Mac OS X Server Mail services and Push Notifications to iOS devices
I'm running OS X 10.9 with Server 3.0.1 on a Mac residing on a private subnet sitting behind a router whose WAN port is plugged into a cable modem, hence the ISP is a well known cable internet service provider.
This server has its DNS correctly configured (i.e., the result of "sudo changeip -checkhostname" on the server via command line yields perfect results).
This server is running an Open Directory Master.
Dynamic DNS is correctly configured for the router, and resolves the public IP address assigned by my ISP to the same domain name as the server (I forward any required ports for services I run).
This server also has installed a server certificate signed by a trusted CA (i.e., Go Daddy) and is working perfectly for all OS X Server services including Open Directory.
This server also has the Mail service configured (SMTP and IMAP) with no problems (I can send and receive mail to/from the server.
This server server also has push notifications enabled and has a push notification certificate installed perfectly (obtained from Apple's push notification certificate portal, just renewed a few days ago).
I have some iOS devices running iOS 7.0.4. I have configured Mail on these iOS devices to send and receive mail to/from the aforementioned server for a few different user accounts on the server. This works fine (tested, can send and receive mail no problems).
The aforementioned iOS devices mail settings for the aforementioned server have been configured to receive push notifications when mail is received to said user accounts on the server.
With all of that said, the iOS devices are sometimes able to receive push notifications from the Apple Push Notification Service (APNS "cloud") in situations when the iOS devices reside on the same private subnet as the Mac server (via Wi-Fi), and when they reside on the public Internet (via cellular data networks or public Wi-Fi networks such as coffee shops).
Thus, push notifications do work when mail messages on the server are received, but not always. After a period of time has elapsed on the server whereby no email messages have been received (seems to be several hours but I haven't yet been able to pinpoint it precisely), the server apparently loses what is supposed to be a persistent connection with the APNS gateway. OS X Server unfortunately does not log when this connection is lost. Then, when a new email message finally arrives again after several hours and is received by the server, the iOS devices do not receive their expected push notifications and instead OS X Server consistently logs an error message like this one (the only differences being of course the process ID and time/date stamp):
11/26/13 5:48:11.762 AM push_notify[181]: stream: received error: The operation couldn’t be completed. Connection reset by peer on: incoming stream: APN to host: gateway.push.apple.com:2195
Once the above error type is recorded in the logs, a subsequent email message sent to the server successfully generates a push notification message on the configured iOS devices so long as the subsequent message is sent before minimal time has elapsed (i.e., several hours). I do not port forward ports 2195 or 2196 from the router to the Mac server because Apple's support document implies these ports are for outgoing traffic (from the server to the APNS gateway) unless I've misunderstood.
An excerpt in Apple's Mac Developer Library Technical Note TN2265 caught my attention with respect to idle:
An occasional disconnect while your provider is idle is nothing to be concerned about; just re-establish the connection and carry on. If one of the push servers is down, the load balancing mechanism will transparently direct your new connection to another server assuming you connect by hostname and not by static IP address.
Is OS X Server (the "provider" in this context) essentially just "carrying on" by "re-establishing" the connection to APNS after being "idle" for several hours as noted in the logs per the stream error aformentioned?
Someone I spoke with about this posited the above problems may be due to the router's WAN port not being assigned a static IP address by my ISP, but of all the Apple developer documentation and support docs I've looked at about push notifications with OS X Server do not state a static IP address is required.
note: I have also tested this with the same hardware and settings but running OS X 10.8.5 Mountain Lion with Server app 2.2.1 with essentially the same results but IMHO better log verbosity, as in:
11/29/13 11:16:55.713 PM push_notify[11951]: stream: received error: The operation couldn’t be completed. Connection reset by peer on: incoming stream: APN to host: gateway.push.apple.com:2195
11/29/13 11:16:55.722 PM push_notify[11951]: Disconnected from apn server gateway.push.apple.com for topic com.apple.mail.XServer.2a132c32-dda4-45a1-68e1-b3cca3865c12: error Connection reset by peer
11/29/13 11:16:55.722 PM push_notify[11951]: will attempt to reconnect stream APN to host gateway.push.apple.com:2195 in 15 seconds
Any help or suggestions resolving this would be greatly appreciated, it may be something simple I've overlooked.
This problem was been resolved. The ASUS "Dark Knight" router which was providing the private LAN (NAT) and port forwarding to the Mac running OS X Server has a firmware bug. The bug manifest by DROPPING the ESTABLISHED TCP connection on port 2195 between the Mac running OS X Server and APNS, after two hours of quiescence. The router should not have dropped this connection, there was no firewall rule instructing it to do so. The lesson learned is to be much more selective and wise with regard to choosing routers (especially consumer off-the-shelf variety) for use with servers even for servers run in a small business context (like a Mac Mini Server).