Currently Being ModeratedJul 26, 2011 6:48 AM (in response to Flashwalker)
I started out having a strange issue where the App Store in Snow Leopard Server said that I already had Lion installed. I then went to purchase and download Lion Server which told me I also needed Lion client? I purchased and it then begand downloading but gave me an error that the file (Lion Server) could not be downloaded. When I went to check on the purchased tab it showed that Lion client was downloading. It downloaded rebooted and attempted to upgrade services but then . . .
I had the same issue with Lion Server installion where I was told that some services had failed to be configured (yellow warning triangle). When I booted into Lion for the first time it had none of my wikis and none of my users!
After a nightmare upgrade from Leopard Server to Snow Leopard Server where my wikis were actually destroyed and I had to manually extract data and rebuild them I took better precautions this time. I had two exact clones of my Server HD on two different drives! I rebooted from one of my cloned drives and I am back in business on Snow Leopard Server.
I will not be upgrading to Lion Server until some resolution of these issues is achieved in later releases. I am afraid this is typical of Server upgrades with Apple for me. Perhaps there is some issue with my installation but all was (and is) working fine under Snow Leopard.
Currently Being ModeratedJul 26, 2011 8:30 AM (in response to jeke)
Since experiencing that OD problem, I restored my server to 10.6.8 from a Time Machine backup. Then, I shut down all client Macs, hooked up a screen, keyboard and mouse to my server and tried the upgrade again. This time OD upgraded without hickups and 10.7 is working just fine.
Apple is indeed on the case. Bryan contacted me as well asking for a log from the failed installation. I'm very impressed with Apple that they do read these forums and work on diagnosing these problems.
Currently Being ModeratedJul 27, 2011 8:40 PM (in response to jeke)
Just upgraded today, unfortunately time machine never worked on 10.6 server for me so I am stuck with the OD migration fault until the engineers at apple come up with a fix, hopefully soon. I guess my log is intact if anyone wants to contact me for the upgrade failure log for OD. Other than that the upgrade seems to have gone ok.
Currently Being ModeratedJul 29, 2011 9:30 PM (in response to Flashwalker)
I was taking the tack of installing a clean copy Lion Server on an external drive on my MacBook Pro, while leaving Snow Leopard Server on my Xserve alone. I was then going to copy the settings of all services on the Xserve over to the MacBook Pro. Then I was going to clone the external drive to the OS drive on the Xserve.
I just successfully migrated the DNS settings using the Server Admin 10.7 utility. I had it connect to both the Xserve and the MacBook Pro running Lion Server. I exported the Xserve DNS settings (Server->Export-Service Settings...) to a file on the local desktop and then imported the resulting PList file in the same manner.
This approach has never worked with an Open Directory database. Instead, when I have had to do this sort of thing before, I created an Open Directory Replica on the target server and then promoted it to an Open Directory Master. This preserved all user information in the Open Directory Database.
In the case of my attempted Snow Leopard Server to Lion Server this failed. The Open Directory Setup Assistant running on Lion Server rejects the credentials of the Directory Administrator on the Xserve running Snow Leopard Server.
I subsequently tried archiving the Open Directory database on the Xserve and restoring it from the resulting archive on the Lion Server. This procedure concludes without transferring any users into the Lion Server Open Directory database.
Currently Being ModeratedAug 14, 2011 3:39 PM (in response to the_case)
Same here. We have worked all weekend and still no luck. We found that we cannot Log into the "Worgroup Manager" It is refusing to accept our password. Checking it in the Keychain Access List - all is there and the password is correct. Deleted the Keychain and recreated another one - still no luck. Anybody has got any idea. Apple could not help so far...
Currently Being ModeratedAug 15, 2011 4:02 PM (in response to Flashwalker)
Is there any fix to this migration issue, I have tried both upgrades and fresh installs of Lion Sever. Everytime my OD is dead after completion and no users are imported.
Currently Being ModeratedAug 15, 2011 4:26 PM (in response to thepod7)
Fix migration? Not really. Maybe wait for v10.7.1?
I had to use the old Server Admin interface and restore the orignal OD stuff from a backup. Now, all the information is in there, and accessible from the old Workgroup Manager tool, but don't expect the users or groups show up in the new Server application on the server (except for a split second when you first open it).
Currently Being ModeratedAug 23, 2011 4:31 AM (in response to the_case)
I tried your workaround, all my info appears to be there in the open directory however it is not perfect. Shortnames do not work, I must use the full name for any connection. This is not a very viable solution for me, as I have several accounts that are used in cron jobs, and this would require me to edit all my scripts.
