Lesson 24

Manage Network Services

In this lesson, you learn about network services architecture. Then you’re introduced to the key network service apps built into macOS. You learn how macOS accesses popular file-sharing services. Finally, you learn techniques for troubleshooting network services.

By adhering to standards, software developers create unique yet compatible network client and server software. This enables you to choose the software tool that best fits your needs. For instance, you can use the built-in macOS Mail client created by Apple to access mail services provided by Apple, Google, Yahoo, Microsoft, and other service providers.

Server software provides access to the shared resource. Server-side settings include configuration options, protocol settings, and account information.

When you troubleshoot a network service, you must know the port numbers or ranges that a service uses. For instance, the standard TCP port for web traffic is port 80. Apple maintains a list of commonly used network services and their associated TCP or UDP ports at Apple Support article HT202944, “TCP and UDP ports used by Apple software products.”

macOS can locate network services and appropriate network service resources. You can use Internet Account preferences to configure these services.

After you locate and connect to a network service, you often need to prove your identity (authenticate) to the service provider. Successful authentication to a network service is usually the last step in establishing a connection to it. After you establish a connection, security technologies are normally in place to ensure that you’re allowed to access only certain resources. This process is called authorization. Both of these fundamental network service concepts, authentication and authorization, are covered in this Lesson and the next, Lesson 25, “Manage Host Sharing and Personal Firewall.”

You join a new network without knowing the exact names of all its available resources.

The shared resource you need is hosted from another client computer that doesn’t have a DNS host name or the same IP address every time.

Dynamic network service discovery protocols enable you to browse local area and wide area network resources without knowing specific service addresses. Some devices that provide network services advertise the availability of their services on the network. As available network resources change, or as you move your client to different networks, the service discovery protocols dynamically update the list of available services.

macOS uses dynamic network service discovery. For example, dynamic network service discovery enables you to browse for available network file shares with the Finder or to locate new network printers from Printers & Scanners preferences. Other network apps built into macOS use service discovery to locate shared resources, including Image Capture, Photos, and iTunes. Third-party network apps also use dynamic network service discovery.

The discovery protocol only helps you locate available services. After it provides your Mac with a list of available services, its job is done. When you connect to a discovered service, your Mac establishes a connection to the service using the service’s protocol. For example, the Bonjour service discovery protocol can provide the Finder with a list of available screen-sharing systems, but when you select another Mac from this list, your Mac establishes a screen-sharing connection to the other Mac using the Virtual Network Computing (VNC) service, which uses the Remote Frame Buffer (RFB) protocol.

Bonjour is the primary set of dynamic network service discovery protocols used by macOS native services and apps. Bonjour is based on TCP/IP standards, so it integrates well with other TCP/IP-based network services. macOS also includes support for Wide-Area Bonjour, which enables you to browse WAN resources as well as LAN resources.

Local Bonjour requires no configuration. Wide-Area Bonjour requires that you configure your Mac to use a DNS server and search domain that supports the protocol.

IP address—An IP address can always be used to establish a network connection.

DNS host name—Your Mac has a host name configured by one of two methods. Your Mac attempts to resolve its host name by performing a DNS reverse lookup on its primary IP address. If your Mac can’t resolve a host name from the DNS server, it uses the Bonjour name instead.

Computer name—Other Apple devices use this to identify your Mac for AirDrop peer-to-peer file sharing and for Finder browsing. The computer name is part of the Apple Bonjour implementation, and you set it in Sharing preferences.

Bonjour name—Bonjour is the macOS primary dynamic network discovery protocol; in addition, Bonjour provides a convenient naming system for use on a local network. The Bonjour name is usually similar to the computer name, but it conforms to DNS naming standards and ends with .local. This allows the Bonjour name to be supported by other operating systems. When you use Sharing preferences to edit the Computer Name field and then click Edit, you see the updated Bonjour name, which is displayed in the Local Hostname field.

NetBIOS/WINS name—This name is used for the legacy Windows dynamic network discovery protocols as part of the SMB service. This name is automatically generated based on the name that you set in Sharing preferences, but you can update it in the Network preferences by selecting an interface, clicking Advanced, clicking the WINS button, and then updating the NetBIOS Name field.

Although this book focuses on the network client software built into macOS, many excellent third-party network clients are available for Mac. When you troubleshoot a network access problem, using an alternative network client is a good way to determine whether the issue is your primary client software or the service you’re attempting to use.

Generally, little additional network configuration is required to use web services. You must provide the web browser with the Uniform Resource Locator (URL) or web address of the resource to which you want to connect. Safari defaults to the most secure TLS communication even if you don’t specify HTTPS in the URL. The only exception is if you have to configure web proxies, as described in Lesson 22, “Manage Advanced Network Settings.”

