|
Michael,
Let me add my experience to Zach's, and see if we can agree on a different perspective.
I've been managing an Active Directory environment for several years with Mac's bound to AD. There was very little mystery to setting up this environment, and we marched steady forward through all the cats in the Mac OS land with little changing in the
AD connector. Mavericks brought us additional happiness with a more usable SMB, and Microsoft DFS became less flaky with Mac clients.
My world is complicated by 700 students carrying iPads. As we move forward with iOS releases, we are forced into a unpleasant challenge with iWork applications being unable to play well with different versions, so our inclination was to move to Yosemite
to achieve platform/software parity. The dsconfigad/Active Directory binding experience was identical to previous releases... there are very few bells and whistles to making this work.
We moved the bulk of our school to OS X 10.10.1 (because of wi-fi problems with 10.10). We immediately ran into the problem of boot progress bar hanging. I have found I can reproduce the hang much more readily than recovering from it. The easiest way is
to force-shutdown. If AD bound, the subsequent boot has a high probability of failing. I have unbound my test machine, and yanked the power cord as well as force-shutdown multiple times, and the boot hang does not re-occur. As soon as I re-bind to AD, the
boot hang can be reproduced with a force-shutdown.
So here is my single, specific goal: Have an OS X 10.10.1 machine consistently and reliably boot while bound to AD, exactly as it did in previous releases of the OS.
"Out of the box, OS X seamlessly integrates with a variety of directory service technologies, including Active Directory, Microsoft's implementation of directory services." (From "Best Practices for Integrating OS X with Active Directory", OS X Yosemite
v10.10, December 2014.) From my perspective, the seams are clearly coming apart.
I accept the complexity and challenge of AD integration. In my case, I've had an integrated environment that has worked fairly well for a long while. This integration has been compromised by an Apple software update. In the wild, we have machines experiencing
the boot hang without having performed a force-shutdown, so our pain is not simply eliminated by removing some unwanted behavior. With our classroom instruction environment becoming increasingly dependent on computing resources, being unable to boot is forcing
many teachers into their "plan B," taking the promise of technology assisted learning down a notch. Our support staff is living the movie "Groundhog Day" as they repeatedly deal with hung-boot machines. We are now actively moving clients back to Mavericks
and taking iWork apps out of the picture in an effort to avoid this crippling failure.
We have opened case # 728023624, and have been told our experience is shared by others and that there is no work around or resolution other than to unbind from AD, once you can get the machine to boot. I will continue my investigation, taking an out-of-box
imaged computer and repeating my AD/no-AD testing, but the first question of troubleshooting usually is "What has changed?", which in this case is the version of the OS. There are more than a few of us that have been significantly impacted by this bug, and
we are eagerly awaiting some relief from Apple.
Regards,
Andy Gerhard
Sr. Network and Systems Administrator
Cherry Hills Community Church
Cherry Hills Christian Schools
303-325-8207 (Anytime)
This e-mail is intended only for the person or entity to which it is addressed . It may contain information that is privileged and confidential. This information is delivered
to you with the trust that it will not be shared with others without permission. Any disclosure, copying, further distribution or use thereof is prohibited. If you have received this communication in error, please advise me by return email and delete it.
Remember, e-mail sent through the internet is not secure, so please do not send sensitive material through unencrypted e-mail. Thank you.
From: rockies-edu-bounces+agerhard=email@hidden <rockies-edu-bounces+agerhard=email@hidden> on behalf of Michael T. Scott
<email@hidden>
Sent: Tuesday, January 20, 2015 4:22 PM
To: email@hidden
Subject: Re: [Rockies-Edu] AD and 10.10
Hi Zach!
With the complexity inherent in an AD integration project, it can be a formidable challenge to understand where to begin the troubleshooting process. I am of the belief that complex technology integration projects benefit heavily from investment
in experienced, expert assistance. Paid training and support goes a long way to condensing the time and effort you describe having already invested.
Can you begin by describing a single, specific goal? For example - “I have a goal for AD user authentication at the OS X login window in order to provide students with a single set of credentials to support shared desktop computer access.” With
that goal in mind, I would then ask you to describe a specific configuration and failure you are experiencing, such as “The computer is bound to AD using Directory Utility. After entering a correct username and password, the login window ‘shakes’ and does
not allow the user access to the computer.”
With a specific goal articulated, and a failure being replicated, we can begin troubleshooting. I know you are already pretty far down the development road, but for the sake of the public email list, let’s start at the top.
If you are able to put you efforts and my questions into the context of Apple’s best practices, even better. More here on our current recommendation for AD integration:
Thanks,
-Mike
Michael Scott, Systems Engineer
Apple Education
Apple Inc.
(720) 346-3871
On Jan 19, 2015, at 8:23 PM, Zachary Miller < email@hidden> wrote:
Hello and thank you for your time! I have spent lots of time with Apple enterprise support, on Google looking for information as well as reaching out to providers and associates. I am having trouble with machines that are on Yosemite
and bound to AD. I have tried some things I found in articles surrounding FQDN's to no avail. If you have experienced this issue and found any band-aid type fixes or resolutions would you send them my way? I greatly appreciate your time!
Zach
--
Zachary Miller
District Tech
Manitou Springs School District
Office Phone: (719)685-2667
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Rockies-edu mailing list ( email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
|