Strange Sleep behaviour on OS X Lion Server

Hi Guys,
I have a Mac Mini Server, For some reason even though i have told my Mini not to sleep under the Energy Saving settings in system preferences it will sleep after 15 mins of inactivity and can only be woken up by pressing the power button.
This is a server so i do not have any input devices installed and it is operated remote using screen sharing. there is however a monitor attached.
I have noticed when it goes into this sleep mode Screen Sharing goes off and just displays "connecting" message and the current image on being output on the monitor will just freeze.
if i hit the power button and then all is ok, the monitor will refresh to display the current image and screen sharing will suddenly connect.
Please can some one help, this is so frustrating.
Thanks

This has happened since the install, I remember installing the OS and it froze well at leat I thought it had, as the progress bar would not progress. However when I moved the mouse it woke up and the screen refreshed.
When I had Snow leopard running I didn't have this issue.
I will try this SMC reset though
Thanks

Similar Messages

  • Strange behaviour 10.7.1 Lion Server

    My Macbook Pro (5,1) has been setup as a Lion Server (I have the issue of keepoing the thing awake but can live with that).
    Two issues I am experiencing which I can not work out:
    1) Wake on LAN (WOL) will not work via the Internet. I have a Time Capsule as my router and the Mac is hardwired over gigabit ethernet. It works fine on my LAN but will not wake the MBP over the WAN?
    2) The local desktop keeps freezing when left running for any period of time. I am not sure if it is Lion or my setup.
    The MBP is "docked" in a Henge dock it has all connections utilised (FW/USB etc).
    I have an external display Dell U2410 connected via Mini Display Port  and I am using the Magic Mouse (on Bluetooth) and allow this device to wake on Bluetooth is also enabled.
    The Firewire is connected to a WD My Book Studio Edition II for Time Machine backups (as the Time Capsule is used by my MacBook Air for Time Machine Backups)
    When I have finished on the machine I always log off the active user and power off the monitor.
    I leave the machine running until it sleeps (where I can WOL if I need it while still working on LAN).
    When I return after a period of time the local desktop (menu bar, dock etc) are totally unresponsive, I cannot do anything at all locally on the machine.
    However if I log in via my MacBook Air using screen sharing I can drive the desktop totally normally?
    I usually have to reboot the MacBook Pro in order to get the local desktop to be responsive again?
    Has anyone else seen this or have any idea what may be causing these issues?
    Many thanks in advance.......

    I have solved 1) and I can now WOL over WAN but I am still experiencing issues with 2).
    Has no-one else experienced issues with the local desktop becomning unresponsive?
    If I leave the MBP up and running for any extended period of time I repeatably have this issue and it is driving me nuts.
    I can find no particular thing that triggers this from what I can see.
    The only way to resolve is to log in remotely via screen sharing and restart it!
    Anyone? Please.......

  • Strange Finder behaviour since installing Mountain Lion

    I've been experiencing some strange finder behaviour since updating to Mountain Lion. Folders take several seconds to open after clicking on them (and sometimes won't open at all) and files cannot be moved around the desktop or dragged on to an app. However, it is possible to open a file by clicking on it. I've tried re-booting with Snow Leopard and everything seems OK, but as soon as I go back to ML, the problem starts again.

    Library is a folder, not a file. There're more than one Library folders, one at the root and one for each user in your Mac. All of them are hidden, this is why you can't find them. But you can see their contents using
    Finder Menu > Go > Go to Folder
    And then type:
    ~/Library
    for your Library Folder
    -or-
    /Library
    for the root Library folder.