Through Internet Accounts preferences, you can configure macOS to use network service accounts for Apple iCloud, Microsoft Exchange, Google, Yahoo, and AOL. The Add Other Account option is covered later in this section.

Internet Accounts preferences also includes support for services popular in countries whose primary language isn’t English. These services appear when you select the appropriate Language & Region preferences.

Each service type includes support for built-in macOS apps and services. When you sign in to a service that provides multiple features, like Google or Yahoo, you configure multiple apps, such as Mail, Notes, Calendar, Reminders, Contacts, and Messages. iCloud includes support for even more features, including iCloud Drive, Photos, Safari, iCloud Keychain, Find My Mac, and FaceTime.

If you don’t see the Internet Accounts list of services, click the small Add (+) button at the lower-left corner of the preferences pane.

If you sign in to a service that offers multiple features, after you authenticate you can enable those features. You can also return to Internet Accounts preferences to enable or disable a feature. From Internet Accounts, click the Details button to verify or reenter your account information.

If you need to configure an Internet service that’s not listed in Internet Accounts preferences, or you need to configure a local service provided by your organization, click Add Other Account at the bottom of the services list. You’ll see a dialog that enables you to manually configure services for Mail, Calendar, Contacts, and Game Center. If you add a service this way, you’ll probably have to define additional configuration information. This information should be provided to you by an administrator of the service.

Configure Mail with the Internet Accounts pane of System Preferences. In Mail, choose Mail > Accounts to open the Internet Accounts preferences. Or, you can use a configuration profile to configure Mail.

Mail also includes its own account setup assistant that walks you through configuring mail account settings. The assistant starts automatically if you open Mail but haven’t yet set up an account. Choose Mail > Add Account to start it.

When you select one of these default mail account types, the assistant attempts to automatically determine the appropriate mail protocol, security, and authentication settings. This includes support for the Autodiscovery feature of Microsoft Exchange Server. When you set up a mail account here, macOS attempts to configure Notes, Calendar, Reminders, and Contacts too.

If you need to configure Mail for an account type not listed in the defaults, select the Other Mail Account option. After you enter basic mail account information, the assistant attempts to determine the appropriate mail settings. If your mail service uses a nonstandard configuration or is unreachable, you might have to manually enter the mail service settings here. If necessary, work with the service administrator to obtain the appropriate configuration settings.

If you need to tweak mail service settings, choose Mail > Preferences to access advanced options. When the Mail preferences window opens, click the Accounts button in the toolbar to view and manage Mail accounts.

Mail supports the following email services:

Standard mailbox access protocols—The standard protocol used between mail clients and mail servers for receiving mail is either Post Office Protocol (POP) on TCP port 110 or Internet Message Access Protocol (IMAP) on TCP port 143. Both protocols can be encrypted with a TLS connection. By default, encrypted POP uses TCP port 995 and encrypted IMAP uses TCP port 993. iCloud defaults to secure IMAP.

Standard mail-sending protocols—The standard protocol used for sending mail from clients to servers and from server to server is Simple Mail Transfer Protocol (SMTP) on TCP port 25. SMTP can be encrypted with a TLS connection on port 25, 465, or 587. The port used for secure SMTP varies by mail server function and administrator preference. iCloud defaults to secure SMTP.

Exchange-based mail service—Mail communicates using the Exchange Web Services (EWS) protocol. EWS uses the standard ports for web traffic: TCP port 80 for standard transport and TCP port 443 for secure transport.

If you keep notes in iCloud, you can view and edit them there. Plus you can add new notes and lock already-created ones. You can also add people so that you can collaborate with them. Within a note, you can apply paragraph styles, checklists, and most media types (such as tables, scanned documents, photos, video, freehand-drawn scribbles, and map locations).

Ideally, you configure Calendar with Mail through Internet Accounts preferences or a configuration profile. In Calendar, choose Calendar > Accounts. macOS redirects you to Internet Accounts preferences.

Calendar includes an account setup assistant, which walks you through configuring Calendar account settings. This assistant doesn’t start when you open Calendar. Choose Calendar > Add Account to start it.

When you select one of the default calendar account types shown in the previous screenshot, the assistant attempts to determine the appropriate calendar service security and authentication settings. Calendar includes support for the Autodiscovery feature of Microsoft Exchange Server. When you set up a calendar account, macOS attempts to configure Mail, Notes, Reminders, and Contacts too.

