Macs frequently need to be restarted for Network logins to succeed

Showing results for 
Search instead for 
Do you mean 
Reply
Participant III
Posts: 13
Registered: ‎06-26-2013
#1 of 32 8,619

Macs frequently need to be restarted for Network logins to succeed

[ Edited ]

What we are seeing is that when a user attempts to authenticate, the login window just shakes and they can't login until the computer is restarted. We are noticing this on multiple machines. We are also seeing that user can sometimes login to one machine, but then when they try to login to another they (sometimes) get an error that the user cannot login at this time because an error ocurred. Rebooting fixes that issue as well. Any idea what would be causing that?

Posts: 532
Kudos: 210
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#2 of 32 8,614

Re: Macs frequently need to be restarted for Network logins to succeed

Hi Adam,

Can you give a little more information on the context of your users?:

- Is it their first time logging into the machines or were they previously able to login before?
- Are the Mac systems connected to the domain at the time of the login failed?
- If so - are they connected through wifi or ethernet?
- After they are able to login successfully, does the problem come back again after a while?

Kind regards,
Brian
Posts: 532
Kudos: 210
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#3 of 32 8,613

Re: Macs frequently need to be restarted for Network logins to succeed

I also recommend you check out the following article for the different types of login issues that can occur:

http://community.centrify.com/t5/The-Centrify-Apple-Guys/Identifying-the-different-types-of-login-is...


Which scenario best matches what your users are seeing?

Brian
Participant III
Posts: 13
Registered: ‎06-26-2013
#4 of 32 8,601

Re: Macs frequently need to be restarted for Network logins to succeed

Hi Brian,


Thanks for responding so quickly. Here are my responses to your questions:

 

- Is it their first time logging into the machines or were they previously able to login before?

In most cases it is a user logging in to the machine for the first time. The login window shakes as if the credentials are incorrect, but then if the machine is restarted after the failed login attempt it usually works.

 

- Are the Mac systems connected to the domain at the time of the login failed?

Yes, and they are all connected via ethernet. 

 

- After they are able to login successfully, does the problem come back again after a while?

 

Yes. My experience has been that logins work for a while, but then I may have to restart machines that start the "shaking" before on the login window. 

 

Thanks,
Adam

Participant III
Posts: 13
Registered: ‎06-26-2013
#5 of 32 8,600

Re: Macs frequently need to be restarted for Network logins to succeed

While the shaking behavior occurs most frequently, we are seeing the first error as well (unable to login because an error occured). For example, in a room full ethernet connected Macs joined to the domain via Centrify, I am able to login with the same account to four of them, but then 5th one displayed the unable to login because an error ocurred message, which goes away after a restart. 

Posts: 532
Kudos: 210
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#6 of 32 8,596

Re: Macs frequently need to be restarted for Network logins to succeed

Hi Adam,

 

Thanks for the update - let's start with the easiest to diagnose first - the failure with the error prompt...

 

This almost always means the Mac machine or user account was unable to connect to the network home folder at the point of login. (I actually have never seen a case where this prompt shows and the network home was not the culprit... but you never know.... =)

 

Since it usually works and sporadically doesn't work - it would suggest either a wobbly network cable between the machine and fileserver, or that the fileserver hit some kind of connection limit.

 

Also make sure that the network home paths for your users are in the FQDN format - login to a Mac, open the Terminal and run the command:

 

  adquery user -h ad_username

 

(Replace ad_username with the actual username of an AD user)

 

The share path should return in UNIX format:

 

/SMB/ad_username/server.domain.com/Share/Path/ad_username

 

If the network home path is using an IP address instead of FQDN, then there's a good chance that the single-sign on into the fileserver is failing when the user is trying to login. Always use FQDN for network home folders.

 

 

 

For the shakey box error - again since this is a sporadic case, I would first check that the physical connections between the Mac machines and AD server are solid.

