Monthly Archives: October 2015

iOS 9 Calendar stops working, won’t sync with OS X Server-based Caldav server

As always, you accept any and all risk when making advanced changes on your (OS X) server. That said, I wanted to share the following solution that has solved the problem of my iPhone (updated to iOS 9 and then the iOS 9.0.1 patch without resolution) no longer connecting to/updating/syncing with Calendar (caldav) server hosted on OS X Server 10.9.5 (with all security udpates).

The following led me to a fix:
https://discussions.apple.com/thread/7230486

However, that’s missing the specifics you need for 10.9 server
The launchd plist for 10.9 OS X Server lives at
/Applications/Server.app/Contents/ServerRoot/private/etc/caldavd/caldavd-apple.plist
But do not edit that file.
Instead, it specified an include of:
/Library/Server/Calendar and Contacts/Config/caldavd-system.plist
which is where we need to make the change.

Stop calendar server by issuing – via the terminal,

sudo serveradmin stop calendar
cd /Library/Server/Calendar\ and\ Contacts/Config/

Make a backup of the existing file first !
sudo cp -p caldavd-system.plist caldavd-system.plist.bak

Edit caldavd-system.plist
For example,
sudo nano -w caldavd-system.plist
look for the item, <key>SSLCertificate</key>
and the line after it, <string>/etc/certificates/your.servernamae.SOMEUPPERCASEALPHANUMERICSTRING.cert.pem</string>

and leave those alone !
After the above string, add the following, with each line beginning with a tab (where you see initial whitespace):

<key>SSLMethod</key>
<string>SSLv23_METHOD</string>

<key>SSLCiphers</key>
<string>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</string>

<key>SSL_OP_NO_TLSv1_1</key>
<true/>

Save the file (ctl w in nano) to commit the changes.
Start the calendar server while keeping an eye on the associated error log (eg. in another Terminal window, tail -f /var/log/caldavd/error.log )
sudo serveradmin start calendar

At this point, on my iPhone I deleted the caldav account setup and added the account back successfully, using SSL and without any errors. Calendar events that had been created on my Mac workstation but had failed to show up on my iPhone since the iOS 9 update events all showed up.

calendarserver.push.applepush.APNProviderFactory Connection to APN server lost: [Failure instance: Traceback: : [(‘SSL routines’, ‘SSL3_READ_BYTES’, ‘ssl handshake failure’)]

The following error was being logged on OS X Server (10.9.x) with calendar server in use, in /var/log/caldavd/error.log:

“caldavĀ  [APNProviderProtocol (TLSMemoryBIOProtocol),client] [calendarserver.push.applepush.APNProviderFactory#info] Connection to APN server lost: [Failure instance: Traceback: <class ‘OpenSSL.SSL.Error’>: [(‘SSL routines’, ‘SSL3_READ_BYTES’, ‘ssl handshake failure’)]”

Before proceeding, ensure that you have a known-good, working SSL certificate. I’m using a commercial (purchased, not self-signed) certificate.

In my case, the following steps to remedied the above error:

Verify your ssl cert setup (I’m using a commercial one).

In Server.app, click on Calendar, and under “Settings” look for Push Notifications: Enabled
Hit the Edit button.

Use the Renew button in the pop-up dialog box, even if your current push certificate isn’t expired.
Stay in that same pop-up dialog, and click the arrow beside the bottom-most (small) text in grey, “Manage your certificates.” Log into Apple’s Push Certificates Portal,
and revoke any old expired certs. Heed the warnings stated there !

Back in the Server app, click on the very top item in the left-hand colum, your server name (eg: server) and UN-check the last check-box for “Enable Apple push notifications.”
Wait a full 30 seconds.
Check (click on, enable) that same box to enable Apple push notifications.

Check your log (tail -f /var/log/caldavd/error.log) and the errors should now be gone.