Setting Up The Messages Service In Mountain Lion Server

iChat Server was sooooo easy to configure. iChat Server is now Messages Server. Both use the open source jabber project as their back-end code base. Lucky us, all Apple did in the latest iteration is change the name of the service in the Server app, leaving the command line effectively untouched. The paths to things serverish have changed. The jabberd binary is now at /Applications/Server.app/Contents/ServerRoot/private/var/jabberd and the autobuddy binary is at /Applications/Server.app/Contents/ServerRoot/usr/bin/jabber_autobuddy. Given the importance of having multiple binaries that do the same thing, another jabberd binary is also stored at /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd. Note that the man page says it’s in /etc. But I digress.

Setting up the Messages service is simple. Open the Server app and click on Messages in the Server app sidebar.

“I brought you some supper but if you’d prefer a lecture, I’ve a few very catchy ones prepped…sin and hellfire… one has man page lepers.”

Once open, click on the checkbox for “Enable server-to-server federation” if you have multiple iChat, er, I mean, Messages servers and then click on the checkbox for “Archive all chat messages” if you’d like transcripts of all Messages sessions that route through the server to be saved on the server. You should use an SSL certificate with the Messages service. If enabling federation so you can have multiple Messages servers, you have to. Before enabling the service, click on the name of the server in the sidebar of Server app and then click on the Settings tab. From here, click on Edit for the SSL Certificate (which should be plural btw) entry to bring up a screen to select SSL Certificates.

“Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious.”

At the SSL Certificates screen (here it’s plural!), select the certificate the Messages service should use from the available list supplied beside that entry and click on the OK button. If you need to setup federation, click back on the Messages service in the sidebar of Server app and then click on the Edit button. Then, click on the checkbox for Require server-to-server federation (making sure each server has the other’s SSL certificate installed) and then choose whether to allow any server to federate with yours or to restrict which servers are allowed. I have always restricted unless I was specifically setting up a server I wanted to be public (like public as in everyone in the world can federate to it, including the gorram reavers that want to wear your skin).

“And I think calling him that is an insult to the psychotic lowlife community.”

To restrict the service, then provide a list of each server address capable of communicating with your server. Once all the servers are entered, click the OK button.

Obviously, if you only have one server, you can skip that. Once the settings are as you wish them to be, click on the ON/OFF switch to light up the service. To see the status of the service, once started, use the fullstatus option with serveradmin followed by the jabber indicator:

sudo serveradmin fullstatus jabber

The output includes whether the service is running, the location of jabber log files, the name of the server as well as the time the service was started, as can be seen here:

jabber:state = "RUNNING"
jabber:roomsState = "RUNNING"
jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
jabber:logPaths:MUC_STD_LOG = "/var/log/system.log"
jabber:logPaths:JABBER_LOG = "/var/log/system.log"
jabber:proxyState = "RUNNING"
jabber:currentConnections = "32"
jabber:currentConnectionsPort1 = "32"
jabber:currentConnectionsPort2 = "0"
jabber:pluginVersion = "10.8.177"
jabber:servicePortsAreRestricted = "NO"
jabber:servicePortsRestrictionInfo = _empty_array
jabber:hostsCommaDelimitedString = "kaylee.pretendco.com"
jabber:hosts:_array_index:0 = "kaylee.pretendco.com"
jabber:setStateVersion = 1
jabber:startedTime = "2012-08-02 02:53:26 +0000"
jabber:readWriteSettingsVersion = 1

There are also a few settings not available in the Server app. One of these that can be important is the port used to communicate between the Messages client and the Messages service on the server. For example, to customize this to 8080, use serveradmin followed by settings and then jabber:jabberdClientPortSSL = 8080, as follows:

sudo serveradmin settings jabber:jabberdClientPortSSL = 8080

To change the location of the saved Messages transcripts (here, we’ll set it to /Volumes/Pegasus/Book:

sudo serveradmin settings jabber:savedChatsLocation = "/Volumes/Pegasus/Book"

To see a full listing of the options, just run settings with the jabber service:

sudo serveradmin settings jabber

The output lists each setting configurable

jabber:s2sRestrictDomains = no
jabber:authLevel = "STANDARD"
jabber:savedChatsLocation = "/Library/Server/Messages/Data/message_archives"
jabber:sslKeyFile = ""
jabber:enableXMPP = yes
jabber:initialized = yes
jabber:jabberdClientPortSSL = 5223
jabber:sslCAFile = ""
jabber:requireSecureS2S = no
jabber:savedChatsArchiveInterval = 7
jabber:hostsCommaDelimitedString = "zoe.pretendco.com"
jabber:jabberdDatabasePath = "/Library/Server/Messages/Data/sqlite/jabberd2.db"
jabber:jabberdS2SPort = 5269
jabber:hosts:_array_index:0 = "zoe.pretendco.com"
jabber:jabberdClientPortTLS = 5222
jabber:enableSavedChats = no

To stop the service:

sudo serveradmin stop jabber

And to start it back up:

sudo serveradmin start jabber

It’s also worth noting something that’s completely missing in this whole thing: Apple Push Notifications… Why is that important? Well, you use the Messages application to communicate not only with Mac OS X and other jabber clients, but you can also use Messages to send text messages. Given that there’s nothing in the server that has anything to do with texts, push or anything of the sort, it’s worth noting that these messages don’t route through the server and therefore still require an iCloud account. Not a huge deal, but worth mentioning that Messages server doesn’t have the same updates built into the Messages app. Because messages don’t traverse the server, there’s no transcripts.

