Mountain Lion woes
MacMini on a Windows Server 2008 R2 domain. Worked fine when running Lion. Upgraded to Mountain Lion. First sign of trouble was at the logon screen; a red X and the words "Network drives not available." In Finder > Connect to Server, I can't seem to connect with any pattern of server names or IP addresses.
Any help will be much appreciated.
Fortunately I've run into this on an extra MacMini I bought for this very purpose, and not any of my production machines.
Any help will be much appreciated.
Fortunately I've run into this on an extra MacMini I bought for this very purpose, and not any of my production machines.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oops. It says Network Accounts are unavailable.
OK, I went into Preferences > Network > Advanced > WINS (the only reference I could find to my domain). It displayed WORKGROUP in the workgroup box. I clicked the down arrow and saw my domain name. I clicked it to replace workgroup with my domain name, Exited. After unsuccessfully trying Connect to Server, I looked at this setting again. It was back to WORKGROUP. I changed it again and locked it and looked at it again immediately and it was WORKGROUP. I have nothing in the WINS server block, which could be the problem. I'm not sure if any of my servers are configured as WINS. I rather thought it passe in a Server 2008 domain. But I might have configured WINS and just for got. Should this be checked? Or am I in the completely wrong place on the Mac to join it to the domain?
Here are other tidbits. I can ping workstations on the domain from the Mac using the workstation's name or IP address. But I can ping any of my servers (four) only by IP Address. Pinging by server name yields "cannot resolve: unknown host". What does this signify? Why can ping workstations by name but not servers by name?
OK, I went into Preferences > Network > Advanced > WINS (the only reference I could find to my domain). It displayed WORKGROUP in the workgroup box. I clicked the down arrow and saw my domain name. I clicked it to replace workgroup with my domain name, Exited. After unsuccessfully trying Connect to Server, I looked at this setting again. It was back to WORKGROUP. I changed it again and locked it and looked at it again immediately and it was WORKGROUP. I have nothing in the WINS server block, which could be the problem. I'm not sure if any of my servers are configured as WINS. I rather thought it passe in a Server 2008 domain. But I might have configured WINS and just for got. Should this be checked? Or am I in the completely wrong place on the Mac to join it to the domain?
Here are other tidbits. I can ping workstations on the domain from the Mac using the workstation's name or IP address. But I can ping any of my servers (four) only by IP Address. Pinging by server name yields "cannot resolve: unknown host". What does this signify? Why can ping workstations by name but not servers by name?
ASKER
Interesting. I found a sequence that let's me log on to a domain user's home directory.
1) Log on to mac with a local account.
2) Finder > Go > Connect to Server.
In dialog box smb://servername/username
Click Connect
3) In the next box, select "Registered User" and fill in the user name and the user's password in the boxes. Click Connect, and I'm in.
If I close the window, I can get in again by just repeating step 2.
To log into another user's account, I have to log out of the local account on the mac and sign in again, then go through steps 2) and 3) for the other user.
I can open a shared folder though in addition to a user's home directory.
I just noticed too - reminded, actually - that I had installed a version of Centrify on Lion. What, if anything, it is doing with Mountain Lion I don't know. Everything might be different in a pure Mac environment.
Further comments invited.
1) Log on to mac with a local account.
2) Finder > Go > Connect to Server.
In dialog box smb://servername/username
Click Connect
3) In the next box, select "Registered User" and fill in the user name and the user's password in the boxes. Click Connect, and I'm in.
If I close the window, I can get in again by just repeating step 2.
To log into another user's account, I have to log out of the local account on the mac and sign in again, then go through steps 2) and 3) for the other user.
I can open a shared folder though in addition to a user's home directory.
I just noticed too - reminded, actually - that I had installed a version of Centrify on Lion. What, if anything, it is doing with Mountain Lion I don't know. Everything might be different in a pure Mac environment.
Further comments invited.
Did you do the Centrify ADJoin on the MAC?
It can be that since you upgraded from Lion, you have to take the Mac out of the domain first and afterwards rejoin him with the Centrify ADJoin.
It can be that since you upgraded from Lion, you have to take the Mac out of the domain first and afterwards rejoin him with the Centrify ADJoin.
