Previous 1 2 Next 16 Replies Latest reply: Jan 29, 2014 2:50 PM by Antonio Rocco
Dreyfuzz Level 1 Level 1 (0 points)

Hi folks,

 

I manage a school with two Mac Mini OS X servers. One server handles Open Directory and a few other services, the other is almost entirely file sharing, including student home folders. Since updating the computer lab of 36 iMacs to Mountain Lion, client login has been ridiculously slow and the machines continue to perform poorly while using accounts with remote home folders.  It can take up to 10 minutes to get to a usable browser window with all 36 logging in. I've found that the same Mountain Lion machines are much faster using local accounts, so it's not just that 10.8 is laggy. Also, our older Snow Leopard clients login fine, so I think the network and hardware should be able to handle it.  Even just one or 10.6.8 machines load up in 1/3rd the time of 10.8 machines.

 

Has anyone seen this problem? Are there settings that are slowing down ML? Preferences that have to be trashed? Profiles that need rebuilding? Any help would be appreciated.


OS X Server
  • ajm_from_WA Level 1 Level 1 (10 points)

    Linc, i'm wondering if this is also affecting my server since i also have slow authentication problems.

     

    I'm using mavericks server. 

    the sudo changeip -checkhostname checks out fine

     

    This is what I see in server admin:

    server1.jpg

    when I click on edit next to hostname I see this:

    server2.jpg


    is the local hostname supposed to be man12.local?  everything I read says that is not how it should be.  but this is how server seems to set itself up.  Is it a problem, and if so, how to fix it?  Simply reinstalling isn't going to fix it, because i've built it from scrath about a dozen times in the last 3 months and this is always the result, so fixing it does require some deeper, manual, intervention

  • Antonio Rocco Level 6 Level 6 (10,315 points)

    Hi

     

    "Is the local hostname supposed to be man12.local?"

     

    Yes.

     

    "Everything I read says that is not how it should be. . ."

     

    You can be forgiven but I think you're getting confused in your reading? The local hostname means its Bonjour name which is not the same as its hostname. The platform is multicast in nature first and unicast thereafter so whenever you see the word .local (note the dot before the word) you should assume Bonjour is meant. You should never use .local as the basis for internal DNS services in a wholly mac environement especially when contemplating Open Directory and everything else that depends on it.

     

    ". . . so fixing it does require some deeper, manual, intervention.

     

    With respect there's nothing to fix. Besides you can't stop it from appending .local to whatever you've used for its computer name.

     

    As to the OPs problem it's hard to say based on the little presented. Although where he/she says: "One server handles Open Directory and a few other services, the other is almost entirely file sharing . . ." raises a few alarm bells in my mind.

     

    What have you tried? If it was me basic network troubleshooting is where I would start first. What do the logs say? Are the correct DNS servers being referenced? Are ping times slow for IP and hostname resolution?

     

    HTH?

     

    Tony

  • Linc Davis Level 10 Level 10 (147,095 points)

    What domain name are the clients using to reach the server?

  • ajm_from_WA Level 1 Level 1 (10 points)

    I use this command to bind them:

    dsconfigldap -fvN -a man12.millerfd.net -n “man12.millerfd.net” -c `scutil --get ComputerName` -u diradmin -p etc, etc. 

  • Dreyfuzz Level 1 Level 1 (0 points)

    Thanks for checking this out, here's what I've found:

     

    changeip -checkhostname reports Current and DNS hostnames match (for both servers) and reports correct IPs. The names are the global names (server.mydomain.com) if that matters.

     

    DNS looks okay. Clients are connecting to the DNS server (the mac mini that serves OD, but not files for students) and reverse lookup seems right.

     

    The logs are interesting. There was nothing in the AFP log for past few weeks, despite file sharing being used constantly. The OD log showed hundreds of these warnings:

    • 2014-01-22 00:04:57.961151 PST - 93833.2081470, Module: SystemCache - Misconfiguration detected - Failed to insert key 'untitled_2@ODserver.mydomain.com' for entry '0x7fdb7f1026e0' into hash 'Kerberos' as 'non-authoritative'

     

    Can someone point to a fix for misconfig?

  • Dreyfuzz Level 1 Level 1 (0 points)

    They use the global name of the OD server (ODserver.mydomain.com), which I've confirmed points to the right IP.

  • Linc Davis Level 10 Level 10 (147,095 points)

    Ping the server from one of the clients. Latency? Run netstat. Packet losses? If no to both, then you've pretty much ruled out the network.

  • Dreyfuzz Level 1 Level 1 (0 points)

    Ping is extremely fast, less than a millisecond for both servers.  Below are the netstat results. Is there anything strange there?

