Parallels Desktop 5.0 for Mac Run all the applications you need without switching between Windows and Mac OS X! Better integration of Mac and Windows. Supports Windows 7 Aero, with graphics peformance up to 7 times greater than before. Supports Apple trackpad gestures, new Crystal mode, speech recognition, good notebook battery life, and more.

"Parallels is the clear winner running each group of tests...Parallels Desktop 5 runs 30% faster with Windows XP, and 43% faster with Windows 7, than VMware Fusion 3.0.1."
--MacTech Magazine

Updated May 26, 2011

Deals from Amazon

Windows XP or Windows Vista for your Mac, for running with Boot Camp Parallels or VMware

MacDrive 8
Access your Mac OS X partition from
Boot Camp

Hot Topics

Slow Leopard and Active Directory

Snow Leopard Tips and Reports

iPhone and Exchange Server Tips and Reports

Windows Servers and Macs Tips and Reports

Windows on Mac

- Virtual PC 7.x
(PowerPC Macs

GoToMeeting - Online Meetings Made Easy

TIP: Fixing Snow Leopard AD clients that can't log in after sleep

Monday, June 7, 2010

Two readers responded to Bob Nine's report of Snow Leopard Macs not being able to log in to Active Directory after going into sleep mode. Both offered advice for how to deal with the issue. The first report was from Bob, updating his previous report with some advice he received from Apple:

We had a breakthrough after I sent the previous email: I called Apple Support. It was a good experience. I signed up on the website and the phone system called me. Talked to the first guy for a few minutes, then he sent me to his manager. His manager did not know, but researched it on their knowledge system. We fixed this very easily. Here is the process:


  1. System Preferences
  2. Accounts
  3. Unlock for Changes
  4. Login Options
  5. Network Account Server: Edit (already joined to AD Domain)
  6. Open Directory Utility
  7. Unlock for Changes
  8. Select Active Directory
  9. Click the Pencil to edit
  10. Show Advanced Options
  11. Put a Check in the box for "Create mobile account at login"

Hit OK all the way out, and then login again. It will ask you if you want to create a local copy. Say yes, and you are done. Now I can login OFFLINE. WOO HOO!

If you've tried this

Aaron Hall suggested a different approach, and may have some different circumstances:

We've encountered the situation Bob Nine reports. We found the problem was a combination of things. For us, the problem only occurs when the laptop has network access, can resolve the AD domain controllers in DNS, but can't actually talk to them. In those circumstances, the laptop seems to be ignoring the cached account because it *thinks* it should be talking directly to the DCs, but it can't, and authentication fails. When the laptop has no network access at all (e.g. wireless turned off, or someplace without any wifi), it uses the cached account and works fine.

The laptop thinks it can talk to the domain controllers because it can resolve them in DNS. In our case, we were accidentally allowing out public DNS servers to resolve our internal AD to a private IP address (10.x.x.x range for us, see RFC 1918 for more). This is a misconfiguration. So although the Mac thought it knew the DC's IP address even when it was off the network, it could never talk to the DC and got confused.

Bob's circumstances may be different, but I'd encourage checking how his AD is exposed to the outside world in DNS. The Mac seems to prefer either full connectivity to the AD, or being unable to resolve it at all. Also, variations on this have been addressed on the MacEnterprise listserv several times; he might check the archives or ask there.

If you've seen this

Back to Snow Leoapard Active Directory Tips and Reports.

Another suggestion for AD clients that can't log in after sleep

Thursday, May 26, 2011

Jimmy de la Rosa has seen the problem of Macs not being able to log in to Active Directory after going into sleep mode. We've previously reported suggestions to fix this, but de la Rosa offered another approach:

I just came across this post from a year ago. Yes, I've seen this issue and it appears to be related to duplicate entries in the AD domains listed under Search Policy for both Authentication and Contacts. Once the duplicates were removed, the systems were able to authenticate without issue.

If you've seen this issue or tried the suggestions .

Current news on the MacWindows home page

CrossOver 9 runs Windows apps on a Mac--without Windows
Improved Outlook support, Quicken 2009, more Windows apps. Give your Mac ActiveX in Internet Explorer, launched directly from the Finder.
CrossOver Games runs Left4Dead, Warcraft, Steam, Spore, and others on your Mac.

Starts at only $40 (and no need to buy Windows!) Free trial from CodeWeavers.
Click here for more.

Other MacWindows Departments

| Product Solutions | Reports and Tips | News Archives | Site Map |
MacWindows Home |

| Top of Page |

This site created and maintained by
Copyright 2010-2011 John Rizzo. All rights reserved.