and it would take for ever.  NO MORE! The Hopper saves the guide and if the power goes out or your need to power cycle – the guid is right there and ready to go. No more waiting for the guide to download!

Another great feature of the guide is the search function.  It allows you to search the guide for upcoming shows/sports. I have used this many time to find my favorite playoff game. Just put in a filter for the particular sport you are looking for – and boom, within seconds you have found what you are looking for.  You can search by any category imaginable.

The Remotes

The remotes are great as well.  They have an awesome feature that doesn’t require one to point the remote at the cable box.  It works wirelessly. If you want to tuck away the Joey out of site – not a problem. The remote will still work!

The Trade-Offs

The SATELLITE

You must have a satellite attached to your home and some people really find that to be an eye sore. I was fortunate to have a great installer come and we worked together to find a spot that was not sticking out. He also did a fantastic job with the cable runs and am very happy with the quality.

Glitches and Bugs

I have noticed a few things with the Hopper and Joey system that seem to be a bit glitchy. I have contacted DISH Customer support and they are usually very supportive and helpful.

One of my main issues is that on the Joey – the fast forward is extremely unreliable. When I press fast forward – the problem is when I press play.  It seems to just pick a spot to start playing. It isn’t where I actually hit play.  It might be 40 seconds before or 3 minutes later. It is an extremely frustrating experience to try to fast forward through commercials.  This only occurs on the Joey – not the main Hopper itself.  I actually have to use the SKIP FWD button to get through commercials.

I have contacted customer support – and they told me to power off all of my equipment and power it back on. I did this – but of course it didn’t fix anything.  I suggested that it might be a software bug and they are adamant it isn’t.  I even showed them some posts where other people experienced it – didn’t matter.  I am sure they will eventually realize there is a problem and it will be fixed.

Along those same lines – I have had some recordings just get skipped.  They are series recordings and one week they just don’t record. There are no conflicts that are causing them – and they say the are all set to record… but then they don’t.  Quite annoying as I don’t get the locals OnDemand so I end up having to watch them online. I also contacted them about this issue and they said a reboot in equipment should also fix this.  I’m skeptical – but maybe. This has skipped recordings maybe 4 out of 40 shows.  This is 10% – which is WAY too often for my liking.

Two Satellites

On our house – we required two satellites because the locals were on a different satellite than the HD. This was a huge downer for me as I hate cluttering up the house.  Not to mention these locals come in terrible here in Northern Maine.  Unfortunately, the Hopper doesn’t accept over-the-air signal from an antenna – so we are stuck with the glitchy local Presque Isle stations. I am hopeful that they will transition to HD someday soon!

Overall

Overall – I am extremely pleased with the DISH Network services.  The online services are great.  The features of the Hopper are all I could ever ask for. I would recommend this package to everyone as you can’t beat the price to functionality ratio.  I have had the service for about a month now and am happy to report the dish signal hasn’t been out yet! I am still hopeful that DISH will get the Locals in HD as the locals on DISH in Northern Maine are terrible.  They glitch regularly – but it isn’t DISH’s fault.  The Locals are on an older satellite band and really needs to be updated. I mean, come on – it’s 2012!

Thanks for checking out my thoughts on the DISH Hopper Package. Any questions comments – feel free to ask below!  Experiencing the same issues let the world know below!

Update

Finally, after about a year and a half, I can honestly most of the growing pains associated with the hopper are gone! Furthermore – we finally get the locals in HD and can utilize primetime anytime. The DVR capacity still blows my mind. I currently have 80 some movies and 110 tv shows to watch and still have a ton of free space left. Yes, I do need to start getting caught up on the DVR! 🙂

BASH Scripting – How To Create Executable Script

There are many ways to achieve this – but I find this to be the fastest way as it is all done through command line.

Creating The Script File

Open Terminal.app from /Applications/Utilities/Terminal.app

In the Terminal window that opens, we are going to create a directory called scripts on our desktop and then create a shell script file within that directory – use the following command:

//"mkdir" creates a directory on your desktop - no different than right clicking on desktop
mkdir /Users/yourusername/Desktop/scripts

//"touch" just creates an empty file with a name and extension you specify
touch /Users/yourusername/Desktop/scripts/kickstartscript.sh

We also need to make the script executable.

//chmod is used to set permissions - in this case, executable permissions
chmod +x /Users/yourusername/Desktop/scripts/kickstartscript.sh

You now have an executable file. You can use any text editor (may I suggest TextWranger – just do a google search for it) to open the file made in the scripts directory on your desktop. You may also use VIM or other command line text editor as well, but chances are if you are reading this – you would be better suited to start with a program based text editor like TextWrangler.

Once you have the file open – all you have to do is add

 #!/bin/bash 

to the top of your file and you are ready to start scripting.

The line above just tells Terminal that it is a bash file with bash commands.

Thanks for reading!