 

When you come across this type of error again, don't restart the Mac just yet. Try this:

 

  1. Login to the Mac as Local Admin
  2. Open the Terminal and run:

    sudo adflush
    login ad_username

  3. If the command-line login works, then logout and see if the user can login again.
    If it doesn't work, make a note of any messages shown in the Terminal.

 

 

Please give these a go and let me know how you get on.

 

Kind regards,

Brian

 

 

 

P.S. It will be handy to grab the Diagnostic Tool from this article here as well in case we need to start grabbing logs:

http://community.centrify.com/t5/The-Centrify-Apple-Guys/Introducing-the-New-Mac-Diagnostic-Tool/ba-...

Participant III
Posts: 13
Registered: ‎06-26-2013
#7 of 32 8,449

Re: Macs frequently need to be restarted for Network logins to succeed

[ Edited ]

Hi Brian,

 

Thank you for your helpful reply. All of our users network home paths are in FQDN format as /SMB/server.domain.com/Share/Path/ad_username (it does not work for us if the ad_username is included after /SMB/). For one of our machines experiencing the shaky shaky problem, I followed your instructions and did an adflush with the following result: http://cl.ly/image/0E0O0u2m3N0S . I also captured the Centrify basic info log which you can download from this link: (obfuscated, I can e-mail directly if needed). I seem to be noticing the "DC disconnected state" with alarming frequency. Any idea what keeps causing that to happen?

 

Thanks,

Adam

Posts: 532
Kudos: 210
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#8 of 32 8,407

Re: Macs frequently need to be restarted for Network logins to succeed

Hi Adam,

The fact that your machines seems are frequently going into disconnected mode and that your users intermittently see the "Unable to login because an error occurred" message both point to network connectivity issues.

As mentioned above - the login error prompt happens when the Mac cannot reach the network home folder. And the "CentrifyDC is in disconnected state" happens when errr... the machine is unable to reach the network... =)

I would definitely check the physical connections and hardware of your environment and make sure there are no literal bugs chewing up wires somewhere.

You can also send the Basic_Log_Pack.zip into communitysupport@centrify.com and make sure to reference this thread and mark it FAO: Brian and I'll check it out.

Kind regards,
Brian
Participant III
Posts: 13
Registered: ‎06-26-2013
#9 of 32 8,405

Re: Macs frequently need to be restarted for Network logins to succeed

Hmm, so in most cases I am remoting into these machines to check on their status, which means they have an active network connection at the time I'm connecting, yet the machine is still in disconnected status. Is that normal behavior? Shouldn't it reconnect when there is an active network connection? Restarting doesn't restore the connection either, even after I verify that I can get online. I will write separately with my log. Thanks for your help with this.

 

Best,

Adam

Posts: 532
Kudos: 210
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#10 of 32 8,401

Re: Macs frequently need to be restarted for Network logins to succeed

Hi Adam,

 

I have received the pack and in one of the connection tests, the result was:

Computer account password has been changed.
Please correct the cause of this problem, then reset the Computer account in Active Directory.

 

This should be the source of your disconnection problems.

 

To fix this, you can either reset the computer password manually on the AD side, or try doing it from the Mac side by running any of the following commands:

 

sudo adkeytab -r -m

 This will attempt to allow the computer to reset its own machine password by itself (Depends on its security settings in AD)

 

sudo adkeytab -r

 This will attempt to reset the machine password under the default domain admin credentials (usually Administrator@domain.com)

 

sudo adkeytab -r -u aouellette

 This will attempt to reset the machine password with the given credentials, for example the above would be assuming your domain admin credentials is "aouellette@domain.com"

 

 

 

Running this command will prompt you for a password twice (once if using the first command):

- The first password is the Local Admin password (The "sudo" password)

- The second password is for the domain admin credential password.

 

 

Could you give that a try and let me know if that's able to bring your machine back into Connected status?

 

Thanks,

Brian