  • Have issues with Moutain Lion "sleeping" while connected to a Lion Server

    Hi there,
    I have a Mac Mini accessible on my local network, running Mac OS 10.7.5.
    I have created user accounts for each employee of my company, and each employee logs in from his computer (running Mac OS Lion) using his account defined on the server.
    So all the profiles and preferences of each user are stored on the server.
    The issue is, I bought recently a new iMac running OSX v10.8.2, and each time this computer goes to sleep, it seems that it doesn't manage to re-connect to the server.
    Each time my iMac wakes up from its sleep, Mail doesn't work anymore, FireFox doesn't work anymore (cannot access the permissions on the server file).
    It was a bit funny at the beginning, but now I am a bit tired to having to restart my iMac each time it goes to sleep even for one minute

    I renewed my DHCP lease on the computer - and the issue didn't happen again since.
    Will put the issue as "solved" if the issue doesn't happen anymore in the next three days. (And look on Wikipedia at what is a DHCP lease and why it would have solved the issue )

  • Strange sleeping behaviour after update to 10.8.5

    I've updated my iMac to 10.8.5, and now when I put it to sleep, turning off my bluetooth trackpad or keyboard wakes it up again.
    It's set not to wake for Network events in System Preferences, and I can't see anything else to try.
    Anyone have any ideas please?
    Thanks
    Steve

    Incorrect date or time displayed in various applications

  • Does installing Lion Server mean: No Sleep ?

    Hi,
    I have the problem, that my iMac won`t go to sleep automatically after the time I setup in the energy saver settings.
    I can get it asleep, if I select Sleep in the Apple menu, but it is only working manually.
    I already tryed resetting PRAM, NVRAM, SMC and I even already did a clean install of lion Still the same problem.
    But I also installed Lion server and I could imagine this is a problem.
    Is here anybody, who installed Lion server and who can confirm, if his Mac falls asleep by itself or not?
    If Lion Server is the problem, I would do another clean install without Lion Server, so my mac will sleep again. I would prefer
    not to have the VPN service, but having a Mac, who does not consume power all the time...
    Without Lion Server I can still access it with VNC or ARD and the iMac would be waken up by the "Wake on Demand" feature.
    Regards
    Florian

    I know did again a clean installed of Lion without installing the Lion Server.
    Now the sleep mode works again.... So it seems, that installing Lion Server is responsible for the iMac not going to sleep.
    I installed Lion server because of the VPN functionality. I got this working without Lion Server by using a smart tool EasyVPN, which allowed me to setup OS X Lion as VPN server (PPTP and L2TP) without having Lion Server installed. you can get this tool at: http://www.squashedsoftware.com/products-easyvpn.php
    Perhaps this is useful for somebody...
    Regards
    Florian

  • Mountain Lion Server cannot Sleep

    first I installed Mountain Lion , MY system is able to sleep fine .
    than I installed ML server , Now system fails to sleep
    It turns off the screen, but keeps running.

    I had this problem on a clean install.
    The solution was incredibly simple for me, but only  after I saw Ross.M's note about opening the Users & Groups settings panel (in the OS System Prefs, not in server) and rebinding to OD server under Login Options.
    That was not the solution for me, but under Login Options I discovered a previously unnoticed pref for "Allow network users to login at login window."  I had this option set (apparently by default) to "Only these network users:"  but with an empty list.  Adding my users to the list made it work perfectly.
    Talk about KISS

  • Slow Logon to Lion Server from Snow Leopard Machines

    Hi Everyone,
    I am usually okay with computers however something has been baffling me for a while now!
    We have recently updated our server from an ageing Tiger server to a Lion server. (Mac Mini Server)
    We have a suite of Mac minis that are running 10.7.4 and have no trouble connecting to the server in fact they sign a relatively quickly.
    We also have a set of MacBooks that are currently all updated to Snow Leopard (10.6)
    The issue we are having is with those MacBooks:
    When the user attempts to access their network share from any of those MacBooks running Snow Leopard the login works however it can take up to 2 min to login. This does happen over the wireless network, however I have also checked it by plugging them in with an ethernet cable and they exhibit the same behaviour.
    This is obviously quite frustrating for all the people using the MacBooks.
    I got strange feeling that the check box somewhere that I've missed.
    Any help would be greatly appreciated.

    A Little bit more information:
    All of the Users are Open Directory Users
    I'm guessing that this may be an issue with the authentication process and for some reason it is taking longer on the Snow Leopard Clients?

  • Can I use Lion server to set-up a WPA2 wireless network in place of an AEBS?