If you must configure Calendar for an account type not listed in the defaults, select the Other CalDAV Account option. After you enter your mail address and account password, the assistant attempts to determine the appropriate CalDAV settings. If your mail service uses a nonstandard configuration or is unreachable, you might have to manually enter the CalDAV service settings here. If necessary, work with the service administrator to obtain the appropriate configuration settings.

If you need to edit Calendar service settings, from the Calendar menu choose Calendar Preferences. When Calendar preferences opens, select the Accounts button in the toolbar to view and manage calendar service accounts.

Reminders helps you to keep a personal to-do list. You can save Reminders to-do lists on all of your Apple devices when you configure Reminders for access to calendar services. This is because Reminders uses EWS or CalDAV network calendar services to save notes. Reminders creates to-do calendar events and manages these events.

Ideally, you configure Reminders with other services through Internet Accounts preferences or with a configuration profile. Use Internet Accounts preferences to configure Reminders. You can configure Reminders without configuring Calendar—but you still need an EWS or CalDAV calendar service from a network service provider.

Like Calendar, Reminders includes an account setup assistant, which walks you through configuring Reminders account settings. The assistant doesn’t start when you open Reminders; you have to choose Reminders > Add Account to start it.

Calendar and Reminders support the following network calendar services:

CalDAV collaborative calendaring—Calendar supports the CalDAV network calendar standard. This standard uses WebDAV as a transport mechanism on TCP port 8008 or 8443 for encrypted communication, but CalDAV adds the administrative processes required to facilitate calendar and scheduling collaboration. CalDAV is being developed as an open standard, so any vendor can create software that provides or connects to CalDAV services.

Internet-based calendar services—Calendar and Reminders use Internet-based calendar services, including iCloud, Yahoo, and Google calendar services. These services are based on CalDAV and use the encrypted HTTPS protocol over TCP port 443.

Exchange-based calendaring service—Calendar includes support for this calendar service. The macOS Exchange integration relies on EWS, which uses TCP port 80 for standard transport and TCP port 443 for secure transport.

Calendar web publishing and subscription—Calendar enables you to share your calendar information by publishing iCalendar files to WebDAV-enabled web servers. Because WebDAV is an extension to the HTTP protocol, it runs over TCP port 80, or TCP port 443 if encrypted. You can subscribe to iCalendar files, identified by the filename extension .ics, hosted on WebDAV servers; just provide Calendar with the URL of the iCalendar file.

Calendar email invitation—Calendar is integrated with Mail to send and receive calendar invitations as iCalendar email attachments. The transport mechanism is whatever your primary mail account is configured to use. Although this method isn’t a calendar standard, most popular mail and calendar clients can use it.

Ideally you configure Contacts through Internet Accounts preferences or a configuration profile. Contacts also features an easy-to-use setup assistant for configuring specific contact or directory network service accounts. Choose Contacts > Add Account to start it.

When you select one of these default contacts account types, the assistant attempts to determine the appropriate account settings. This includes support for the Autodiscovery feature of Microsoft Exchange Server. When you set up a Contacts account here, macOS attempts to configure Mail, Notes, Calendar, and Reminders too.

If you must configure Contacts for an account type not listed in the defaults, select the last option, Other Contacts Account. Contacts also supports CardDAV and LDAP account types. Select the account type from the menu, and then provide the server and authentication information. If necessary, work with the service administrator to obtain the appropriate configuration settings.

If you must make changes to contact service settings, choose Contacts > Preferences. When the Contacts preferences window opens, click the Accounts button in the toolbar to view and manage contact service accounts.

Contacts supports the following network contact services:

CardDAV contacts service—Contacts supports a network contacts service standard known as CardDAV. This standard uses WebDAV as a transport mechanism on TCP port 8800 or 8843 for encrypted communication. CardDAV is being developed as an open standard, so any vendor can create software that provides or connects to CardDAV services.

Internet-based contact services—Contacts can use a variety of Internet-based contact services, including iCloud, Google, and Yahoo contact services. All of these services are based on CardDAV and use the encrypted HTTPS protocol over TCP port 443.

Exchange-based contact service—Contacts includes support for this contact sharing service. The macOS Exchange integration relies on EWS, which uses TCP port 80 for standard transport and TCP port 443 for secure transport.

Directory service contacts—Contacts can search contact databases using LDAP, the standard for network directory services, which uses TCP port 389 for standard transport and TCP port 636 for secure transport. You can configure Contacts for LDAP services either from its account setup assistant or through integration with the macOS systemwide directory service, in Users & Groups preferences.

