• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Rockies-Edu] AD and 10.10
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Rockies-Edu] AD and 10.10

  • Subject: Re: [Rockies-Edu] AD and 10.10
  • From: Andy Gerhard <email@hidden>
  • Date: Wed, 28 Jan 2015 17:49:59 +0000
  • Thread-topic: [Rockies-Edu] AD and 10.10
Corey et al.,

In my initial testing, 10.10.2 exhibits the same behavior after a force shutdown. No joy. In my limited testing, I’ve found the workaround still is effective, but it has only been effective some of the time, on occasion requiring multiple cycles of force-shutdown and re-execution of the workaround.  I’ve only been testing on a single machine, so I do not know if this behavior is common or not. 

Corey, the release notes did not include any clear reference to this problem, which is likely why it is not fixed. As our “Apple Insider,” is there any clarity around where this problem sits with engineering that you can provide, or additional gentle pressure that you can exert? As it stands, moving clients to Yosemite results in a potential increase in support staff workload that we can’t afford to expose ourselves to. With the next OS update cycle just starting, I am not optimistic we will see relief soon. I’ve spoken with level-2 enterprise support and received the “we’re aware of the impact” and “we can’t predict when it will be fixed” and a lot of “engineering doesn’t share that information with us” comments, all of which I understand, but none of which help me communicate with my management a resolution roadmap. 

Regards,
Andy

From: Corey Carson <email@hidden>
Reply-To: "email@hidden" <email@hidden>
Date: Tuesday, January 27, 2015 at 10:22 PM
To: "email@hidden" <email@hidden>
Subject: Re: [Rockies-Edu] AD and 10.10

Andy, Zach, Don and everybody else…thanks for the excellent write-ups and detail on the issue. While I’m glad that the workaround was successful as an interim solution, I’m also curious if 10.10.2 fixed the issue. When you complete any testing and have some results, let us know. 

Thanks,
Corey


Corey Carson, Field Engineering Manager
Apple Education
Apple Inc.
(303) 746-1634

On Jan 22, 2015, at 10:33 AM, Andy Gerhard <email@hidden> wrote:

I have found Chris’s suggestion works in my environment. The “fix,” however, makes for a very long boot delay.  So I’ve deployed a file of a different name to all my Yosemite machines that will allow the support personnel to quickly resolve failed boots without imposing the penalty of slow boots across the install base. 

I created a script /etc/rc.server_bootfix that contains:
  #!/bin/sh
  /usr/sbin/BootCacheControl jettison
  mv /etc/rc.server /etc/rc.server.bootfix

My instructions to my support team are:
  Boot single-user (command-s)
  mount –uw /
  mv /etc/rc.server_bootfix /etc/rc.server
  Exit

The machine boots (slowly). Subsequent boots do not run the script, so boot performance is not affected. Users that are in the habit of forcing shutdown can have the last line of the script removed and suffer long boots until 10.10.2 is released.

As for saving files as PDF’s to get around version mismatches in iWork, we long ago concluded that this was not a viable solution for students, particularly in the lower grades. That decision has caused us to scramble with each iOS release, but that’s why we use Casper Suite to manage our OS X devices. 

With 10.10.2 in developer preview, and the observation that AD/force-shutdown does not result in a boot-hang in 10.10.2, I am hopeful the release is just around the corner. 

Regards,
Andy


From: Zachary Miller <email@hidden>
Reply-To: "email@hidden" <email@hidden>
Date: Thursday, January 22, 2015 at 8:30 AM
To: Rockies edu <email@hidden>
Subject: Re: [Rockies-Edu] AD and 10.10

Thank you Don! I am so grateful that you have found this article. I am embarrassed I didn't find it. Thank you for all your help and support Rockies Edu!
Zach

On Wed, Jan 21, 2015 at 3:42 PM, Michael T. Scott <email@hidden> wrote:
Thanks all for the great discussion and grounding real world experiences.

If I’m looking at the boot progress bar hanging behavior that Andy describes, then the JAMF Nation thread that Don points to appears to be a functional workaround in multiple environments:

> Posted 1/14/15 at 11:59 AM by chris.hotte
>
> I've tried all of the above suggestions which did not provide a consistent fix. But this does.
>
> On the client only, you may hijack the unused /etc/rc.server bash hook, eg single user boot:
>
> bash-3.2# mount -uw /
> bash-3.2# /usr/bin/nano /etc/rc.server
>
> #!/bin/sh
> /bin/echo BootCacheKludge Beta 1.0 - Chris Hotte 2015 - No rights/blame reserved.
> /usr/sbin/BootCacheControl jettison
>
>
> Boots are now completing 0 of the time.
>
> Edit: We are now beta testing this workaround on ~50 machines.

How does this work for you folks?

