Lion Server for Dummies by John Rizzo
Parallels Desktop
Parallels Desktop 7 for Mac Run Windows applications without switching between Windows and Mac OS X! Best integration of Mac and Windows. Windows apps now work with Lion feaures, including Mission Control, Launch Pad, Resume, and all trackpad gestures. Supports Windows 7 Aero, with peformance even faster than before. Now runs OS X Server in a virtual machine!

"Parallels Desktop 7 beat VMware Fusion 4.0.2 in 74.9% of the general tests we ran, and Parallels was double the speed or more in almost a quarter of the top-level tests."
--MacTech Magazine

 

TIP: Fix for slow Lion access to SMB home directory in .local domain

Monday, October 31, 2011

Bobby Stewart forwarded a fix from Centrify regarding Lion in Active Directory networks. Specifically, it addresses a problem with Mac OS X 10.7 Lion connecting to server-based, SMB home directories, where it takes the Lion Mac a long time to log in. Not too long ago we reported an Apple fix for slow Active Directory access in .local domains, which provides for a similar solution. (See "TIP: DNS workaround for slow AD binding with Lion and 10.6.8.") The Centrify article describes the cause at this:

The problem exists on Mac OS 10.7, because 10.7 always uses Bonjour first to resolve any .local hostname. If Bonjour fails (timeout), it will then use standard DNS, thus causing the delay.

For Mac, the .local domain is reserved for Bonjour, and the Mac will only lookup these hostname using Bonjour (multicast). On Mac OS 10.7, a hostname that contains only one level under .local (i.e. xxx.local) is resolved using multicast, other hostnames are resolved using both multicast and unicast (multicast first). It will try several times with a timeout (default 5 seconds for each try). If the host cannot be resolved, then it will try unicast. This is the reason for the mount delay.

The solution provided is for the Centrify DirectControl product for Active Directory integration, but Bobby Stewart believes it applies to other situations as well:

We've been battling connectivity issues for our Macs in our Active Directory domain. We ran across it today trying to join some new OS X Lion systems to our .local domain.

This response was written specifically for the Centrify product but I think you'll see that the same should apply to OS X systems that do not use the Centrify product as well. Also, we found that, while AD worked on both Lion and Snow Leopard, Lion was faster. Here's the Centrify article from Lance McAndrew of Centrify:

After installing the Centrify DirectControl 4.4.3 agent on Mac OS 10.7, the following issues are observed:

  1. If the home directory is located on a SMB share, it will take a long time time to login.
  2. If a Centrify user logs in and tries to mount a SMB share folder in Finder, it will take a long time to login.
  3. Centrify may be in disconnected mode (adinfo -V on a terminal).

Cause:

The problem exists on Mac OS 10.7, because 10.7 always uses Bonjour first to resolve any .local hostname. If Bonjour fails (timeout), it will then use standard DNS, thus causing the delay.

For Mac, the .local domain is reserved for Bonjour, and the Mac will only lookup these hostname using Bonjour (multicast). On Mac OS 10.7, a hostname that contains only one level under .local (i.e. xxx.local) is resolved using multicast, other hostnames are resolved using both multicast and unicast (multicast first). It will try several times with a timeout (default 5 seconds for each try). If the host cannot be resolved, then it will try unicast. This is the reason for the mount delay.

Under these conditions, it may not be possible to ping domain.local, therefore adclient will stay in disconnected mode for up to 60 seconds after start.

Workaround:

NOTE: The following steps require root or sudo privileges. Customers are advised to take a backup of the original files in an alternate location to avoid any mistakes when editing these files.

Step 1:

The below step forces Mac 10.6/10.7 to do both multicast and unicast query to xxx.local. On the DNS server (AD or Unix), create a primary zone "local". You do not need to modify it. Just SOA (Start of Authority) needs to exist in this zone. After configuration, restart mDNSResponder on the Mac by running # sudo killall mDNSResponder. Then you should be able to ping domain.local.

Step 2:

Mac 10.7 always does both IPv4 and IPv6 query. Disabling IPv6 won't stop the Mac from doing IPv6 query, but it improves performance. Unfortunately you cannot disable IPv6 from System Preferences and so you need to manually edit the /Library/Preferences/SystemConfiguration/preferences.plist on the Mac.

