Previous 1 2 3 Next 36 Replies Latest reply: Jan 10, 2014 7:04 PM by PleaseandThankYou Go to original post
  • Bradley Olwin Level 2 (170 points)


    Prior to installing the Device Enrollment Profile you need to install a Trust Profile.  In the My Devices window there is a Devices and Profiles.  Click on Profiles and install the Trust Profile.  If you do not have one you need to return to the Server app and select Review Certificates.  In the Certificates panel you can create a self-signed certificate.


    Here is how my Profiles appear in System Preferences for a PHD.

    Screen Shot 2012-11-18 at 8.12.55 AM.png


    Each Mac that you want to use for Mobile Accounts will require the Trust Certificate and needs to be enrolled for Device Management.  In the Profile Manager you will be able to set up how you want the Mobile Account managed.  There are numerous settings that you can push to each machine.  I manage a lab with about 8-10 Mobile Accounts and I find it most useful to have a Device Group "Mobile" that has all of the managed Macs, that way I can push to all Mobile Accounts at once.


    Another note, I have found that that setting up Mobility on the Device Profiles works much better than setting Mobility from the User Profiles.  I could never get it to work properly with mobility from the User Profiles. 


    Let me know if you need more detail, I am running Lion, not ML Server.

  • Kirk Carver Level 1 (5 points)



    Thanks for the input.  Very much appreciated.


    I had indeed set up a trust between the laptop and the server (more through persistence, the help of this forum, and dumb luck than actual know-how on my part).  See attached image:




    (not sure why it shows two certificates and two settings for each of Remote Mangement, Settings, and Trust Profile -- can you explain?)


    I was still having no luck getting mobile accounts setup.  I called Apple Enterprise support.  They reviewed my setup, and could find anything wrong in the basic server setup.  They then stepped me through the process of setting up mobile home directories using the web interface.  It appeared we could push a "payload" to the client from the server, but could not get any network user to synchronize (the user would appear as a login option, buy little "double-house" icon at the top of the screen always showed a "!"):




    Support tech was very helpful, but very stumped!  He called in his upper level support, who looked at the situation and determined a gremlin was at fault.  Since my server had no data on it, he advised that I reinstall the the OS and the Server App, and then set things up from scratch.  I've gone through the process of reloading the OS.  Before I try to attack it any further, should I erase all of the "profile" information on the client machine (see the image above)?


    Also, should I go into to the Users and Groups on the client machine and remove my server as the directory server so that nothing gets confused (see screen shot below)?




    Any advice is appreciated



  • mille1j Level 1 (0 points)

    I gave up on portable home directories.  all my users were getting sync errors all the time and could never figure out whether to use the network account or the portable account to sync from .  it was a disaster

  • jlorre Level 1 (0 points)

    @ gerben wierda,

    hello Gerben, I have tried out portable home directories on 10.6.8 server and clients and it was a complete failure.

    The implementation is not industrial grade. It works for a while, and then suddenly it does'nt. It's too fragile.

    What's more, there is no decent up-to-date documentation for it, and the implementation of PHD is also not well documented, (and i searched for weeks) This lack of documentation makes it difficult to understand or remedy the problems when things go wrong.

    In the end I have thrown PHD completely out of the window. Honnestly, we need stuff that is more reliable than that. So my guess is that apple will not very mucht promote PHD before they can get it to work in a more robust way. I've reverted to batch-synchronise directories with synchronize_pro_x, but also that is not always satisfying.

    I also have used it to fix problems when things go wrong with portable home directories.





  • mille1j Level 1 (0 points)

    I turned off all portable home directories on ML 10.7.2 server.  Over the next 2 weeks, users started having increasing problems with their accounts and I ultimately had to create entirely new accounts for all my users.  It seems the users lib folders were just a catastrophe.

  • James Rothschild Level 1 (55 points)

    I got it working generally, but just cannot get HOME Folders to work/snyc or get the ICON to appear on the Users Menu Bar :-(


    Help please Guru's !


    Screenshot 2014-01-08 13.09.40.png


    Screen Shot 2014-01-08 at 13.04.19.png

  • PleaseandThankYou Level 1 (25 points)

    When you say you cant get it to work? do you have more details....?


    Also yes Portable home directories can be tricky. I try to train my users when a sync error occure to say use the most recent modification date and to use that for all future issues. Then no more sync errors unless a document is open when trying to sync... cant get away from that. except not to sync in background or trap files that use file locking IE excel.....


    Screen Shot 2014-01-10 at 9.59.44 PM.png


    Also here is the option for the menu bar did you make sure you have this selected in your profile?

Previous 1 2 3 Next