Ideally Messages is configured for iMessage when you sign in to iCloud. If no account is configured when you open Messages, Messages opens its account setup assistant and walks you through configuring iMessage account settings. You can enter any valid Apple ID to configure iMessage. After you authenticate with your Apple ID, you might be prompted to choose additional iMessage identifiers that can be used to reach you, like other email accounts or mobile numbers.

Messages uses the iMessage service, which is unique to Apple. The iMessage protocol is facilitated by the Apple Push Notification service (APNs), which uses TCP port 5223, and falls back on Wi-Fi only to port 443. APNs is efficient for devices that rely on battery power and might lose network connectivity. This makes the iMessage service ideal for messaging with mobile Mac computers and iOS devices. Messages is limited to a single iMessage account per computer user account.

If you’re signed in to the iMessage service using the same Apple ID on your Mac and an iPhone running iOS 8 or later, you can send and receive Short Message Service (SMS) messages with the iMessage protocol through an iPhone cellular connection. You must manually enable this feature on your iPhone in Settings > Messages before you can use SMS messaging on your Mac. For more information, see Apple Support article HT204681, “Use Continuity to connect your Mac, iPhone, iPad, iPod touch, and Apple Watch.”

To edit Messages settings, choose Messages > Preferences. The General pane opens by default.

If you need to edit message service settings, click the iMessage button in the Messages preferences toolbar to edit your account settings or blocked numbers. To keep your entire message history updated and available on all your devices, select “Enable Messages in iCloud.” Read Apple Support article HT208532, “Keep all your messages in iCloud,” for more information.

For more information about using Messages, read Apple Support article HT202549, “Use Messages with your Mac.” If you’re having trouble with the iMessage service, verify availability of APNs with Apple Support article HT202078, “If you use FaceTime and iMessage behind a firewall.”

Ideally, FaceTime is automatically configured if you sign in to iCloud. Otherwise, FaceTime includes an account setup assistant that walks you through configuring FaceTime account settings. This assistant starts if no account is set when you open FaceTime.

Enter any valid Apple ID to configure FaceTime. After authentication, you might be prompted to choose additional FaceTime identifiers that can be used to reach you, like other email accounts or, if you have FaceTime on your iPhone, other mobile numbers. Unlike other network service client apps, you must sign in to use FaceTime and you can only sign in to one account per local user account.

To handle phone calls on your Mac with FaceTime, you must be signed in to FaceTime on your Mac and iPhone with iOS 8 or later. You have to sign in to FaceTime on your iPhone first to enable FaceTime cellular phone calls. Ensure that your iPhone cellular number is enabled in FaceTime preferences on your Mac. Go to FaceTime preferences to do this.

After you sign in to FaceTime, the service is ready to send and receive FaceTime calls, even when you quit FaceTime. To turn off FaceTime calls, choose FaceTime > Turn FaceTime Off or press Command-K. To start receiving FaceTime calls again, use the same keyboard shortcut or choose FaceTime > Turn FaceTime On. Sign out of your account from FaceTime preferences to permanently halt calls to your Mac.

FaceTime uses many standard and non-reserved TCP and UDP ports to facilitate calls. Verify available ports in Apple Support article HT202078, “If you use FaceTime and iMessage behind a firewall.”

Browse shared resources in the Finder Network folder.

Enter the server address of the server that provides the file service.

Client software built into the Finder can mount a network file service much as it would mount a locally connected storage volume. After a network file service is mounted to your Mac, you can read, write, and manipulate files and folders as if you were accessing a local file system.

Access privileges to network file services are defined by the same ownership and permissions architecture used by local file systems. Details on file systems, ownership, and permissions are covered in Lesson 13, “Manage Permissions and Sharing.”

macOS provides built-in support for these network file service protocols:

Server Message Block version 3 (SMB 3) on TCP ports 139 and 445—This is the default (and preferred) file-sharing protocol for OS X Yosemite 10.10 and later. Historically, the SMB protocol was mainly used by Windows systems, but many other platforms have adopted support for some version of this protocol. The SMB 3 implementation in macOS works with advanced SMB features such as end-to-end encryption (if enabled on the server), per-packet signatures and validation, Distributed File Service (DFS) architecture, resource compounding, large maximum transmission unit (MTU) support, and aggressive performance caching. macOS maintains backward compatibility with older SMB standards.

Apple Filing Protocol (AFP) version 3 on TCP port 548 or encrypted over Secure Shell (SSH) on TCP port 22—This is the legacy Apple network file service. The current version of AFP is compatible with the features of the Mac OS Extended file system. Volumes formatted with Apple File System (APFS) can’t be shared over AFP.