“This is what I do, darlin’. This is what I do.”

15 Comments

  • Donald
    August 3, 2012 - 4:37 pm | Permalink

    If I upgrade a 10.6 server that runs iChat for multiple domains (1.domain.com and 2.domain.com) will it recognize both domains right off the bat or will I have to add to that jabber:hosts file? What if I’m migrating my iChat from another machine?

    Great info, these articles on ML server have been very helpful in getting an overview of what we’re up against.

    • August 3, 2012 - 9:39 pm | Permalink

      Thanks for the kind words. The new server should recognize the domains immediately, although if there’s no certificate I’ve had to edit the hosts file for jabber as they might not get migrated. I suggest installing certs for all servers prior to upgrading. Upgrading so that iChat becomes Mountain Lion though, has been seamless on the client side.

  • Dani Cela
    August 12, 2012 - 8:02 pm | Permalink

    hmm, i have followed your guide and i still cant get messages to accept a login. Any ideas on what i could look at? Services are enabled fully for every user and messages is on

    • August 12, 2012 - 8:07 pm | Permalink

      Could you reply w/ the output of “serveradmin fullstatus jabber” and a dscl read output for a user w/ the service enabled? Usually it’s just the user name in my experience as it doesn’t even require OD to be running or anything like that.

      • Dani Cela
        August 12, 2012 - 9:28 pm | Permalink

        figured it out, it was because i was trying to use my email as my login not the account name@ the server address

  • Chuy
    August 15, 2012 - 5:43 am | Permalink

    Is there a good win client known to work with messeges server, i cant connect any of them

    • September 21, 2012 - 6:56 pm | Permalink

      I’ve used Psi for years. There are prettier ones these days, but it still seems more stable than the others.

  • August 24, 2012 - 5:23 am | Permalink

    Dani, do a serveradmin settings jabber:hostsCommaDelimitedString = “pretendco.com”

    (note the lack of ‘zoe’)

    then add the following records to pretendco.com’s dns record…

    _jabber._tcp.pretendco.com. IN SRV 0 0 5269 zoe.pretendco.com.
    _xmpp-server._tcp.pretendco.com. IN SRV 0 0 5269 zoe.pretendco.com.
    _xmpp-client._tcp.pretendco.com. IN SRV 0 0 5222 zoe.pretendco.com.

    That will make it so that your chat address is the same as your email address.

    One note about this I haven’t gotten resolved yet.. This breaks Mounties auto buddy group members checkbox in server.app. It doesn’t look at Jabber’s configured domains, but assumes that it is the default. Will be sending a bug report today.

  • Taylor
    September 27, 2012 - 7:46 pm | Permalink

    I can’t seem to get this to work right. My users cannot login and the server rejects any password.

    This is my full status report:

    jabber:state = “RUNNING”
    jabber:roomsState = “RUNNING”
    jabber:logPaths:PROXY_LOG = “/private/var/jabberd/log/proxy65.log”
    jabber:logPaths:MUC_STD_LOG = “/var/log/system.log”
    jabber:logPaths:JABBER_LOG = “/var/log/system.log”
    jabber:proxyState = “RUNNING”
    jabber:currentConnections = “0”
    jabber:currentConnectionsPort1 = “0”
    jabber:currentConnectionsPort2 = “0”
    jabber:pluginVersion = “10.8.180”
    jabber:servicePortsAreRestricted = “NO”
    jabber:servicePortsRestrictionInfo = _empty_array
    jabber:hostsCommaDelimitedString = “localhost”
    jabber:hosts:_array_index:0 = “localhost”
    jabber:setStateVersion = 1
    jabber:startedTime = “2012-09-28 00:55:41 +0000″
    jabber:readWriteSettingsVersion = 1

    In Messages on the clients, the server is computername.domain.com and I am using port 5223. There is a section in Apple’s advanced admin guide that mentions a SRV record might be needed… Any ideas?

    • September 28, 2012 - 11:21 am | Permalink

      Have you tried the username followed by @localhost as the username yet? Shouldn’t need an srv record normally, btw.

      • Taylor
        September 28, 2012 - 2:21 pm | Permalink

        Hmm, now I’m just getting a message that says a network error has occurred. Nothing shows up in the messages logs either…

  • LP
    October 9, 2012 - 8:21 pm | Permalink

    I am having the same issue. Did you get this resolved? Would love to get it working. Log looks the same not errors.

  • Rich Ziegler
    October 20, 2012 - 5:49 am | Permalink

    great site, thanks – i finally got the messages server to log in users, but none of them show up in the buddy list… will be poking around here looking for insight. thx again

  • Rich Ziegler
    October 21, 2012 - 6:49 pm | Permalink

    i figured out that i needed to add the buddy – all is good, thx again

  • TR
    October 23, 2012 - 2:08 pm | Permalink

    Had the same issue
    Clients have to use jabber user name “charly.white@server.domainname.com” not “charly.white@domainname.com”

    Found it in Server app – Logs (on the left hand side) – messages service log

  • Comments are closed.