    I'm contemplating replacing my Airport Extreme Base Station with my Core i5 Mac mini as the wireless network server, because this will get rid of a "box" (that I can sell!) and reduce power consumption, since my iMac is on all the time as my iTunes media source anyway. At present my AEBS creates a WPA2 LAN network connected in bridge mode to my Billion modem/router, so DHCP serving is performed by the Billion router. I could replace the AEBS with the Mac mini running Lion simply by using internet sharing, but this has low security (WEP) and I understand there are often connection problems when clients awake from sleep. (Furthermore, my Airport Extreme at the back of the house probably wouldn't connect to that WEP network?)
    So, I wonder.... If I upgraded to Lion Server (only $49), can I set-up the Mac mini as the WPA2 network host in place of the AEBS? My mini is right next to the AEBS anyway, so it's in a suitable position to distribute the radio signal. As I understand it, the Lion Server software would need to allow the Mac mini to connect to the Billion router via ethernet in bridge mode - just like the AEBs, but I can't find any info that tells me whether this is possible.
    Does anyone know if what I want to do is possible? A simple solution may be to turn off the DHCP server functions of my Billion router, letting Lion Server become the DHCP server, but I don't think that's possible. I also don't want to replace the Billion with a simple modem because my Billion router provides VoIP for my home phone (and has done so reliably since 2005).
    Of course, if it's all too hard, I'll leave things as they are, because I don't have any need for the other Server functions of Lion Server.
    thanks

    Hello Chris,
    chrisfromnewtwon wrote:
    So, I wonder.... If I upgraded to Lion Server (only $49), can I set-up the Mac mini as the WPA2 network host in place of the AEBS?
    I don't know. I'm also looking for the same function because I want to
    make my iMac running Lion the router and the firewall of my personnal
    wireless network. The key advantage will be to have the firewall, its rules
    and its logging on the same server.
    What I already know is that turning the Internet sharing on turns a
    MacOS X Lion into a DHCP server on the wireless side.
    dan

  • What to do when SLS - Lion Server Upgrade & Migration Fail

    Hi everyone,
    I've had a tough time over the past week trying to updating my SLS to LS. (It was a slow week at the office so despite the warnings in these discussions I wasn't disturbing anyone, so I thought I'd try...) Both an upgrade to the current running system and a clean install on a wipe of that hard drive stall at the "Configuring Services" "Upgrading services" screen of the set up process. The migration path eventually fails, and as far as I can tell, it seems that the upgrade path just stays there forever.
    Don't worry - I'm doing this all on a Super Duper! clone of my primary drive, so I can go back to SLS whenever I need to.
    BUT, I can tell that the server's status is at least partially okay, even in this stalled setup state - iChat seems to work on various clients, and I can use Server Admin to see stats and services, etc.
    So despite the discomfort of a failed install, part of me feels like I'll be fine with the LS if I can just figure out how to move my old data into the right places for the new system to use it. But I can't find any guidance for that. I'm looking to migrate OD (seems to have migrated fine), iCal, iChat, Address Book, Wikis, Time Machine, and File Sharing (which should be trivial to set up, I reckon).
    Can anyone point me in the right direction?
    Thanks very much,
    Willhaus