Find the network adapter (Ethernet or Airport) under NetworkServices key, then edit the IPv6 setting and change the config method to "__INACTIVE__":

<plist version="1.0">
<dict>
<key>CurrentSet</key>
<string>/Sets/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>

... ...

<key>NetworkServices</key>
<dict>
<key>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</key>
<dict>

... ...

<key>IPv6</key>
<dict>
<key>ConfigMethod</key>
<string>__INACTIVE__</string>
</dict>

... ...

Step 3:

There's no way to change the DNS lookup order, so what we can do is to reduce the multicast DNS timeout by editing mdns_timeout in "/System/Library/SystemConfiguration/IPMonitor.bundle/Contents/Info.plist". The default setting is 5. Set mdns_timeout to 0 by editing the /System/Library/SystemConfiguration/IPMonitor.bundle/Contents/Info.plist and changing the value to 0 as shown below:

<key>mdns_timeout</key>
<integer>0</integer>

Step 4:

If you set mdns_timeout to 0, then you won't be able to ping any ".local" host/domain, but other apps such as Finder and Apple's AD plugin work well (it can resolve a .local hostname). You can login as a network home user really fast.

If you try to mount a SMB share in Finder, although it first prompts that there's a problem connecting to the server, eventually it will connect if you wait for several seconds and retry. This prompt can be solved by adding the machine that hosts the DNS server and Windows share into /etc/hosts file on the Mac:

192.168.x.x server.domain.local
192.168.x.x anotherserver.domain.local

where 192.168.x.x is the IP address of the DNS server in your organization.

NOTE: As you cannot ping domain.local, adclient will stay in disconnected mode for up to 60 seconds after start (which means you need to wait for more than 1 minute after reboot). Adding domain.local into /etc/hosts solves the disconnect issue.

Step 5:

You need to REBOOT the Mac after performing steps 1) through 4).

Step 6:

Login to Mac and you should not see any delay during login. Also you should not see any delay when mounting a SMB folder in Finder.

Resolution:

None. This is an Apple Bug. Centrify opened a Bug 9887516 as well and we provided the above steps as a workaround after testing in the lab. For more information on Bonjour and how it works, please refer to the link from Apple: http://www.apple.com/support/bonjour/

If this helps you .

For more on this top and others, see Lion and Active Directory Tips and Reports.

TIP: DNS issue slows Lion access to .local domain

Monday, April 2, 2012

Lee Lepkowski commented on the tip "Fix for slow Lion access to SMB home directory in .local domain," and described how he solved the problem:

Hello and thank you for the article! I was pulling my hair out trying to resolve the slow server connection in Finder after upgrading my MacBook to Lion. Your description of why the problem occurs helped me figure out my issue.

In my case my Mac Mini OS X server's DNS service had an old IP address (I think due to the fact that my Mac server was set up for DHCP and had been assigned a new IP address, probably a long time ago). When I tried to fix it by changing the DNS service's settings for IP address the reverse lookup zones were looking scrambled so I reverted without saving server DNS settings. I resolved my issue by changing the server Ethernet adapter's IP address back to the old IP address (as it appears in the DNS service) and configuring my router's DHCP so that the address would not get assigned elsewhere. It would be great if you could add this info to your fix as a potential culprit.

If you've seen this We have several different DNS-related solutions for this problem. Click this link this article at Lion File Sharing Tips and Reports and scroll down for half a dozen or so other fixes.

Current news on the MacWindows home page

CrossOver 10 runs Windows apps on a Mac--without Windows
Runs more Windows apps and installs them with 1 click. Office, Outlook support, Quicken, ActiveX in Internet Explorer and more, launched directly from the Finder -- just as if they were Mac apps.
CrossOver Games runs Left4Dead, Warcraft, Steam, Spore, and others on your Mac.

Starts at only $40 (and no need to buy Windows!) Free trial from CodeWeavers.
Click here for more.


Other MacWindows Departments

| Product Solutions | Reports and Tips | News Archives | Site Map |
|
MacWindows Home |

| Top of Page |

This site created and maintained by
Copyright 2011 John Rizzo. All rights reserved.