System Image Utility 2 - Directory Binding Fails

I am doing a NetRestore.

Yes, the target client connects to both servers fine if I ask it to do so manually from the accounts preferences panel.

Related question - if automatic binding fails on first boot does it ever retry? Sometimes our Windows AD servers are flaky.

Brian - thanks very much for explaining how to make the Helper program retry. I have found it is also necessary to restore /etc/bindingNames.plist in order to make it go. The helper seems to delete that file after each run (even in cases where the bind fails) as well as unloading itself.

My ongoing problem with binding is intertwined with various naming issues. In my tests - Network Names longer than 14 characters (e.g. piperpspace-000000000000) do get bound successfully to AD but only if I manually enter them into my Windows 2003 server ahead of time. Shorter names (e.g. p-000000000000) are bound reliably both on the first install and subsequent installs using that name. I can live with shorter names. Its not a practical problem.

However, I would note in passing that the names above result from my trying to use "Generate unique names starting with" feature. In my testing the generated names assigned are not unique. The trailing zeroes are not replaced with the target client's Mac address as expected unless I manually force the Helper to rerun.

I still have two outstanding issues:

1) I cannot get the "Apply Computer Name and Local Hostname settings from a file"
feature to work. I made a txt file with a single line containing a MAC address plus three copies of the desired name as described and added that to my workflow. SIU 2 runs without complaint but it seems to ignore my naming file. There is no /etc/sharingNames.plist in the image, NetBootHelper does not get -setSharingNames as a parameter and the target Mac does not get a name. It therefore does not get bound.

2) Binding to my Mac Directory Server fails intermittently (in about 20% of my tests) even when the Windows AD bind works OK. I'm guessing that may be happening because I am referencing the Mac server via its Bonjour name instead of making an entry for it in my DNS?

Any insight, especially re: the naming issue, would be most helpful.

Silly me - I left the colons out of my MAC address.

SIU 2 has now built an image with SharingNames.plist in it reflecting the contents of my Naming file.

I will post results here from further testing.

No joy.

File based names are not assigned to the target MAC and the initial bind still fails.

If I manually force a rerun of NetBootClientHelper it works OK.

This dog won't hunt.

Brian - thanks very much for providing the example file. I have fixed that.

However, on first boot the target Mac Client still does not get a name and the binding fails.

I know that my parameters to NetBootClientHelper are now correct because if I Login and manually force the program to rerun the target Mac then gets the expected name(s) and gets bound correctly to both directories. It would appear that the program does work as intended but is somehow thwarted during first boot under my test conditions.

Are there any diagnostics I can provide to help clarify this behavior? Thanks for your help!

Thanks for the suggestion. I will try to produce that log and post results tomorrow.

It looks like a race condition to me also. But in my tests neither the naming feature nor the binding feature work properly. Assuming both problems have the same cause I would guess the race is within the Mac OS during first boot.

My test network set up is: Linksys Router (DHCP), Windows 2003 Server (Active Directory and DNS), Apple OS X Server 10.5.8 (Open Directory).

If anyone reading this is having better luck with post install naming and/or binding I would be very grateful if you could post details of your network.

Brian - thanks again for all your help.

Getting DirectoryService to make a debug log during first boot is tricky. The man page says you do that by restarting the service with "sudo killall -USR1 DirectoryService".

But how to do that in time to log messages resulting from NetBootClientHelper which is started automatically via launchd?

I tried adding another launchd job to run killall but it had no effect and I have no idea why not.

Below is a portion of the system log I got.

At time 14:04:01 I the USR1 signal from killall seems to just be causing DirectoryService to end abnormally.

At 14:04:14 the HostName is changed by yet another launchd job I added that invokes the scutil program to set HostName. This seems to work OK but does not help with the binding.

At 14:04:17 the error messages from NetBootClientHelper appear. Apparently from its failed attempt to bind. Again if I login immediately afterward and rerun this program it works fine. Just not here.

Any ideas?