Network File System (NFS) version 4, which may use many TCP or UDP ports—Used primarily by UNIX systems, NFS supports many advanced file-system features used by macOS.

WebDAV on TCP port 80 (HTTP) or encrypted on TCP port 443 (HTTPS)—This protocol is an extension to the common HTTP service and provides read/write file services.

File Transfer Protocol (FTP) on TCP ports 20 and 21 or encrypted on TCP port 989 and 990 (FTPS)—FTP is supported by nearly every computing platform. The Finder supports read capability for FTP or FTPS shares. FTPS (FTP-SSL) is different than SFTP (SSH File Transfer Protocol). FTPS uses SSL (or TLS) encryption on TCP port 990, and SFTP uses SSH encryption on TCP port 22. The Finder supports SFTP, and you can use Terminal to use FTPS and SFTP.

The Finder sidebar

The Open dialog of any app

The Finder Network folder displays a collection of dynamically discovered network file services, screen sharing services, and currently mounted file systems, including manually mounted ones. The Network folder constantly changes based on information gathered from the two dynamic network service discovery protocols compatible with macOS—Bonjour and SMB/NetBIOS/WINS. So you can browse screen-sharing services offered by other Mac computers and SMB and AFP file services.

Smaller networks might have only one level of network services. If you have a larger network that features multiple service discovery domains, they appear as subfolders inside the Network folder. Each subfolder is named by the domain it represents. Items inside the domain subfolders represent shared resources configured for that network area.

To browse for and connect to an SMB or AFP file service, select a Mac from the Finder Network folder. You can go to the Network folder in two ways:

Click Network in the Finder sidebar.

Choose Go > Network (or press Shift-Command-K), and then click Browse.

If you use the Finder to select a server, and the server supports SMB and AFP, macOS defaults to SMB. It uses the most secure version of SMB that the sharing service supports.

The first time you connect to a file-sharing service, you might see a dialog that asks you to confirm that you are connecting to the server you expect. You might also see this dialog each time you connect.

If you’re using Kerberos single sign-on authentication, your Mac attempts to authenticate to the selected Mac using your Kerberos credentials.

If you’re using non-Kerberos authentication but you connected to the selected Mac before and chose to save the authentication information to your keychain, your Mac attempts to use the saved information.

Your Mac attempts to authenticate as a guest user.

If your Mac authenticates to the selected Mac, the Finder shows you the account name it connected with and lists the shared items available to this account.

If you choose View > as List, View > As Columns, or View > As Gallery, you can choose a shared item to connect to and mount the shared item.

If you choose View > as Icons, double-click a shared item or select a shared item and then choose File > Open to connect to and mount the shared item.

You can authenticate to a sharing service using one of three methods:

If Select Guest is available, select it to connect anonymously to the file service.

Select Registered User to authenticate using a local or network account known by the computer providing the shared items. Optionally, you can select the checkbox that saves this authentication information to your login keychain.

If “Using an Apple ID” is available, select it to authenticate using an Apple ID. For this option to appear, your Mac and the Mac hosting the share must be running macOS (not Windows), and your local account must be associated with an Apple ID, as covered in Lesson 7, “Manage User Accounts.”

Click the Connect button. Your Mac authenticates and shows you a new list of shared items that are available to the account.

If you don’t specify a protocol prefix, the “Connect to Server” dialog attempts to pick the appropriate file-sharing protocol. The default file-sharing protocol is SMB 3. Optionally, after the server address, you can enter another slash and the name of a shared item. This bypasses the dialog for selecting a file share.

If automatic file service authentication is available, you don’t have to enter authentication information. Otherwise, a dialog appears requiring you to enter authentication information.

After you authenticate to a file service, if you have access to more than one shared folder, macOS displays the list of shared items that your account is allowed to access. Otherwise, the shared folder is automatically mounted.

Select the shared item or items you want. Press the Command key to select multiple shared items from the list. Then click OK.

In the Server Address field, enter one of the following:

nfs:// followed by the server address, another slash, and then the absolute file path of the shared items.

http:// for WebDAV (or https:// for WebDAV encrypted with SSL or TLS), followed by the server address. Each WebDAV site has only one mountable share, but you can optionally enter another slash and then specify a folder inside the WebDAV share.

ftp:// (or ftps:// for FTP encrypted with SSL or TLS), followed by the server address. FTP servers also have only one mountable root share, but you can optionally enter another slash and then specify a folder inside the FTP share.

Depending on the protocol settings, you might see an authentication dialog. NFS connections never display an authentication dialog. The NFS protocol uses the local user that you’re logged in as for authorization purposes or Kerberos single sign-on authentication.

