Thanks @Rozzer !!!
Thanks @Rozzer !!!
I will try and produce something and put it on my blog :)
Just curious but I would remove the folder redirect with the manifest preferences and see if you see an improvement. I am working on a site Friday with a slowness issue with logins and general performance. I am going to setup a fresh image on them to see if it cures the issue they are having.
The odd thing is its not slow logins or any kind of performance issue - everything works perfectly, apart from a random complete system hang (when even cmd+alt+esc won't even bring up the task manager)
Once the 'hang' is over, everything works perfectly until the next time! I've had videos streaming whilst editing videos in Premiere with no performance issues, but I can have the system hang even with nothing running!
But before that and currently, we use the golden triangle setup AD for authentication and profile paths and OD for configurations settings for Mobile Sync accounts.
For our setup on the AD side, we set their local account location, for windows roaming profiles and then set the drive mapping, for Mobile sync account location.
On the mac client, we bind to AD with these settings:
important to bind AD first as it is for authentication.
User Experience tab, check use UNC path, set your protocol and check Default user shell (default setting)
The rest is default. If we did not have an OD server to tell the apple computers to log in with a mobile sync account settings, all users would be a network account and create havok on our network.
We then bind to our open directory master for the preferences that are set, such as sync rules.
We set these up by using our AD groups.
We have been using this method for a few years with great ease.
I wonder if its something to do with the share permissions on the servers. Currently each user accesses their home folder via the share \\server\yeargroup\username and the Yeargroup is the Shared folder. They then have Modify rights on their own folder and subfolders.
Its difficult to pin down as it happens so randomly - you can have 3 in a row,none for an hour and so on!
My suggestion, and just to clarify I make a living out of fixing AD integration issues like this every day of the week for the past 8 years, would be to work off my earlier list. I would be totally shocked if it isn't one of them.
Is the domain name pushed out via dhcp and entered in the Search Domains? If so is it also listed in the proxy exceptions list? I have seen this when someone was using a .local domain and if the domain name was not listed under the exceptions then the client would keep trying to go outbound to the web.
Also what version of Server are you running. I had massive issues with 10.5.8 and AFP shares. The service was maxing out at 100%. After upgrading to 10.6 the service never got past 65% under the same load. There was an issue with the threads being held open in 10.5.8 server causing the cpu to max out and causing slow down.
If you haven't, move the Safari cache to a tmp location (although 5.1.7 seems to handle this better now), and any other areas that hit the network home dir regularly, such as the logs. These can get written to constantly. Also check the logs to see if there is any software writing to the logs repeatedly in short space of time. This coupled with the logs being stored in the networked home dirs could cause an issue.
Also forwarding DNS address. I had login issues as I was using an incorrect DNS forwarding address. Everything worked as expected, just really slowly.
I've tried with a 'blank' account and it does the same thing. All the Macs are 10.6.8 and so is the server, although the users don't have and afp shares on the server as they use their smb shares on the Windows server.
Its a fundamental issue with osx for us - no matter what misconfiguration there is (and I'm yet to find it!) the fact the system locks out completely is a pretty poor showing - you can't even get the Force Quit dialogue up or run Activity monitor.
Its also quite tricky to go through this - I've been checking suggestions posted on here (thanks to all!) but as its so random whenever I think it may be working I get a lock out all of a sudden...grrrrrrr
Have you been able to rule out any network drop-outs? I know that if OS X is running using networked based accounts that if the network disconnects for long enough then the clients will crash causing the issues that you see. Occasionally if the network comes back up in time the client may be able to restore functionality. If off long enough, the client will just freeze. Maybe the connection to the SMB share is dropping out causing the clients to freeze. Finder is unresponsive as soon as network connectivity is lost. Local home dirs would not be affected like this so would not show the symptoms even if the home dir is mounted. This may disappear but it wouldn't cause the system to crash.
OS X is notoriously bad when used on a networked account as it doesn't download a copy like Windows does. It runs right from the server, hence the reason to redirect any folders that could be written to frequently.
You could maybe open up an SSH tunnel to a client and then run a tail on the logs to see what is happening. If the network connection does drop-out your connection may be lost as a result and then you would know what the cause is.
This is odd. We run a couple of hundred Macs, authenticating against AD with files stored on OSX server shared over AFP with 10.6.8 on the client and server. We redirect all cashes to the local machine. Your problem is reminiscent of how we first had things under 10.4 with NO redirection. There has to be some sort of network problem here, either name resolution or caching.
You could set your Macs to have portable home directories - similar to Windows where it downloads a copy rather than running off the network.
How many clients connect before things start to go wrong, by the way?
Theres 15 macs in the room - on the same network segment as maybe another dozen windows PCs. The problems can occur when only one Mac is in use and no Windows machines in use at all. I've tried moving to a difference network segment and switch but the problem can still occur.
Its exactly as Hodgehi describes - I'll have to see if I can get one to hang regularly so I can test it in the hung state. Easier said than done with it being so variable when it happens.
I'm going to try and do a fresh blank installation using a 10.6.8 image (I've just realised that the original disk was 10.6.5 and updates added to that)
But where can I get a download for a full 10.6.8 install?, I can't find it on Apple site anywhere, just the update.
I've also noticed an error today that doesn't seem to coincide with the 'hanging' but is relating to AD:
Does that error mean anything to anyone?Code:
gssd Major error = 851968: Unspecified GSS failure. Minor code may provide more information
gssd Minor error = 100006:
DirectoryService GSSAPI Error: Unspecified GSS failure Minor code may provide more information (Server not found in Kerberos database)
There is not a full 10.6.8 installer that I'm aware of. You will need to use your 10.6.5 disk and update if you want a 10.6.8 image.