ASKER
Well, i am snakebit now. Decided to join the mac to AD in native mode, so, unbinded in centrify, and went through the bind process in Network and Users and Groups. No combination of domain, server, etc names seems to work and I can't get out of the Directory Utility, not even with Shutdown and not even with disconnecting the power cable. When it restarts, it is in the same grayed out Directory Utility window. I've tried binding with Preferred Server unchecked and checked, using a DC's IP address, its name and its FQDN. And I've tried appending .local to my domain name and not. There aren't that many other variables. When I click Bind, I get "Cannot connect to Server." I know I'm using a valid domain admin account and password.
One weird thing that happened before I got in this hole. I think I had a good Bind, and then undid it (unwisely I think, I remember seeing a caution message saying that something it was about to do could not be undone.) Anyway, I did an Unbind because after what looked line a successful Bind, when I logged off the local account and got the logon screen, there was no "other" to click to use a network account; just the local account and Guest.
Any help for my current predicament? If reinstalling Mountain Lion would be a way to go, how would I do that since I downloaded it from the App Store, Would I have an installation file still on my mac? I HATE not having an installation disk.
One weird thing that happened before I got in this hole. I think I had a good Bind, and then undid it (unwisely I think, I remember seeing a caution message saying that something it was about to do could not be undone.) Anyway, I did an Unbind because after what looked line a successful Bind, when I logged off the local account and got the logon screen, there was no "other" to click to use a network account; just the local account and Guest.
Any help for my current predicament? If reinstalling Mountain Lion would be a way to go, how would I do that since I downloaded it from the App Store, Would I have an installation file still on my mac? I HATE not having an installation disk.
ASKER
OK, calmer now. Used ForceQuit to shut down Directory Utility.
Another question: I don't see Active Directory listed in Applications or in Utilities? Did it go somewhere else; go away; replaced by something. Is Directory Utility that something?
Another question: I don't see Active Directory listed in Applications or in Utilities? Did it go somewhere else; go away; replaced by something. Is Directory Utility that something?
You need to go to system preferences ==> Accounts. Click on a user ==>login Options. At the bottom you can link Network Account Server: "Join".
If you click on it, you can bind it to your AD.
If you click on it, you can bind it to your AD.
ASKER
Did all of that; still no joy connecting with native mac functionality. If I just click on Join I get some message about not connecting and if I go a step further into the Directory Utility and try it from there I get essentially the same result but a different message, server not found or something like that. I am able to connect to server shares and other workstations through Centify. That is, Centrify did join the machine to the domain. But I still have that logon weirdness, which, to repeat, is that the logon screen displays the message "Network accounts are unavailable." So I log on with a local account, and then I can connect to server using a network account and the local account again to give AD permission to change the local machine. This weirdness could be because Centrify is installed on this machine. Could remove it to test, but I'm inclined to leave well enough alone at this point. I can connect, and that's something. I appreciate the help.
ASKER
Just appending a comment to this closed case in case if would be useful to others.
Reflecting on the different behaviors of Lion and Mountain Lion with respect to network authentication, it seems that in Lion the user authentication by AD occurs at network logon. Once logged on with the the network user account, the user has access to his/her home folder and no others (except shared for access by all of course.)
In Mountain Lion on the other hand though, there was no option at log on to use a network account. In fact, a red x (or dot, I don't remember) with the words Network Accounts Unavailable displays next to the user name box. So one logs on to the local machine with a local account, and then Connects to Server using a network account. I think user authentication is occurring at that point because having done that, the user cannot see other users' home directories. Before logging on to his or her own account though, he/she could have logged on to any other users account for which that he/she knew the name and password.
--ron hicks
Reflecting on the different behaviors of Lion and Mountain Lion with respect to network authentication, it seems that in Lion the user authentication by AD occurs at network logon. Once logged on with the the network user account, the user has access to his/her home folder and no others (except shared for access by all of course.)
In Mountain Lion on the other hand though, there was no option at log on to use a network account. In fact, a red x (or dot, I don't remember) with the words Network Accounts Unavailable displays next to the user name box. So one logs on to the local machine with a local account, and then Connects to Server using a network account. I think user authentication is occurring at that point because having done that, the user cannot see other users' home directories. Before logging on to his or her own account though, he/she could have logged on to any other users account for which that he/she knew the name and password.
--ron hicks
ASKER