If you are presented with an authentication dialog, enter the appropriate authentication information. You can also select the checkbox that saves the authentication information to your login keychain. When you connect to NFS, WebDAV, or FTP file services, the share mounts immediately after you authenticate.

The dialog maintains a history of your past server connections. Click the menu to the right of the Server Address field to see the history. Click the Action menu (it looks like a gear) and choose Clear Recent Servers to clear the past server connections history. Select a server, then click Add (+) or Remove (–) to establish and maintain a favorite servers list.

If a network change or problem disconnects your Mac from a mounted network share, your Mac tries to reconnect to the server hosting the shared items. If after several minutes your Mac can’t reconnect to the server, macOS fully disconnects from the share and shows you a dialog to let you know.

You can also create shortcuts to often-used network shares. You can drag network shares, or their enclosed items, to the right side of the Dock to create Dock shortcuts. You can also create aliases on your desktop that link to often-used network shares or specific items inside a network share. Either method automatically connects to the network share when you select an item. Creating aliases is covered in Lesson 14, “Use Hidden Items, Shortcuts, and File Archives.”

You can’t drag items from the Finder sidebar to your login items or to the Dock. Instead, select the network share from the desktop or the Computer location in the Finder. From the Finder, choose Go > Computer to access the Computer location.

Before you troubleshoot a network service, check for general network issues. Verify that other network services work. Open Safari and navigate to local and Internet websites to test general network connectivity.

Test other network services, or test connectivity from other computers on the same network. If you experience problems connecting to a file server but you can connect to web servers, your network configuration is probably fine, and you should concentrate on the file server. If you experience problems with one service, you probably don’t have local or network issues. Focus your efforts on troubleshooting just that service.

If other network clients or services aren’t working, your issue is likely related to local or network issues. Use Network preferences and Network Utility to double-check local network settings to ensure proper configuration. If other computers aren’t working, you might have a widespread network issue that goes beyond troubleshooting the client Mac computers. For more information on general network troubleshooting, see Lesson 23, “Troubleshoot Network Issues.”

If you experience problems with a service provided by Apple, you can check real-time Apple service status at www.apple.com/support/systemstatus.

Port Scan scans for open ports. If required ports aren’t open, a device isn’t providing the expected service or it’s configured to provide the service in a nonstandard way. Either way, the issue is with the device providing the service, not with your Mac.

To troubleshoot a network service, start with ping to confirm that you can connect to the computer or device that provides the service you’re trying to connect to. Ping is covered in more detail in Reference 23.2, “Use Network Utility to Troubleshoot Network Issues.”

1. Open Network Utility.

2. Click Ping to view the Ping pane.

3. Enter the device network address or host name and click the Ping button.

If the ping is successful, then continue with the port scan.

To scan for a network service:

1. Open System Utility.

2. Click Port Scan.

3. Enter the network address or host name of the device that provides the service. If you’re troubleshooting a specific service, limit the scan to that service’s default ports by selecting the appropriate checkbox and entering a beginning and ending port range.

There are many TCP and UDP network ports. Scanning all of them is unnecessary and takes too much time. Even if you don’t know the exact port, number, most common ports are between 0 and 1024. Further, network administrators might view repeated network pings and broad port scans as a threat. Some network devices are configured not to respond to ping requests even when they’re working properly. Avoid excessive network pings and scans (a broad port range) when you test others’ servers.

After you define the port range, click Scan. Depending on the range you choose, the scan might take several minutes. Network Utility lists discovered open ports with their associated network protocol. And it displays each open port with the service name that’s registered by the Internet Assigned Numbers Authority (www.iana.org) for that port number, regardless of the service that uses the port.

Some website designers might design a website to work with a browser other than Safari. These websites might not render properly in Safari. To provide the most secure web experience, Safari may disable third-party plug-ins. To verify the status of third-party plug-ins, choose Safari > Preferences (or press Command-Comma), click Websites, and then view the Plug-ins section in the left column. For each plug-in, you can specify which websites you allow to use the plug-in; for each website, you can choose among Ask, Off, and On. And each plug-in has the setting “When visiting other websites,” which you can set to Ask, Off, or On.

You might also try a third-party web browser.

To inspect problem webpages, open Safari preferences, click the Advanced button, and then select “Show Develop menu in menu bar.”

With this menu enabled, inspect the webpage details or try advanced troubleshooting, including emptying Safari caches and requesting the website with a different user agent.

