If you can't access the administration page
Profile Manager's basic setup is within Server app. Using this service requires using Safari to access Profile Manager's mydevices webpage and the administration webpage.
Only server administrators are allowed to access your administration page. The URL format for your administration page is:
- https://your_server's_fully_qualified_domain name/profilemanager
Example: http://www.example.com/profilemanager
Mac computers and iOS devices can enroll by visiting:
- https://your_server's_fully_qualified_domain_name/mydevices
Example: https://www.example.com/mydevices
If you have difficulty accessing your server's administration page using a web browser other than Safari, try using Safari before trying other steps.
Check DNS
Profile Manager requires Open Directory or Active Directory. These directory services can be used locally, or from another server. An important part of setting up these services is related to DNS. If Profile Manager doesn't open, make sure your server is pointed to a reliable DNS server. You can also use Server app to set up DNS so that your server can resolve itself.
If your server migration wasn't successful
If Profile Manager isn't properly set up after migrating from an earlier version of OS X server, you can use this Terminal command to try migrating again:
sudo /Applications/Server.app/Contents/ServerRoot/System/Library/ServerSetup/CommonExtras/80-devicemgrcommon.sh
Check SACLs when users can't access Profile Manager
In OS X Server version 2.2 and earlier, Service Access Control Lists (SACLs) are an "allow or deny" list of directory users who are able to use the Profile Manager service. Any users that are part of the Open Directory group "Workgroup" are allowed to access this service. If a user is not able to access this service, check the group's membership.
If you can't push profiles or apps to clients
If you are experiencing issues pushing profiles or apps to client systems, check the system log file in Console. If this log reports that your server cannot reach Apple's APNS servers, check your network's configuration to ensure all ports needed are open.
You can also enable APNS debug logging for more information using these Terminal commands in OS X Mountain Lion and Mavericks:
sudo defaults write /Library/Preferences/com.apple.apsd APSWriteLogs -bool TRUE
sudo defaults write /Library/Preferences/com.apple.apsd APSLogLevel -int 7
sudo killall apsd
The resulting log file can be found at /Library/Logs/apsd.log.
When you're finished logging your APNS transactions, use these Terminal commands to disable debug logging:
sudo defaults write /Library/Preferences/com.apple.apsd APSWriteLogs -bool FALSE
sudo defaults delete /Library/Preferences/com.apple.apsd APSLogLevel
sudo killall apsd
If you're experiencing other issues with Profile Manager
Examining Profile Manager logs can help you resolve issues related to Profile Manager. There is a symbolic link named “devicemgr” located at /var/log. This file points to /Library/Logs/ProfileManager, where you can find these items:
| devicemgrd.log |
|
| dmrunnerd.log |
|
| migration_tool.log |
|
php.log |
|
php-fpm.log |
|
php-fpm.devicemgr.log |
|
| PostgreSQL-<yyyy-mm-dd>.log |
|
| profilemanager.log |
|
| scep_helper.log |
|
| servermgr_devicemgr.log |
|
The system logs located in /var/log/ can also provide helpful information.
About transaction "failures"
You might see transaction "failures" or retries listed in some of these logs. Most of these entries are expected and don't generally indicate an issue. These logged events are simply conflicts between concurrent attempts to modify the underlying PostgreSQL database. These kinds of transactions are automatically retried if they aren't successful the first time.
Transaction conflicts can be identified by any of the following notes in your log files:
- Canceled on conflict out to pivot
- could not serialize access due to concurrent update
- @@@ Retry #X
- @@@ Retry X
Use verbose logging to find more info
Sometimes there might be more information available for troubleshooting an issue if you increase the log level. To gather the information you need, reproduce the issue after increasing the logging level.
When you're finished troubleshooting, revert to the original logging level. Leaving the logging level at a higher setting decreases free space on your startup drive. Be sure to revert to the original logging level when you are done troubleshooting.
Turn on verbose logging
To increase the level of logging in OS X Server v3.0 or later, use this Terminal command:
sudo defaults write /Library/Preferences/com.apple.ProfileManager debugOutput 3
Restart the Profile Manager service to begin verbose logging. Use this command to restart Profile Manager rather than turning it off and back on in Server app:
sudo killall -u _devicemgr
Turn off verbose logging
To revert the logging level back to its original setting, use this Terminal command:
sudo defaults delete /Library/Preferences/com.apple.ProfileManager debugOutput
Restart the Profile Manager service to return to the original logging level:
sudo killall -u _devicemgr
Learn more
You can learn more about Profile Manager from these pages.