Workgroup Manager problem: -14006 in PMMUGMainView.mm

I am getting the samething since i added a new file server with a clean install and all the latest server updates...... this started this week on Saturday and happened again on Tuesday night with a clean install. I find if i switch a user password to crypt it goes away.

I get this and similar errors when using Workgroup Manager more often than using Server Admin. I'm connecting to the server with a 10.4.2 powerbook and Worgroup Manager. The error seems to come up when I leave WGM open for a period of time idle. If I quit WGM then open it again things are fine. I've never had to reboot the server.

If you loose connection to the network for any reason, switching from wireless to wired network, or even having your laptop go to sleep will break the connection to the database and you will need to reconnect.

I have been having the same issue since we joined a new computer as a file share server. This all started shortly after the last security update.
Our apple consultant and i are going to restore our servers fresh and see if this reoccurs with out applying the security update.
Also a lot of this problem seems to stem from replication. Since i have turned off my replica the diradmin and admin have been able to login no problem. Also i have some new accounts that can login and create home directories and some that cannot. If i change the ones that cannot login into a crypt account they can now login and their home directory gets created. This is just a fix this is not a solution so far.
The other thing we noticed is that when you bind a fresh install server to your 10.4 from 10.3.9 ODM your bind records look different. Also your mount records show us being gone in the GUI of work group manager but when you check the inspector they are still there.
Either Apple forgot a serious read me file on some of this or they have dropped the ball completely.

We are in this weekend reinstalling all the servers and running them with no replication and without the last security update. I have noticed the overflow files stopped building once replication was turned off so it maybe that. Back to manual backups till a fix comes out.....maybe 10.5?

OK just got a call the same thing is happening at another independent school nearby and i have a email from someone with in my meetup.com group that is going through a problem with a error message when trying to save changes in WGM on a 10.4.2 Server.

Make sure that you upgrade to 10.4.2. I used to have this problem, but cant' remember how it was fixed (was a few months ago. Too far for me to remember). For one, make sure you're running 10.4.2. There's a bug with replication in previous versions of 10.4. You could also try backing up your LDAP database (if you have a replica) from one of them, and then blowing away your master, recreate it, and restore it using your replica's backup. Apple Tech Support had be do this for a similar problem, and it seemed to fix it. Also, try not to do too many things at one time. Workgroup Manager is awesome, but i've found it to be rather fragile.

We have now done a complete reinstall of all our systems and have done complete installs of all our afp servers as well and kerberised them properly as the upgrade from 10.3.9 to 10.4 and beyond did not work properly.
Replication is not on and so far everything is fine. I have kept an eye also on my ServerAuthoverflow files and i have none as of yet. One of the other reasons i have not turned on replication is the fact our ssh resolves very slowly since we put Cisco switches in with spanning tree and port fast on, also port security is turned on.
I will be keeping and eye on this too.
One other problem i am now getting is that users get dropped off the network while they are working and they go to save and their document folder in their home directory is no longer available. They then have to map it back from the finder Network/Server/"servername/Volumes/RAID/Users/~ and then drag that into the finder and repopulates the folders in the finder.
The user will have full access to their home directory when they first login and after 10 to 15 minutes it becomes not available. I have run a tail on the system log on a computer i was sshed into and it does not show the user being disconnected, i have also checked the server logs and their is nothing about the user being disconnected. This can happen to a entire class or only one or two of the users in a class. The only thing to have changed from last year are the switches and one afp server being added. The other thin is our Filemaker server drops off the network for no reason for about 5 seconds to 20 seconds.

You may find these suggestions useful:

1. Whenever you get the -14006 error, immediately save your changes (if possible) in Workgroup Manager and quit it. Establish another connection to the server via Workgroup Manager and try again. This prevents the possibility of damaging directory data.

2. Using outdated versions of Workgroup Manager will often return a similar error. Be sure that you're using the Mac OS X Server 10.4 Admin Tools to manage 10.4 servers. These tools will manage earlier 10.3 servers, but not the other way around.

3. If your server takes a long time to boot, I recommend verifying the permissions of its startup volume: diskutil repairPermissions /, followed by another reboot.

4. Mac OS X Server 10.4 sets its hostname in /etc/hostconfig to -AUTOMATIC-, which will dynamically change the host name to one of the following, in this order: the server's partial DNS name (from reverse IPv4 to DNS lookup), the name returned as a DHCP client ID based on an IPv4 address assigned by DHCP, the server's local Bonjour (mDNS) hostname, then the name "localhost".

Your Open Directory database stores information based on the server's host name. Is it possible that the host name has recently changed or that its IP address has? (If so, use the changeip command to adjust references in the LDAP database.)

5. Using slapconfig via ssh or the Open Directory section of Server Admin, try demoting the server to Standalone Server then re-promoting it to Open Directory Master. Perhaps your LDAP database is damaged; if so, use Server Admin to restore a backup copy if possible.

--Gerrit

I tried the reconnect but still got the - 14006 and 14090 errors for any changes to stick i had to change the users password to crypt and leave it. This would definitely point to a corrupt LDAP DB.
I archive my DB every week and export all my users daily as well we were replicating.
I demoted all my Server to standalone and tried restoring from 3 different archives and i was getting the same error after the import.
I also cleared out the AuthServerOverflow files and reimported and still had the same problem after several minutes.
I am using the latest tools from our 10.4 server sets we have.
Kerberos never worked properly on the update from 10.3.9 to 10..4.2 and also many users had the last name 99. This was a bug from the update and is apparently common according to Apple.
So far since doing the fresh install we have been fine and removed any of the issues that may have occurred do to the update rather then clean install from 10.3 tp 10.4.
Replication is has not been turned on as of yet and will more then likely be tested this weekend.