Currently Being ModeratedAug 23, 2011 12:19 PM (in response to thepod7)
Short names work for me for some reason - but I couldn't even start to explain why they do or do not (as in your case).
I was hoping the 10.7.1 update would solve some of these issues... alas, it did not.
Currently Being ModeratedAug 24, 2011 1:58 PM (in response to deanhuff)
Any solution yet? I have the same problems.
Currently Being ModeratedAug 27, 2011 1:46 PM (in response to applemjackson)
To those that have been contacted by apple about this Open Directory issue, did they offer any incite to a work around or eta for a fix?
Today, I decided to give a fresh install of 10.7.1 with migration and an upgrade from 10.6.8 to 10.7.1, however both failed in similar fashion. Even worse using the upgrade process this time completely killed my DNS and wouldn't even let me try and set up an Open Directory Master.
Currently Being ModeratedAug 28, 2011 4:54 PM (in response to Flashwalker)
Looks like 10.7.2 has work done in the following areas:
Directory integration and OpenLDAPConfig
Hopefully this will address the problem.
Currently Being ModeratedApr 30, 2012 4:14 PM (in response to deanhuff)
when I go in and setup the Directory Admininstrator to generate a password.. I get this.
"This computer's host name is invalid.
The host name does not resolve to any configured address of this computer. Please ensure the host name is correct."
Currently Being ModeratedMay 15, 2012 7:47 PM (in response to Kimbakat)
It's already May 2012...and the directory issue still is happening. I'm having Profile Management configuration issues. When I click Configure..it stalls while Reading the settings...wheel just spins while "Reading settings" It won't accept a self signed certificate AND when I try to create a replica directory...the spinning wheel spins and never finishes in the "verifying" state. Wheel just keeps splinning.
Currently Being ModeratedJul 3, 2012 4:56 AM (in response to Flashwalker)
Just wanted to chip in on this subject, thougt don't get your hopes up, cause I don't have a solution.
We're now on 10.7.4 and still the same issue! I've heard that this actually has worked for some . But I'm stuck too. some input:
When restoring an OD backup using the GUI, no errors are shown. you end up with a diradmin account you can't log in to even though you know the password is correct, since you have used it on your old server for years. exporting from old server and restoring to new server, this password is no more.... No OD users show up in Server.app or just momentarily then open ing the app. Same thing with groups.
In WGM, all users are visible and manageable too, provided you BEFORE exporting the OD db assigned another account FULL rights on the Directory. Then this user can be used to manage users and groups in WGM, because the password remain the same?!?!
Still no users in Server.app though . haven't tried Profile Manager or if accounts and groups show up there...
When restoring the OD db using slapconfig -restoredb <path-to-db> you see more what's happening. Every time the same event happens:
2012-07-03 11:44:18 +0000 Configuring Kerberos server, realm is DIRECTORY.DOMAIN.COM
2012-07-03 11:44:18 +0000 command: /usr/sbin/kdcsetup -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -w -a directory.pool.se$ -p **** -v 1 DIRECTORY.DOMAIN.COM
2012-07-03 11:44:19 +0000 Contacting the Directory Server
Authenticating to the Directory Server
Creating Kerberos directory
Creating KDC Config File
Creating Kerberos Database
Creating new random master key
createInitialPrincipal: Changing password failed: 10001CreateKDCDatabase: error creating initial princ for krbtgt: 10001
Could not create KDC Database: 78Failed to configure error = 78
_createKerberosMaster: kdcsetup failed with code 78
2012-07-03 11:44:19 +0000 Error creating KDC
I think this is the reason for it all, the botched credentials that seemingly cannot be changed anywhere, which Server.app uses to see the directory users and groups. Remember, when creating the OD master, you put in credentials for diradmin, and it get overwritten on restore, but with what a heck what, and how do we change it?
As I said before, I managed to administer directory users through WGM and another user with full privs on the directory, but still I cannot change the diradmin user's password giving an error about permissions. Deleting the account, recreating it wiht the same user id, 1000, and old password doesn't change a thing unfortunately.....I suspect the GUID of the account is different.
Anyhow, maybe this sum up of my findings might point some of you in the right direction to solve this issue for us?
Hope I made some sense in my ramblings since I'm not a native English speaker....
Looking forward to your take on this!