    Okay, so I've had some marginal success.
    After leaving the hung install for a ridiculous amount of time (24+ hours), I realized that I could click the help button, and from the help window click the "further info about Lion Server" link to launch Safari. That gave me access to Software Update from the Apple menu, which then let me install the latest Safari update which conveniently enough requires a restart.
    After restart, the Server Migration Assistant kicked in again, but failed quickly in the upgrading services stage. Another restart, and the sever finally booted more or less normally.
    The strange thing was that although chat services worked fine during the hung install, all OD-related services stopped working after restarting. Turns out there were no users or groups in OD. Importing them from an OD archive, though, restored them.
    So now iChat works great (even the old chat longs migrated successfully), and AFP is properly sharing our volumes across our studio's network. So our server is limping along.
    The other services we need that aren't up yet are Wiki and iCal. Some info about those:
    Wiki: administrators can log in and see all wikis just fine. That's awesome because it means the data migrated successfully. Any non-admin users can log in, but are then get a wiki-styled page that says simply "No wikis found". It's as if they don't have permissions to see the wikis, even though in Server.app they belong to the groups that the wikis are associated with. I've tried removing and re-adding users to groups, but that doesn't seem to do it. Any ideas how to fix this?
    Calendar: While I can't get this to work, it's not like it's completely lifeless. An account in a client Lion iCal configured with the proper Lion settings returns an error that reads:
    "The Server is Busy or Unavailable.
    "The server at myserver.com is currently unable to handle the connection for account “ Calendars” due to a temporary overloading or maintenance of the server. If this continues you should contact the server administrator.
    "You may try to connect to the server again or take the account offline."
    As a logged in administrator, in a wiki clicking on Calendar in the nab bar goes to the calendar style page with an unending dialogue box that reads "Getting events from server". And clicking on Calendar from Home page footer takes me to the URL https://myserver.com/webcal with an error that says:
    "Service Temporarily Unavailable
    The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
    Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 Server at myserver.com Port 443"
    Again, at least I'm confident that the data migrated properly -  I can find all the calendar data in it's proper new location - but either the service won't start or something's not configured correctly. I've tried chaining the hostname and restarting the service about a billion times. I've got no idea what to try next. Any ideas?
    Thank you so much,
    Willhaus

  • Lion Server: iOS 5 clients can't connect to Address Card Server

    I have set up shared accounts on the server for Calendar and Address Book (family) sharing. Although I can add and use the Address Book shared account on OS X Lion clients, I can't get this to work on iOS 5 clients (iPhone nor iPad). I keep on getting "CardDAV account verification failed".
    Calendar sharing works just fine on both OS X and iOS5 clients
    Let me briefly describe my setup and observations:
    Server:
    Running Lion Server 10.7.2 on Mac Mini (server)
    Using SSL connections with keys generated during set-up of the server
    Portforwarding in router (ao) for 8008 and 8843 (iCal and Address Book)
    Created  shared accounts on server for Calendar ("sharedcalendar") and Address Book ("sharedcontacts")
    In the DNS server I created services in my primary zone for "_caldavs._tcp." and "_carddavs._tcp." both on port 8443
    OS X Client (Calendar)
    Created additional CalDAV account in preferences (user "sharedcalendar")
    Left the server settings untouched (server path, port "auto" and using SSL but not Kerberos)
    Created in "sharedcalendar" different calendars and reminder lists for the family members which each can access from their OS X client
    This account is now set-up through Profile Manager (tried this with Address Book as well but didn't make any difference)
    iOS 5 Client (Calendar)
    Once tested on standalone and got this working I'm now using the Profile Manager to push the definition of the shared account to all clients
    Hostname with port 8443 (default)
    Left Principal URL blank since it was optional
    User "shared calendar" with the appropriate password
    Ticked "Use SSL"
    OS X client (Address Book)
    Created additional CardDAV account in preferences (user "sharedcontacts").
    Left the server settings untouched (port 443 using SSL)
    iOS 5 client (Address Book)
    In the settings add a CardDAV account (server, user "sharedcontacts", password, description).
    First error message "Cannot connect Using SSL. Do you want to try setting up the account without SSL?". When I press continue I get the error "CardDAV account verification failed"
    If I then save the account details still and edit the account I can access the "advanced settings". When I change to SSL I have tried port 0 (default value), 8443 (the one that's listed in the documentation) and 8843 (which is used by default if you try to set up the
    account in Profile Manager). All to no avail, including Profile Manager
    Observations:
    Lion Server app nicely lists both Calendar and Address Book Server as active (plus Profile Manager, File Server, Web server and Wiki server)
    When I access my server home page, Calendar is listed in addition to other services (Mail | Calendar | Change Password | Profile Manager) but not Address Book. Is this normal behaviour? i.e. can't Address Book entries be changed through a web interface?
    Address Book on OS X client uses 443 for SSL but does not require me to define port 8443 for secure iCal or Address Book server communications
    Lion Server Profile Manager specifies port 8843 as port for SSL communication. I only saw 8443 listed in documentation
    The response "can't connect .." or "account verification failed" happens very quick which make me think either the verification doesn't even leave the iPad or there is something wrong in the SSL connection
    Since iCal set-up works nicely using the same ports I am puzzled why it doesn't work for Address Book
    Your solutions or suggestions how to investigate are most welcome,
    Erik