-Mike


Michael Scott, Systems Engineer
Apple Education
Apple Inc.
(720) 346-3871
www.apple.com/education
> On Jan 21, 2015, at 2:21 PM, Jonathan Ender <email@hidden> wrote:
>
> Andy,
>
> I understand updating the OS for parity in general, but I’m surprised you put everyone on Yosemite vs. having iOS devices just export files to PDF or another compatible form to be opened in MS Word or what not.
>
> We have multiple macbooks (also about 800 iPads) and have also had our share of numerous issues on Yosemite which has resulted in telling people to NOT update to it because it’s a FAR CRY from an “upgrade” to say the least; even with the release of 10.10.1 thus far. If only apple understood and applied the concept of “backwards compatibility.”
>
> We have had some issues with macbooks booting up that are bound to AD, but not a ton. In one case we booted in single user mode and then re-started, but we can’t guarantee that was the exact fix as this happened about a month back and my boss doesn’t fully recall what he did. Most of our issues with Yosemite have been regarding wireless connectivity and multiple issues with apple mail where it automatically changes accounts over to google.
>
> -Jonathan
>
> From: rockies-edu-bounces+jonathan.ender=email@hidden [mailto:rockies-edu-bounces+jonathan.ender=email@hidden] On Behalf Of Don Cochran
> Sent: Wednesday, January 21, 2015 1:18 PM
> To: email@hidden
> Subject: Re: [Rockies-Edu] AD and 10.10
>
> Here is a thread on Jamf Nation discussing the same problem. If you go toward the end of the thread, it appears one of the folks has found a work around that appears to be working.
>
> https://jamfnation.jamfsoftware.com/discussion.html?id=12589
>
> On Wed, Jan 21, 2015 at 1:04 PM, Andy Gerhard <email@hidden> wrote:
> Michael,
>
>
> Let me add my experience to Zach's, and see if we can agree on a different perspective.
>
>
> I've been managing an Active Directory environment for several years with Mac's bound to AD.  There was very little mystery to setting up this environment, and we marched steady forward through all the cats in the Mac OS land with little changing in the AD connector. Mavericks brought us additional happiness with a more usable SMB, and Microsoft DFS became less flaky with Mac clients.
>
>
> My world is complicated by 700 students carrying iPads. As we move forward with iOS releases, we are forced into a unpleasant challenge with iWork applications being unable to play well with different versions, so our inclination was to move to Yosemite to achieve platform/software parity. The dsconfigad/Active Directory binding experience was identical to previous releases... there are very few bells and whistles to making this work.
>
>
> We moved the bulk of our school to OS X 10.10.1 (because of wi-fi problems with 10.10). We immediately ran into the problem of boot progress bar hanging. I have found I can reproduce the hang much more readily than recovering from it. The easiest way is to force-shutdown. If AD bound, the subsequent boot has a high probability of failing. I have unbound my test machine, and yanked the power cord as well as force-shutdown multiple times, and the boot hang does not re-occur. As soon as I re-bind to AD, the boot hang can be reproduced with a force-shutdown.
>
>
> So here is my single, specific goal: Have an OS X 10.10.1 machine consistently and reliably boot while bound to AD, exactly as it did in previous releases of the OS.
>
>
> "Out of the box, OS X seamlessly integrates with a variety of directory service technologies, including Active Directory, Microsoft's implementation of directory services." (From "Best Practices for Integrating OS X with Active Directory", OS X Yosemite v10.10, December 2014.) From my perspective, the seams are clearly coming apart.
>
>
> I accept the complexity and challenge of AD integration. In my case, I've had an integrated environment that has worked fairly well for a long while. This integration has been compromised by an Apple software update. In the wild, we have machines experiencing the boot hang without having performed a force-shutdown, so our pain is not simply eliminated by removing some unwanted behavior. With our classroom instruction environment becoming increasingly dependent on computing resources, being unable to boot is forcing many teachers into their "plan B," taking the promise of technology assisted learning down a notch.  Our support staff is living the movie "Groundhog Day" as they repeatedly deal with hung-boot machines. We are now actively moving clients back to Mavericks and taking iWork apps out of the picture in an effort to avoid this crippling failure.
>
>
> We have opened case # 728023624, and have been told our experience is shared by others and that there is no work around or resolution other than to unbind from AD, once you can get the machine to boot. I will continue my investigation, taking an out-of-box imaged computer and repeating my AD/no-AD testing, but the first question of troubleshooting usually is "What has changed?", which in this case is the version of the OS. There are more than a few of us that have been significantly impacted by this bug, and we are eagerly awaiting some relief from Apple.
>
>
> Regards,
>
>
> Andy Gerhard
>
> Sr. Network and Systems Administrator
> Cherry Hills Community Church
> Cherry Hills Christian Schools
> 303-325-8207 (Anytime)
> This e-mail is intended only for the person or entity to which it is addressed .  It may contain information that is privileged and confidential. This information is delivered to you with the trust that it will not be shared with others without permission.  Any disclosure, copying, further distribution or use thereof is prohibited.  If you have received this communication in error, please advise me by return email and delete it. Remember, e-mail sent through the internet is not secure, so please do not send sensitive material through unencrypted e-mail. Thank you.
>
> From: rockies-edu-bounces+agerhard=email@hidden <rockies-edu-bounces+agerhard=email@hidden> on behalf of Michael T. Scott <email@hidden>
> Sent: Tuesday, January 20, 2015 4:22 PM
> To: email@hidden
> Subject: Re: [Rockies-Edu] AD and 10.10
>
> Hi Zach!
>
> With the complexity inherent in an AD integration project, it can be a formidable challenge to understand where to begin the troubleshooting process. I am of the belief that complex technology integration projects benefit heavily from investment in experienced, expert assistance. Paid training and support goes a long way to condensing the time and effort you describe having already invested.
>
> Can you begin by describing a single, specific goal? For example - “I have a goal for AD user authentication at the OS X login window in order to provide students with a single set of credentials to support shared desktop computer access.” With that goal in mind, I would then ask you to describe a specific configuration and failure you are experiencing, such as “The computer is bound to AD using Directory Utility. After entering a correct username and password, the login window ‘shakes’ and does not allow the user access to the computer.”
>
> With a specific goal articulated, and a failure being replicated, we can begin troubleshooting. I know you are already pretty far down the development road, but for the sake of the public email list, let’s start at the top.
>
> If you are able to put you efforts and my questions into the context of Apple’s best practices, even better. More here on our current recommendation for AD integration:
>
> http://training.apple.com/pdf/wp_integrating_active_directory_yosemite.pdf
>
> Thanks,
>
> -Mike
>
> 
> Michael Scott, Systems Engineer
> Apple Education
> Apple Inc.
> (720) 346-3871
> www.apple.com/education
>
>
>
>
>> On Jan 19, 2015, at 8:23 PM, Zachary Miller <email@hidden> wrote:
>>
>> Hello and thank you for your time! I have spent lots of time with Apple enterprise support, on Google looking for information as well as reaching out to providers and associates. I am having trouble with machines that are on Yosemite and bound to AD. I have tried some things I found in articles surrounding FQDN's to no avail. If you have experienced this issue and found any band-aid type fixes or resolutions would you send them my way? I greatly appreciate your time!
>> Zach
>>
>> --
>> Zachary Miller
>> District Tech
>> Manitou Springs School District
>> Office Phone: (719)685-2667
>> Cell Phone:    (719)352-8544
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Rockies-edu mailing list      (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
>
>  _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Rockies-edu mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
>
>
>
> --
> Don Cochran
> ISTS Technician
> Thompson R2J School District
> 2890 N Monroe
> Loveland, CO 80538
> 970 613-5164
> email@hidden
> Twitter: @macdcsound
>
> “Education is the kindling of a flame, not the filling of a vessel.”  - Socrates
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Rockies-edu mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Rockies-edu mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden



--
Zachary Miller
District Tech
Manitou Springs School District
Office Phone: (719)685-2667
Cell Phone:    (719)352-8544
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Rockies-edu mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

 
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Rockies-edu mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >[Rockies-Edu] AD and 10.10 (From: Zachary Miller <email@hidden>)
 >Re: [Rockies-Edu] AD and 10.10 (From: "Michael T. Scott" <email@hidden>)
 >Re: [Rockies-Edu] AD and 10.10 (From: Andy Gerhard <email@hidden>)
 >Re: [Rockies-Edu] AD and 10.10 (From: Don Cochran <email@hidden>)
 >Re: [Rockies-Edu] AD and 10.10 (From: Jonathan Ender <email@hidden>)
 >Re: [Rockies-Edu] AD and 10.10 (From: "Michael T. Scott" <email@hidden>)
 >Re: [Rockies-Edu] AD and 10.10 (From: Zachary Miller <email@hidden>)
 >Re: [Rockies-Edu] AD and 10.10 (From: Andy Gerhard <email@hidden>)
 >Re: [Rockies-Edu] AD and 10.10 (From: Corey Carson <email@hidden>)

  • Prev by Date: Re: [Rockies-Edu] AD and 10.10
  • Next by Date: [Rockies-Edu] Mac Mail with Exchange 2013
  • Previous by thread: Re: [Rockies-Edu] AD and 10.10
  • Next by thread: [Rockies-Edu] Using the Puffin app
  • Index(es):
    • Date
    • Thread