Q: Portable Home Directory no longer works on Lion bound to Active DirectoryAD

Hi, All,

I look after about 30 MacBook Air/Pro connected to a predominantly Windows corporate network.

A few months back, I installed a MacOS Server running OpenDirectory and Software Update Services for managing the MacBooks - they are configured in the standard "magic triangle" configuration, bound both to the Active Directory (running on a handfull of Windows 2003-R2 servers) and OpenDirectory; they are configured to use the Mac Server for Software Updates, and with Portable Home Directories replicated on a network share point (through AFP) to keep a backup of the user's data.

When all the MacBooks were running Snow Leopard, everything was running fine... but the last couple of laptops purchased came with Lion and they cannot synchronise their PHD's anymore :-(

I have spent a lot of time trying to pin-point the problem, including replicating a whole test-network with its own AD/OD and client Snow-Leopard/Lion laptops to try various configurations... my conclusions so far are that:

1- using Snow Leopard clients, it just works

2- using a Lion client, when the network user account is configured in the default Users O.U. on Active Directory, it just works

3- using a Lion client, when the network user account is configured in another O.U. than Users (e.g. Company-Name or External-Contractors), then the PHD syncinc doesn't work at all

4- the failure symptoms are a popup window when trying to do a manual sync saying that "your network home at (null) does not allow writing" - if automatic syncing is configured through MCX, it just fails silently

5- when PHD syncing fails, I can log on using the network account, manually mount the share point used for the network home in the Finder and read and write to it without a problem; so it' not a permission problem, but the fact that the network home directory is (null)

6- I have traced the root cause to the FileSyncAgent process which raises an exception at startup - here's what I see as the salient lines from the logfile (i've edited out the username):

0:: [12/02/07 12:45:00.512] ******************************************************************************

0:: [12/02/07 12:45:00.512] FileSyncAgent-502.2 (r?, BUILT:?, PID:385, OS:11D50b, ARCH:x86_64-64) starting

0:: [12/02/07 12:45:00.512] LA: FileSyncAgent -launchedByLaunchd -iDiskPlist

0:: [12/02/07 12:45:00.512] ******************************************************************************

0:: [12/02/07 12:45:00.512] Engineering log verbosity level = 1

1:: [12/02/07 12:45:00.512] Registered isRunning port with name 'com.apple.FileSyncAgent.iDisk.isRunning'

1:: [12/02/07 12:45:00.846] Temporary disk storage at "/Users/[USERNAME]/Library/Caches/Cleanup At Startup/FileSyncAgent-1727909307".

1:: [12/02/07 12:45:00.846] UserAgentString = "DotMacKit-like, File-Sync-Direct/502.2.? (11D50b x86_64-64)"

1:: [12/02/07 12:45:03.249] +[SSyncSet_PHD createPHDSyncSetForLocalPath:remoteHomeSpec:mountSuffixPath:name:]: Creating Sync Set with name "HomeSync_Mirror".

1:: [12/02/07 12:45:03.249] -[SSyncSet_PHD _setupNewPHDSyncSetWithLocalPath:homeSpec:mountSuffixPath:]: We've been given local home path '/Users/[USERNAME]'.

1:: [12/02/07 12:45:03.249] -[SSyncSet_PHD _setupNewPHDSyncSetWithLocalPath:homeSpec:mountSuffixPath:]: local home at "/Users/[USERNAME]"

<PHD> 1:: [12/02/07 12:45:06.458] Added new sync set "HomeSync_Mirror".

<PHD> 1:: [12/02/07 12:45:06.465] _incomingIPC: SFCreatePHDSyncSetMsgId (17) took 3.217627 seconds.

<PHD> 1:: [12/02/07 12:45:06.526] Scheduling next sync of "HomeSync_Mirror" at 2012-02-07 12:45:16 +0000

<PHD> 1:: [12/02/07 12:45:18.122] ==========================================================

<PHD> 0:: [12/02/07 12:45:18.123] Starting automatic sync of "HomeSync_Mirror".