    Thanks for joining the discussion.
    Although port 8443 is mosten quoted as correct port for CalDAV and CardDAV, port 8843 can be found both on Apple's website and other places:
    see Technical Note 1649 to find port 8443 listed for iCal and port 8843 for Address Book
    Mac OS X Lion Server for Dummies (sic) lists port 8843 on pages 236 and 238 but port 8443 in many other places
    when you want to push iCal and Address Book information with Profile Manager, Profile Manager lists port 8443 for iCal but port 8843 for Address Book as default:
    So I hope you understand I'm somewhat puzzled.
    I did get the Address Book working for my Lion desktops with the all the necessary certificates as far as I know, just not for the iOS devices (iPhone and IpPad). iCal sharing from Lion Server works fine on both Lion and iOS devices.

  • How do I set up my Time Machine and Mac Mini with Lion Server so i have one wifi loop in the house?

    HELP!
    So I have had a Time Machine wifi loop at the house for approx. 6 years. I run two Macbooks, 2 iPhones, 2 iTouch and a Samsung Smart Blueray on the loop.
    I just bought a Mac Mini with Lion Server. When setting it up I'm not sure what or how I managed to do, but I now have 2 wifi loops, one doesn't lock and niether will support the Samsung BlueRay. Also, each time I want to go online with one of the other Mac devices i have to relog into the wifi loop.
    Can someone please walk me through the fix. The mac Mini is plugged straight into the Time Machine to recevie its internet connection.
    Thanks!
    John

    You often see this limit of 10 clients in wireless hotspots but I have yet to see it in an adsl modem.. most strange way to pay for a service that is really irrelevant how many clients you use.
    Have a go .. I recently setup a TC to help a guy run his Roku.. and this setup worked well.. I have no idea if it can work in your case.
    Lets say the IP you get is 192.168.2.1-10 .. doesn't matter what it really is. And the adsl modem is 192.168.2.254
    (Assuming they are private addresses.. if they are public IP you can just use the DHCP and NAT. )
    But go to the airport utility.. I think you need to run v5 at least to change DNS.. but you can do the same thing in v6 using static but no dns changes.
    Now you set the IP of the TC manually.. This address might need to be in the dhcp range of the modem to work. You can set the DNS to same IP as the router address.. ie home address of the modem. Or you can use another DNS.. whatever you like.
    Then set DHCP for clients that will join.. this can then expand the scope of addresses..
    It worked without a NAT error.. although I am not sure exactly how.. on paper it should not be able to work but did.. have a go.. otherwise there is perhaps another way.. but it is complicated.
    Give us an example from a computer plugged into the modem of what IP .. subnet mask .. Gateway and DNS you get. Then I can fine tune the values for it.

