thanks for the kind words, and the "-R" tip (i shoulda RTFM the man page on that -- doh!)

before wiping altogether, know that you can also reset the Open Directory stuff. i have instructions for doing that from the terrific Tier-2 support person, but he asked me not to republish his email. so before you wipe the machine and start over, i'd give Apple a call. they want lots of reassurance that you know what you're doing (this blog post was helpful in that regard) but once you've convinced the Tier 1 person that you do, they push you along to some really great folks in Enterprise support if you're still inside your 90 day free support window. i'm thinking of buying the Apple Care deal just so i can extend that privilege out to 3 years. $129 is starting to look like a pretty good deal.

i haven't completed my testing yet -- i may have to reset my Open Directory stuff too, in which case i'll publish the step-by-step here.

mikey

Nice write-up. I've been having some major issues with my Lion Server install. I had Snow Leopard client and had all these same things running there, but like you, wanted the 'simplicity' of the branded server implementation. It's been a bit of an uphill battle.

One little note - to change the ownership of a folder and all of its contents, you can add the "-R" flag (applies the change recursively to all files and folders in the named folder) to your chown command:
sudo chown -R _www your-site's-foldername

That might be the only advice I can offer - I have so badly messed up my server that I lost pretty permalinks in trying to move my site and allow for virtual hosting. But besides that I know that when I set it up, I erred in how I set up Open Directory and the users associated with it. So I'm planning on just starting all over - wiping clean (after backing up important files, of course) and starting fresh. I appreciate your efforts here - it's great reference!

One last comment - I would have thought that toggling the web on and off in server.app would re-write some of the config files that you edited, including the httpd.conf file, and possibly the site-specific config files. But it would seem it did not for you. That's somewhat encouraging...!

Thanks for sharing your experiences here!

i have to say i never thought about the corp.com being an issues for corp internal websites aka FQDN (aka adding corp at the end of it). i can see now by adding a wild card for corp could cause major issues.

Your domain generics was a good buy up in the 90's (wish i had thought of it.

cole

I have lots of other domains -- but they aren't super-premium generics like those. They're things like APrairieHaven.com, BugLunch.com, BlipTrips.com. Goofy names, some of which have web sites, some that are just crazy ideas.

7. Do you have other domains?

This is a generic page, so I don't know which domain you got here from. Here's a list of the names that get a lot of hits;

Corp.com
Bar.com

corp.com and bar.com Hotlink is one hotlink not 2 if you click corp or bar it takes you to bar.

Cole

It looks pretty straightforward, but I haven't tried it.

Here's a pointer to my own explorations:

http://www.farces.com/index.php/wiki/Category:Technology::Adventures_with_the_naked_Mac_Mini_Server/

And here's the best tip I can give you: Download Apple's Server Admin; it magically contains most of the configuration stuff that Apple stripped out for normal people:

http://support.apple.com/kb/DL1419

are they really just using "corp.com" as the internal domain? egad… it's no wonder their external users have slow logins. first they hit my site, on a goofy port. then, after that attempt takes a while to time out, the external user goes and looks up the internal address from the Windows server. i would guess it takes at least 30 seconds for the first try to time out -- maybe more. i'd be happy to testify to your client.

if you want, we could do something with a sniffer on my end. if you and i conspire on an exact time, i could fire up the sniffer and capture the login-attempt packets that are hitting my server. you could tell me IP address and port ranges to filter for. i could list out the hits. maybe that would be enough...

another avenue towards "proof" (besides spending a quarter to buy them a clue) is this report from ICANN's SSAC (security and stability advisory committee) which provides a top-10 list of DNS queries by misconfigured servers. "corp" is in that list. not quite the same as your gang (since the worst offender is the string "corp" rather than "corp.com") but close. and i can tell you fersure that "corp.com" gets a **LOT** of traffic from folks like your gang that have pounded that into their configurations. here's the link to the SSAC report

http://www.icann.org/en/committees/security/sac045.pdf

i'll ping you by email so we can continue this discussion...