<PHD> 1:: [12/02/07 12:45:18.126] Peer "local" reports changes since last sync.

<PHD> 0:: [12/02/07 12:45:18.128] EXCEPTION: NilPtr <-[SPeer_FS_PHD mountPeerVolume] (Peer-FS-PHD.m:142): "'((homePath))' is nil">

<PHD> 0:: [12/02/07 12:45:18.128] BACKTRACE: {

<PHD> 0:: [12/02/07 12:45:18.128] ? | 0x105003493  

<PHD> 0:: [12/02/07 12:45:18.128] ? | 0x104f70866  

<PHD> 0:: [12/02/07 12:45:18.128] ? | 0x104f6fabd  

<PHD> 0:: [12/02/07 12:45:18.128] ? | 0x104f6ecb4  

<PHD> 0:: [12/02/07 12:45:18.128] ? | 0x7fff924bb74e

<PHD> 0:: [12/02/07 12:45:18.128] ? | 0x7fff924bb6c6

<PHD> 0:: [12/02/07 12:45:18.128] ? | 0x7fff901998bf

<PHD> 0:: [12/02/07 12:45:18.128] ? | 0x7fff9019cb75

<PHD> 0:: [12/02/07 12:45:18.128] }

7- if I use the same user account from a Snow-Leopard client, the mountPeerVolume finds the remote home_dir, mounts it and happilly trawls through the two directories to figure out what needs to be copied; I get something along the lines of:

0:: [12/02/08 18:44:15.344] Starting manual sync of "HomeSync_Mirror".
1:: [12/02/08 18:44:15.363] -[SPeer_FS_PHD mountPeerVolume]: We've been given remote home path "/Volumes/[USERNAME]".
1:: [12/02/08 18:44:15.363] -[SPeer_FS_PHD mountPeerVolume]: Remote home path exists.
1:: [12/02/08 18:44:15.363] -[SPeer_FS_PHD mountPeerVolume]: Final path to PHD remote home root = "/Volumes[USERNAME]"

8- if I use a Lion client and a user account configured in the Users O.U. on Active Directory, it works similarly well

9- in the failing use-case, if I run a "dscl xxx -read /Users/xxx" to verify that the DirectoryServices deamon returns some information, all looks good: I get all my A.D. user details, including email config and network home_directory, the MCX payload, etc

10- the only difference that I can see when running dscl between the "working use-case" and the "failing use-case" is that the Attribute for the network home directory is called HomeDirectory (working) or OriginalHomeDirectory (failing) - but the actual value is present and correct in both cases

11- I have enabled SMB as well as AFP file sharing to ensure that it's not a protocol problem rather than the share point itself that causes problem - no difference

12- I have upgraded the MacOS Server to 10.7.3 (from 10.7.2) - no difference

13- I have upgraded the Lion client from 10.7.2 to 10.7.3 - no difference

14- I have tried to manually configure the Directory Search path on the Lion client to map HomeDirectory to OriginalHomeDirectory - either the mapping didn't work or it's not the real cause of the problem, as again: no difference.

15- I have contacted AppleCare, raised a case with all the details above, been escalated from level 1 to 2 and 3 - and basically have been told that customers have reported very similar problems & that no more detail is available to me as it is a Directory Services related problem - if I want to take it further with Apple, I need Enterprise OS Support (and hence $1000s per year - and no real guarantee of result)

[thanks to anyone who's read until now]...

So my questions are (as I can't believe that I'm the only one using "proper O.U.'s" for managing users in Active Directory):

- has anyone experienced this before?

- does someone know of a workaround (other than "stick to SnowLeo" or "redesign your whole A.D."!)?

- can someone help me figure out where the FileSyncAgent process tries to get its remote home directory from - as this might point to a solution?

Many thanks