  • Configuring postfix on Mountain Lion Server

    I'm trying to upgrade from Snow Leopard Server to Mountain Lion Server and did an install of Mountain Lion Server on top of a working instance of Snow Leopard Server.  The "crippled" GUI on Mountain Lion Server is forcing me into using terminal to configure Postfix to handle incoming email.
    I would like to configure Postfix to only accept email that is forwarded from a gmail business account.  The public email address is [email protected] which is received by Google Mail, goes through their spam filters and then is auto-forwarded to  [email protected]
    The server WAN domain is nonpublic.com  The ip address is 96.231.165.126
    The server LAN is nonpublic.local  The ip address is 10.6.18.201
    The server is a MacMini running Mountain Lion Server 10.6.8 hostname server so the FQDN is server.public.com.
    The network on the MacMini is configured to handle both LAN and WAN traffic through the 1GB physical ethernet port which plugs into a CISCO 3750 switch.  The external traffic to the WAN flows through the switch as tagged packets.  The LAN traffic is not tagged.  The VLAN connection is running 802.1q
    When an email is sent through the WAN to [email protected] the Postfix SMTP log shows:
    Jun  7 19:29:22 server.public.com postfix/smtpd[42181]: connect from cisco.public.com[96.231.165.123]
    Jun  7 19:29:22 server.public.com postfix/smtpd[42181]: disconnect from cisco.public.com[96.231.165.123]
    I can send emails from a client on the LAN through this server with no problems.  The incoming mail server can connect to the machine via the Cisco router/switch but Postfix just shows "cisco" as the connection (that's the router's DNS name) and provides no more info.  I suspect Postfix possibly doesn't like the 802.1q connection and drops the SMTP request to connect on port 25.
    I have turned on "debug" logging in Postfix, but that is all that appears in the SMTP log file
    I've spent most of the week reading through everything I can find on how to install and configure postfix on Mountain Lion Server and work around the cripled GUI in the "server" application.  I'm barely OK using Terminal and not familiar at all with configuring Postfix directling editing the config file.
    What is the best approach to configure Postfix to allow SMTP connections from the outside to deliver incoming email that is forwarded from gmail.com?
    I did find an "aliases" file in /etc/postfix/aliases but I'm not sure how to add the aliases and if adding aliases with a text editor is going to cause the "server" app problems and if the changes will be lost when the machine is restarted.
    Any help would be appreciated.

    MrHoffman, thank you for your response to my challenge to get the new test server working.  This is a migration from Snow Leopard Server to Mountain Lion Server.
    Here is the "checkhostname" test results:
    blue:~ admin$ sudo changeip -checkhostname
    Password:
    Primary address     = 96.231.165.211
    Current HostName    = blue.pderby.com
    DNS HostName        = blue.pderby.com
    The names match. There is nothing to change.
    dirserv:success = "success"
    blue:~ admin$
    Here is the response from postconf -n
    blue:~ admin$ postconf -n
    biff = no
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    debug_peer_level = 2
    debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
    dovecot_destination_recipient_limit = 1
    html_directory = /usr/share/doc/postfix/html
    imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred
    inet_interfaces = loopback-only
    inet_protocols = all
    mail_owner = _postfix
    mailbox_size_limit = 0
    mailq_path = /usr/bin/mailq
    manpage_directory = /usr/share/man
    message_size_limit = 10485760
    mydomain_fallback = localhost
    newaliases_path = /usr/bin/newaliases
    queue_directory = /Library/Server/Mail/Data/spool
    readme_directory = /usr/share/doc/postfix
    recipient_delimiter = +
    sample_directory = /usr/share/doc/postfix/examples
    sendmail_path = /usr/sbin/sendmail
    setgid_group = _postdrop
    smtpd_tls_ciphers = medium
    smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
    tls_random_source = dev:/dev/urandom
    unknown_local_recipient_reject_code = 550
    use_sacl_cache = yes
    blue:~ admin$
    I agree that I should change the LAN domain from .local to something like .internal or whatever.   I've been running with .local for 5 years  on snow leopard server and never had any problems so that was a low priority.
    I hope I'm just not seeing some obvious setting in main.cf

  • Lion Server 10.7.4 VPN service not using my Active Directory domain for authentication

    I have Lion Server 10.7.4 setup on a Mac Mini and I have enabled the VPN service for both L2TP and PPTP. The Mac Mini is joined to my Windows Domain at a functional level of Server 2008 R2. I have set the authentication paths to point to my domain in Directory Utility.
    What I would like to have happen is for my laptop to be able to VPN into my office network remotely using domain credentials and not local account credentials on the Mac Mini itself. This is a process I have done numerous times on Windows boxes, but for some reason the only way I can get the VPN to work on this instance of Lion Server 10.7.4 is by authenticating using local accounts only.
    Does Lion Server 10.7.4 only authenticate VPN users based on it's local account schema? Or can it truly authenticate against an active directory domain?
    Any suggestions or help is greatly appreciated. Thanks,