Mail includes a built-in account diagnostic tool, Mail Connection Doctor, that attempts to establish a connection with configured incoming and outgoing mail servers. Open Mail, and choose Window > Connection Doctor. If a problem is found, a suggested resolution is offered, but for a more detailed diagnostic view, click the Show Detail button to reveal the progress log, and click the Check Again button to rerun the tests.

As covered in Lesson 16, “Use Metadata, Spotlight, and Siri,” macOS uses separate metadata stores. The NFS and WebDAV file-sharing protocols don’t support metadata of this type. So macOS splits these files into two separate files when writing to a mounted NFS or WebDAV volume. The Finder recognizes these split files and shows you only a single file. Users on other operating systems see two separate files and might have trouble accessing the appropriate one.

The built-in macOS client apps use network services and Internet Accounts preferences to make setting up Internet service accounts easy. You already set up iCloud-based services on your Mac. In this exercise, you configure your Mac to use the mail service provided by the classroom server.

1. Log in as Johnny Appleseed.

2. Open Mail.

3. Choose Mail > Preferences (Command-Comma) to open Mail preferences.

4. Click the Accounts button to see the accounts Mail is configured to use.

   If you configured iCloud services for the Johnny Appleseed account, you see the iCloud account listed here.

   

   You could use this pane of the Mail preferences window to view and add a new Mail account, but more often you’ll configure Mail accounts in Internet Accounts preferences.

5. Close the Mail preferences window, and quit Mail.

6. Open Internet Accounts preferences.

   Your iCloud account information is listed on the left side of the window. You can manage iCloud settings here and in iCloud preferences. You might also see a Game Center account.

7. Select your iCloud account and deselect the Mail service on the right.

   

   Not having iCloud mail configured makes testing later in the exercise easier.

1. Open Mail.

2. Open Mail preferences.

3. Click the Accounts button, and select the Pretendco account.

   In this figure, the Mail account for User 17 was automatically configured by Internet Accounts. Your participant number is on your Mac.

   

4. Click Server Settings.

   

   A complex setup was configured automatically by Internet Accounts.

5. Close the Mail preferences window.

6. In the main window of the Mail app, click the Compose New Message button in the toolbar.

   

7. Send a message to a partner of your choice, or one that your facilitator assigns.

   To: usernn@pretendco.com (where nn is your partner’s participant number)

   Subject: Test Message

   Enter some text in the body of the message.

   

8. Ask your partner if they have received your message.

   After your partner sends you a message, you receive new mail.

   

9. Read the message from your partner.

   

10. Quit Mail.

1. Open Network Utility (Command-Space bar or Spotlight).

2. Click the Port Scan button.

   The Port Scan tool scans a server or other IP address to see what network ports are accepting connections. This is explored in more detail in Exercise 24.3.

3. Enter the server address server.local in the IP address field.

4. Select the “Only test ports between” option, and set the range to 443 through 445.

5. Click Scan.

6. Wait for the tool to finish scanning and expand the Network Utility window until all the results are visible.

   

   Your results might not match those shown here. Take a screenshot to record your results. For more about taking screenshots in macOS, see Exercise 8.1, “Restore a Deleted User Account.”

7. Press Shift-Command-4, release the keys, and then press the Space bar.

   The pointer changes to a camera icon, and the region of the screen it’s over is highlighted in blue.

8. Move the pointer over the Network Utility window, and click to take the screen capture.

   The image is saved to your desktop with the name “Screen Shot” followed by the date and time you took it.

9. Quit Network Utility.

1. Log in as Johnny Appleseed.

2. In the Finder, select Server in the Locations section of the sidebar.

   If Server isn’t shown, click Network in the sidebar, and double-click Server in the network view.

   Your Mac contacts Server and logs in as a guest.

3. Click the Connect As button.

   

4. Click Connect at the “You are attempting to connect to the server ‘server’” dialog.

5. When prompted to authenticate, select Registered User, enter the name participant and the password Apple321!, select “Remember this password in my keychain,” and click Connect.

   

   You are connected to Server with the “participant” account. The Finder shows that you have access to more shared folders than you did as a guest. The SMB Shared folder is available only over the SMB protocol, so its appearance here indicates that this is the protocol being used to connect to Server.

   

6. Open Finder preferences: choose Finder > Preferences (Command-Comma), click General, and select “Connected servers,” if it isn’t selected.

   

   This enables mounted server volumes to be displayed on the desktop. Since you haven’t mounted shared folders yet, nothing new appears on the desktop.

7. Close the Finder preferences window.

8. Open the Public shared folder.

   The folder displays in the Finder, and a new network volume icon appears on the desktop.

   In the Public folder you see a file (copy.rtf) and the ParticipantMaterials folder.

