You are not logged in.

Announcement

[2017.09.08] DeployStudio build v1.7.8 (checksum, release note).
[2016.08.26] DeployStudio build v1.6.19 (release note).
[2013.02.23] DeployStudio last universal build v1.5.17 (release note).

#1 2016-05-18 00:56:22

jgeorge04
Member
Registered: 2015-05-28

AD Bind Failing

I just rebuilt my DS server with OS X 10.11.  I've installed the latest version, captured an image and rebuilt my workflows just as before.  Imaging works but when it restarts and attempts to AD Bind, it keeps failing with the following error:

dsconfigad: The plugin encountered an error processing request. (10001)
An error occurred while trying to bind this computer to AD, new attempt in 10 seconds....

I'm using the same settings as before when it worked.  The only difference is that before I was running the server on OS X 10.10.3 and my net boot sets were created from the server.  This time I'm running 10.11 and I've also created the netboot sets from the server.  I've attempted the create new netboot sets from a 10.7 machine as well as a 10.10 machine.  After setting each as the default netboot set under Netinstall on the server, neither will boot.  Only the 10.11 netboot set works. 

Is there something I'm missing or is there some bug that I'm unaware of?

Last edited by jgeorge04 (2016-05-18 01:04:00)

Offline

#2 2016-05-18 14:19:39

ceholcomb
Member
Registered: 2014-01-13

Re: AD Bind Failing

See this post for an answer to your question...

http://www.deploystudio.com/Forums/viewtopic.php?id=7658

Last edited by ceholcomb (2016-05-18 14:23:51)

Offline

#3 2016-05-18 14:51:08

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

Okay so how can I work around this and what exactly is the problem since it was working before?  Is it because I upgraded to 10.11 or because I upgraded DS?

Offline

#4 2016-05-18 16:23:16

ceholcomb
Member
Registered: 2014-01-13

Re: AD Bind Failing

The work around is that you either bind the computers manually or script the domain binding without using configuration profiles. According to Apple Education Support, the issue with profiles is within 10.11.4 itself. So far I have not been able to test 10.11.5 to see if the update that came out yesterday fixes the configuration profile import issue. The first image I tried writing up to my DeployStudio repository failed. There may be some issues with 10.11.5 that require an update to DS for compatibility.

Offline

#5 2016-05-18 16:28:02

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

I'm running 10.11.5 and I can confirm that it is not fixed.  If you know of a script that works, can you share it?

Offline

#6 2016-05-18 16:44:03

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

Also, I think it's worth noting that I am not getting the same error as you did in your other thread.  My error is referencing dsconfigad, not a profile.  Are you sure we're having the same problem?

Offline

#7 2016-05-18 17:05:20

ceholcomb
Member
Registered: 2014-01-13

Re: AD Bind Failing

I'm using the Active Directory binding tool built into DeployStudio's workflow area. It creates a configuration profile and the import process is what is broken according to Apple.

Offline

#8 2016-05-18 17:09:57

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

Ah, I see.  So let me ask this.  If I use a 10.10 netboot set instead of 10.11 would that fix my problem, in theory?

Offline

#9 2016-05-18 18:21:07

ceholcomb
Member
Registered: 2014-01-13

Re: AD Bind Failing

It probably will not make any difference according to everything I have seen. It's the operating system of the computer that is being joined to the domain that is important.

Last edited by ceholcomb (2016-05-18 18:22:03)

Offline

#10 2016-05-18 18:22:05

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

That's what I assumed, so I tried making a 10.10 nbi from a client machine but no matter what I do, I can't get any machines to net boot from any nbi's except the one I made from the server.  I've never had this problem in the past.

Offline

#11 2016-05-18 18:33:37

ceholcomb
Member
Registered: 2014-01-13

Re: AD Bind Failing

I create netboot sets on client computers all the time, but it has to be on the very latest hardware you have. Put a clean OS 10.11.4 on your newest client Mac and then install DS and create a netboot set. Remove all others on your server and make it the default and it should work.

Also, I would recommend steering clear of 10.11.5 for a while... looks to me like there is problems with it and DS.

Last edited by ceholcomb (2016-05-18 18:35:05)

Offline

#12 2016-05-18 18:42:22

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

Well my server is already on 10.11.5 so nothing I can do about that.

Also why would you suggest using 10.11.4 for my nbi if 10.11 is causing AD bind problems?

Offline

#13 2016-05-18 18:50:16

ceholcomb
Member
Registered: 2014-01-13

Re: AD Bind Failing

It's not the .nbi that is the problem, but the Mac OS version on the image that is creating the problem. Apparently 10.11.4 is the version where the problem started. I never had any issues until 10.11.4. This may be related to System Integrity Protection being implemented on all Macs by Apple. It blocks access to certain directories like...

/System
/sbin
/usr  (with the exception of /usr/local subdirectory)

The Apple Support Technician did not say specifically what the cause was for the configuration profile import issue I discussed, but that he did confirm that it was an operating system version issue and that the software engineers where working on a fix (whether in 10.11.5 or just a patch) and that it had the highest priority possible. They wouldn't waste their valuable time on that unless it was a widespread problem.

Offline

#14 2016-05-18 18:51:56

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

Well then we're not having the same problem.  The image I'm installing is 10.10.5

Offline

#15 2016-05-19 16:53:33

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

In the end I created a shell script and added it as a task in my DS workflow to bind to ad using the dsconfigad command.  Doing it this way works, so i'm not sure why it doesn't work when DS tries to do it with the built in workflow task seeing as how they're using the same command that I am.  Ultimately, it would seem that the problem lies with Deploy Studio since the only difference between what I'm doing now and what worked before is the version of DS I'm running.