    Hi g-pirtle,
    Yes, I had already done that a few days ago. I was able to add the desired AD group to the allowed users/groups for the VPN service. Thats exactly what is so weird about this...it allows me to search for and add an AD user or group to the list of allowed users/groups, but then when I actually try to use a domain account to authenticate to the VPN is just gives me the "cannot authenticate" error. Very strange.
    I wondered if for some reason Apple is only allowing local accounts to be authenticated against. Sounds crazy, but I cannot for the life of me get this to work. I also wondered if Kerberizing the server would help, but when I go to join a Kerberos realm in Open Directory inside of Server Admin, it just has no realm listed in the drop down menu.
    Other than that, all other aspects of the Mac Mini being joined to the AD domain seems to be good. I'm really stumped here...
    Thanks again,

  • Lion Server not reading Active Directory Groups reliably

    I am trying to upgrade one of our XServes from Snow Leopard Server to Lion Server and am running into a strange issue with our Active Directory based users and Groups.
    The current Snow Leopard Server serving files from a XSan volume is running fine, though we find a very long Lag time for Windows users to connect. Once a few users have connected the lag seems to go away, but it is still not nearly as fast as Mac users connecting or Windows connecting to a PC server.
    So I have connected a second Xserve to the SAN and performed a clean install of Lion Server. Initially while it would find my Active Directory Groups it would not import any of the users, so obvioulsly no one could connect. In a last ditch effort I installed the beta of 10.7.4, which seemed to resolve the issue for a small group of test users. However as I expanded the test I found that some users would get a message that the were no resources available to them, or they didn't have the correct permissions. This is very strange as everyone is in the same group so should have the same permissions. As a test I took one of the user accounts and created a new share and gave him R/W permission to that share and suddenly all of the shares that he should have had permission to in the first place popped up.
    The only thing that I can think of is that we have such a large Active Directory structure that the authentication is timing out or reaching some user limit and stops looking. (we have over 50,000 users and thousands of groups spread through multiple OUs in the AD structure)
    The new Server.app in Lion looks nice, but it does not seem to have nearly the robustness of the previous Server Admin tools. For instance, I never needed or wanted to setup a "Golden Triangle" but with Lion it is required. Perviously I could search for AD users or groups and drag them from the search window to the share to assign permission, now even though I've imported the groups and users it needs to search the entire directory when assigning permissions - why can't it see the groups that are already there? Why can I run a dscl search and find a user or group instantly, but the Server.app hangs for 5 minutes and shows 0 results?
    Has anyone found a way to make Lion Server work in an enterprise environment?

    Yesterday morning I bound a 10.7.4 server to our AD, and in the afternoon I eventually saw all the AD users, groups, etc show in Workgroup Manager. Now, with dscl, I can see all the AD user and group records, and with Workgroup Manager, I can search the groups, users, and computers, but with the Server.app, when trying to create new group of the type "Imported group from another directory", the searches returned nothing. Directory Utility can show all the AD information also. Our AD has thousands of user record, and so it is reasonable that it may take some time for the Mac server to get all the info. But from the add users or groups interface, I just could not get any search results. What could be wrong then? 

Maybe you are looking for

  • How do I send SMS only at ALL TIMES with an iPhone to ALL contacts? My family shares iPads under my ID and now my teenager gets all my business texts!

    How do I send SMS only at ALL TIMES with an iPhone to ALL contacts? iOS 8 now forces all Apple users to use iMessage all the time with all other iOS users. The option to send as SMS only is subordinate to iMessage in iOS 8 settings and CANNOT be turn

  • Import/Export from Unix

    hi, there, i just got a problem in exporting my database from unix. the account that i got is from my client, and so i can login as a regular user only. my story is, i'm now using unix to access the oracle, but i can't do any exporting action, i got

  • Error when addding members in account dimension

    Hi all,             I am working on consolidation.for currency translation and inte-company elimination in consolidation i want use business rules.can some body tell me which business rules can i use and what are the business rules exist total.is wri

  • How to set my volume keys to change volume rather than activating narrator

    is there a setting that i can change so that the narrator won't automatically activate when i press the volume button? i'm having windows 8 and i'm not used to it. i'm really getting annoyed that everytime i'm supposed to change the volume it suddenl

  • Scale is acting weird

    Not actually sure if the title is the problem, however this is what I want to do and what is happening. I have video with blue screen applied and a second video running as the background. A point in the foreground video zooms in and I want to zoom th