   

1. Drag copy.rtf to your desktop. Since you are dragging from one volume to another, this copies the file rather than moving it.

2. Rename your copy of copy.rtf to Participant nn.rtf (where nn is your participant number if you are in a classroom environment or 1 if you are performing these exercises on your own).

   Press Return or click the filename and wait a moment to rename it.

   

3. Select Server in the Finder sidebar.

   This returns you to the view of available shared folders.

4. Open the SMB Shared folder.

   Its icon appears on your desktop.

5. Drag the renamed file from your desktop to the SMB Shared folder.

1. Open Users & Groups preferences.

2. With Johnny Appleseed selected in the user list, click the Login Items tab.

   You don’t need to authenticate as an administrator to access your login items. They are a personal preference, so standard users can manage their login items.

3. Drag the SMB Shared icon from your desktop to the login items list. If SMB Shared doesn’t appear, quit and reopen System Preferences.

   

   Anything in your login items list is opened every time you log in. It can include apps, documents, and folders. When you add a shared folder, you configured it to mount every time you log in. Since you also saved the server account name and password to your keychain when you connected, the connection should be fully automatic.

4. Quit System Preferences.

5. Click the Eject button next to Server in the Finder sidebar to disconnect from Server.

   

   When you disconnect from the server, it automatically unmounts the Public and SMB Shared folders. You can also unmount them individually.

6. Log out and back in as Johnny Appleseed.

7. If a connect dialog appears, click Connect to confirm. The password is filled in from your keychain.

   The SMB Shared folder is remounted and opened in the Finder.

8. Reopen Users & Groups preferences.

9. Click Login Items.

10. Select SMB Shared from the login items list and click the Remove (–) button under the list to remove it.

11. Quit System Preferences.

12. Disconnect from Server again.

In this group of exercises, you learn an alternative way to connect to a share and ways to troubleshoot file sharing.

1. In the Finder, choose Go > Connect to Server (or press Command-K).

2. In the Server Address field, enter smb://server.pretendco.com to connect using the SMB protocol.

3. Before you click Connect, click the Add (+) button at the bottom of the Favorite Servers list.

   

   This adds the server URL to your Favorite Servers list. This is another way to allow access to a shared folder.

4. Click Connect.

   After a few seconds, you receive an error message that there was a problem connecting to the server.

   

5. Click OK, and close the “Connect to Server” window.

1. Open Network Utility.

   Since you are unable to reach the server via the SMB protocol, make sure the network connections between your Mac and the server are working.

2. Click Ping at the top of the application window if necessary.

3. In the “Enter the network address to ping” field, enter server.pretendco.com.

4. Click the Ping button at the right side of the window.

   

   The ping probes are able to reach the server. This tells you that the network connection between your Mac and the server is working.

   Go to the services you are trying to use.

5. Click the Port Scan button.

   The Port Scan tool can scan a server to see what TCP port numbers it has services running on. Usually, you can tell what services are available based on the port numbers.

   Note

   Many network attacks start with or employ port scans, so this type of troubleshooting might be interpreted as an attack. Before you scan ports on a target Mac, request permission from its owner or a network or server administrator, if possible. As a general rule, scan ports only on Mac computers you have responsibility for. Many environments employ automatic countermeasures. Scanning a server might get your MAC address or IP address blacklisted, preventing you from knowing whether you resolved the problem.

6. If necessary, enter the server address server.local in the IP address field.

7. If necessary, select the “Only test ports between” option, and set the range to 443 through 445.

8. Click Scan.

9. Watch the scan as it identifies the open ports.

   

   If you had scanned for a larger range, the port scan would list other open ports. In this case, the port scan lists the open ports it finds and the names of the services usually associated with them. These ports are commonly used and facilitate interoperability across different vendor implementations of the same protocols. To test whether a Mac has an HTTP (web) server, run a port scan on it to see if TCP port 80 is open. HTTPS (a TLS-secured web service) normally uses TCP port 443. If HTTPS requests aren’t working, port 443 might be blocked or inactive.

   For a list of many ports used by Apple devices, see Apple Support article HT202944, “TCP and UDP ports used by Apple software products.”

10. Open the screenshot you took in Exercise 24.1 that shows which ports were open when the services were working and compare it with the current scan.

    In this exercise, you are trying to troubleshoot the SMB file service, which normally involves TCP port 445 (microsoft-ds). This port is listed in the earlier scan but not in the current scan. This indicates that the server doesn’t offer file services over SMB (which is true here since the service is turned off) or that a firewall is blocking access to the service.

11. Quit open apps.