Last edited by jgeorge04 (2016-05-19 16:55:52)

Offline

#16 2016-05-19 18:39:43

Meat
Member
From: SF CA US
Registered: 2009-02-04

Re: AD Bind Failing

Is DeployStudio's (recent versions?) binding task actually creating and applying a profile, rather than just issuing the appropriate commands?

Offline

#17 2016-05-19 18:56:27

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

That's what I thought at first but then I assumed not because of how different my error was from others with the profile issue.  He error actually references the dsconfigad command.

Offline

#18 2016-05-19 19:26:59

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

For now, this is a script that is working for me, in case anyone else is having issues.  It is a combination of different scrips that I found online that I put together.  The reason for the custom variable is because when using $HOSTNAME to bind, it would join as NAME.LOCAL instead of just NAME. 
---------------------


#!/bin/bash

HOST="server.domain.local"

DOMAIN="domain.local"

ADUSERNAME="adminaccount"

ADPASS="secretpassword"

MYVAR="$HOSTNAME"

COMPID=${MYVAR%.*}

# Add computer to Active Directory

echo "Adding computer to Active Directory"

dsconfigad -force -preferred $HOST -a $COMPID -domain $DOMAIN -u $ADUSERNAME -p $ADPASS -ou "CN=Computers,DC=hpsd,DC=local" -mobile enable -mobileconfirm disable -localhome enable -useuncpath enable -groups "Domain Admins,Enterprise Admins" -alldomains enable

--------------

This will join the domain with the correct hostname assuming you used the hostname form in the workflow previously.  Will place the computer account in the default computers OU.  Will create a mobile account and won't ask the user to confirm.  Will add domain admins and enterprise admin accounts as local administrators.  Simply paste the text between the lines as a script in DS and add it as a general task.  Check the box so that it postpones the task until first boot.

Last edited by jgeorge04 (2016-05-20 15:01:47)

Offline

#19 2016-06-28 22:36:06

admin
Administrator
Registered: 2007-03-29
Website

Re: AD Bind Failing

The configuration profile way is now optional with DSS 1.7.4.

Offline

#20 2016-06-28 23:32:23

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

Awesome, will install today and give it a shot.

By the way, the download link on the 1.7.4 page is still pointing to 1.7.3

Here is the link to the 1.7.4 for anyone looking

http://www.deploystudio.com/get.php?fp=DeployStudioServer_v1.7.4.dmg

Last edited by jgeorge04 (2016-06-28 23:33:49)

Offline

#21 2016-06-29 05:41:21

admin
Administrator
Registered: 2007-03-29
Website

Re: AD Bind Failing

Thanks, the download link is fixed.

Offline

#22 2016-06-29 13:37:43

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

No problem.  Also, tested 1.7.4 with my workflow and replaced my script with the built in binding task and it works as it did before without any issues.  Thanks!

Offline

#23 2016-06-29 16:59:46

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

I spoke too soon.  AD Binding works but it seems that 1.7.4 has broken any parts of the workflow that are "postponed", as in ran after first boot.  I have a Generic script that touches a directory on first boot (specifically for Munki) that causes the machine to install all the pending software at login screen.  That isn't working anymore.  None of my machines are enrolling in my Profile Manager server any more as well, which was previously working.  The enrollment part is the last action in my workflow.

Offline

#24 2016-06-29 18:51:40

spikehed
Member
Registered: 2009-08-07

Re: AD Bind Failing

I am having issues as well with 1.7.4. It seems that some of the script line endings are outputting funny characters. The first package will install fine, but fails on line 81 on every install script (see below)

ds_finalize.sh - v1.36 (Wed Jun 29 10:25:03 PDT 2016)
ds_finalize.sh - disabling Spotlight indexing...
ds_finalize.sh - running /etc/deploystudio/bin/ds_disable_gatekeeper.sh
ds_finalize.sh - running /etc/deploystudio/bin/ds_install_packages_0002.sh
ds_install_packages_0002.sh - v1.17 (Wed Jun 29 10:25:03 PDT 2016)
installer: Package name is create_dcadmin
installer: Installing at base path /
installer:PHASE:Preparing for installation…
installer:PHASE:Preparing the disk…
installer:PHASE:Preparing create_dcadmin…
installer:PHASE:Waiting for other installations to complete…
installer:PHASE:Configuring the installation…
installer:STATUS:
installer:%93.840826
installer:PHASE:Cleaning up…
installer:PHASE:Validating packages…
installer:%97.750000
installer:STATUS:
installer:PHASE:Finishing the Installation…
installer:STATUS:
installer:%100.000000
installer:PHASE:The software was successfully installed.
installer: The install was successful.
Install successful, removing script and related packages...
/etc/deploystudio/bin/ds_install_packages_0002.sh: line 81: Úÿ
þ­Ì_: command not found
ds_finalize.sh - script execution failed, system will automatically reboot.
ds_finalize.sh - end

Offline

#25 2016-06-29 22:07:27

jgeorge04
Member
Registered: 2015-05-28

Re: AD Bind Failing

I was able to install 1.7.3 on top and it successfully downgraded.  After trying the same workflow again (with AD bind script) I can confirm that everything works again as it did before.  I won't be going back to 1.7.4 or any future releases until this is fixed as it completely breaks everything in the workflow post image.

Last edited by jgeorge04 (2016-06-29 22:08:03)

Offline

Board footer

Powered by FluxBB