------------
Dec 14 14:03:43 localhost com.apple.launchd[1]: * launchd[1] has started up. *
Dec 14 14:03:57 localhost bootlog[43]: BOOT_TIME: 1260828221 0
Dec 14 14:03:58 localhost fseventsd[34]: could not open <</.fseventsd/fseventsd-uuid>> (No such file or directory)
Dec 14 14:03:59 localhost fseventsd[34]: log dir: /.fseventsd getting new uuid: 1C2374D5-6AC7-4AC9-9483-2D2A289E49DA
Dec 14 14:04:01 localhost com.apple.launchd[1] (com.apple.DirectoryServices[38]): Exited abnormally: User defined signal 1
Dec 14 14:04:01 localhost com.apple.launchd[1] (com.apple.DirectoryServices): Throttling respawn: Will start in 6 seconds
Dec 14 14:04:03 localhost blued[53]: Apple Bluetooth daemon started
Dec 14 14:04:07 localhost DirectoryService[54]: Improper shutdown detected
Dec 14 14:04:11 localhost com.apple.kextd[10]: Cache file /System/Library/Caches/com.apple.kext.caches/Directories//System/Library/Extens ions/IOKitPersonalities_i386.ioplist.gz is out of date; not using.
Dec 14 14:04:11 localhost blued[53]: [setSystemPreference] syncs returns false
Dec 14 14:04:12: --- last message repeated 2 times ---
Dec 14 14:04:12 localhost com.apple.launchd[1] (com.apple.smb.sharepoints[23]): Exited with exit code: 71
Dec 14 14:04:12 localhost mDNSResponder[29]: mDNSResponder mDNSResponder-214 (Oct 16 2009 06:09:30) starting
Dec 14 14:04:14 559-Lib-12345 configd[41]: setting hostname to "559-Lib-12345"
Dec 14 14:04:14 559-Lib-12345 configd[41]: network configuration changed.
Dec 14 14:04:15: --- last message repeated 1 time ---
Dec 14 14:04:15 559-Lib-12345 com.apple.usbmuxd[19]: usbmuxd-167.1 built for iTunesEightTwo on Jul 9 2009 at 14:02:00, running 32 bit
Dec 14 14:04:17 559-Lib-12345 /usr/sbin/NetBootClientHelper[27]: bindToServersFromList: Custom call 201 to LDAPv3 failed.
Dec 14 14:04:17 559-Lib-12345 /usr/sbin/NetBootClientHelper[27]: bindToServersFromList: Custom call 82 to Active Directory failed.
Dec 14 14:04:22 559-Lib-12345 blued[53]: [_setUserPreference] syncs returns false
Dec 14 14:04:48: --- last message repeated 1 time ---
Dec 14 14:04:48 559-Lib-12345 fseventsd[34]: check vol_last_modtime:XXX failed to get mount time (25; &mount_time == 0x10043f8b8)
Dec 14 14:04:48 559-Lib-12345 fseventsd[34]: log dir: /Volumes/WINDOWS XP/.fseventsd getting new uuid: 61CF2D3C-1B72-4D71-B30D-DBCE470BECD0
Dec 14 14:04:55 559-Lib-12345 /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow[30]: Login Window Application Started
Dec 14 14:04:55 559-Lib-12345 com.apple.kextd[10]: InternalModemSupport.kext does not declare a kernel dependency; using com.apple.kernel.6.0.
Dec 14 14:04:56: --- last message repeated 1 time ---
Dec 14 14:04:56 559-Lib-12345 com.apple.service_helper[112]: launchctl: Error unloading: com.apple.backupd-auto
Dec 14 14:04:56 559-Lib-12345 com.apple.service_helper[112]: launchctl: Error unloading: com.apple.backupd-wake
Dec 14 14:04:56 559-Lib-12345 com.apple.service_helper[112]: launchctl: Error unloading: com.apple.backupd-attach
Dec 14 14:04:57 559-Lib-12345 com.apple.fontd[100]: FODBCheck: foRec->annexNumber != kInvalidAnnexNumber (0)
Dec 14 14:04:58: --- last message repeated 1 time ---
Dec 14 14:04:58 559-Lib-12345 configd[41]: New network configuration saved
Dec 14 14:04:59 559-Lib-12345 configd[41]: bootp sessiontransmit: bpf_write(en1) failed: Network is down (50)
Dec 14 14:04:59 559-Lib-12345 configd[41]: DHCP en1: INIT transmit failed
Dec 14 14:05:00 559-Lib-12345 configd[41]: network configuration changed.
Dec 14 14:05:01 559-Lib-12345 mds[28]: (Normal) DiskStore: Creating index for /
Dec 14 14:05:03 559-Lib-12345 loginwindow[30]: Login Window Started Security Agent
Dec 14 14:05:03 559-Lib-12345 WindowServer[106]: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
Dec 14 14:05:03 559-Lib-12345 com.apple.WindowServer[106]: Mon Dec 14 14:05:03 559-Lib-12345 WindowServer[106] <Error>: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
Dec 14 14:05:05 559-Lib-12345 mDNSResponder[29]: User updated Computer Name from “MacBookPro-000000000000” to “MacBookPro-0026B0F1BB52”
Dec 14 14:05:08 559-Lib-12345 configd[41]: network configuration changed.
----------------

New Results: I removed "System Configuration Settings" from my NetRestore workflow and replaced it with a custom package that installs a version of the venerable Bombich script as a launchd item. So, instead of running Apple's NetBootClientHelper program I am now executing a shell script during first boot that does the same thing. It assigns a unique name to the target machine using scutil and then binds it to the Windows Directory with dsconfigad. My version of the Bombich script is named signmeup.

Initially, this approach did not work. Even though the script ran fine in user mode when I ran it as a startup daemon under launchd I got the following message in system.log:

Dec 16 10:29:53 559-Lib-12345 com.piperspace.signmeup[64]: SCPreferencesCommitChanges() failed: Write attempted on stale version of object

However, I then added a "sleep 30" statement at the start of the script and it began to work.

From a programmer's standpoint this is evidence that a race condition exists within OS X during system boot and that NetBootClientHelper is competing with other bits of OS X to set preferences such as HostName.

I can only speculate where the defect lies but users of Snow Leopard should be aware that the "System Configurations Settings" feature of SIU 2 will not be reliable until this problem is corrected.

Hi John,

Have you tried forcing the helper program to rerun?

Enter this from Terminal:
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.NetBootClientHelper.plist

If it works it will confirm your names are OK.