     

    tcp:

              23237 packets sent

                        7252 data packets (7025756 bytes)

                        6 data packets (4047 bytes) retransmitted

                        0 resends initiated by MTU discovery

                        14750 ack-only packets (11 delayed)

                        0 URG only packets

                        0 window probe packets

                        396 window update packets

                        866 control packets

                        0 data packets sent after flow control

              27293 packets received

                        8418 acks (for 7026614 bytes)

                        376 duplicate acks

                        0 acks for unsent data

                        18689 packets (17430398 bytes) received in-sequence

                        89 completely duplicate packets (65343 bytes)

                        0 old duplicate packets

                        1 packet with some dup. data (50 bytes duped)

                        339 out-of-order packets (457155 bytes)

                        0 packets (0 bytes) of data after window

                        0 window probes

                        152 window update packets

                        17 packets received after close

                        0 bad resets

                        0 discarded for bad checksums

                        0 discarded for bad header offset fields

                        0 discarded because packet too short

              427 connection requests

              26 connection accepts

              0 bad connection attempts

              0 listen queue overflows

              446 connections established (including accepts)

              464 connections closed (including 7 drops)

                        12 connections updated cached RTT on close

                        12 connections updated cached RTT variance on close

                        2 connections updated cached ssthresh on close

              4 embryonic connections dropped

              8408 segments updated rtt (of 7203 attempts)

              32 retransmit timeouts

                        0 connections dropped by rexmit timeout

                        0 connections dropped after retransmitting FIN

              0 persist timeouts

                        0 connections dropped by persist timeout

              0 keepalive timeouts

                        0 keepalive probes sent

                        0 connections dropped by keepalive

              449 correct ACK header predictions

              16504 correct data packet header predictions

              7 SACK recovery episodes

              2 segment rexmits in SACK recovery episodes

              1475 byte rexmits in SACK recovery episodes

              81 SACK options (SACK blocks) received

              298 SACK options (SACK blocks) sent

              0 SACK scoreboard overflow

    udp:

              18565 datagrams received

              0 with incomplete header

              0 with bad data length field

              0 with bad checksum

              54 dropped due to no socket

              5046 broadcast/multicast datagrams dropped due to no socket

              0 dropped due to full socket buffers

              0 not for hashed pcb

              13465 delivered

              1825 datagrams output

    ip:

              41714 total packets received

              0 bad header checksums

              0 with size smaller than minimum

              0 with data size < data length

              0 with ip length > max ip packet size

              0 with header length < data size

              0 with data length < header length

              0 with bad options

              0 with incorrect version number

              6 fragments received

              0 fragments dropped (dup or out of space)

              0 fragments dropped after timeout

              3 packets reassembled ok

              41489 packets for this host

              62 packets for unknown/unsupported protocol

              0 packets forwarded (0 packets fast forwarded)

              72 packets not forwardable

              88 packets received for unknown multicast group

              0 redirects sent

              24833 packets sent from this host

              0 packets sent with fabricated ip header

              0 output packets dropped due to no bufs, etc.

              42 output packets discarded due to no route

              0 output datagrams fragmented

              0 fragments created

              0 datagrams that can't be fragmented

              0 tunneling packets that can't find gif

              13 datagrams with bad address in header

              0 packets dropped due to no bufs for control data

    icmp:

              54 calls to icmp_error

              0 errors not generated 'cuz old message was icmp

              Output histogram:

                        echo reply: 1

                        destination unreachable: 54

              0 messages with bad code fields

              0 messages < minimum length

              0 bad checksums

              0 messages with bad length

              0 multicast echo requests ignored

              0 multicast timestamp requests ignored

              Input histogram:

                        echo reply: 15

                        destination unreachable: 33

                        echo: 1

              1 message response generated

              ICMP address mask responses are disabled

    igmp:

              29 messages received

              0 messages received with too few bytes

              0 messages received with wrong TTL

              0 messages received with bad checksum

              0 V1/V2 membership queries received

              0 V3 membership queries received

              0 membership queries received with invalid field(s)

              0 general queries received

              0 group queries received

              0 group-source queries received

              0 group-source queries dropped

              29 membership reports received

              0 membership reports received with invalid field(s)

              29 membership reports received for groups to which we belong

              0 V3 reports received without Router Alert

              7 membership reports sent

    ipsec:

              0 inbound packets processed successfully

              0 inbound packets violated process security policy

              0 inbound packets with no SA available

              0 invalid inbound packets

              0 inbound packets failed due to insufficient memory

              0 inbound packets failed getting SPI

              0 inbound packets failed on AH replay check

              0 inbound packets failed on ESP replay check

              0 inbound packets considered authentic

              0 inbound packets failed on authentication

              0 outbound packets processed successfully

              0 outbound packets violated process security policy

              0 outbound packets with no SA available

              0 invalid outbound packets

              0 outbound packets failed due to insufficient memory

              0 outbound packets with no route

    ip6:

              6953 total packets received

              0 with size smaller than minimum

              0 with data size < data length

              0 with bad options

              0 with incorrect version number

              224 fragments received

              0 fragments dropped (dup or out of space)

              0 fragments dropped after timeout

              0 fragments that exceeded limit

              112 packets reassembled ok

              4497 packets for this host

              0 packets forwarded

              512 packets not forwardable

              0 redirects sent

              477 packets sent from this host

              0 packets sent with fabricated ip header

              0 output packets dropped due to no bufs, etc.

              1008 output packets discarded due to no route

              9 output datagrams fragmented

              18 fragments created

              0 datagrams that can't be fragmented

              0 packets that violated scope rules

              512 multicast packets which we don't join

              Input histogram:

                        hop by hop: 193

                        TCP: 144

                        UDP: 4131

                        fragment: 224

                        ICMP6: 2260

              Mbuf statistics:

                        2765 one mbuf

                        two or more mbuf:

                                  lo0= 279

                        3909 one ext mbuf

                        0 two or more ext mbuf

              0 packets whose headers are not continuous

              0 tunneling packets that can't find gif

              0 packets discarded due to too may headers

              0 failures of source address selection

              0 forward cache hit

              0 forward cache miss

              0 packets dropped due to no bufs for control data

    icmp6:

              1 call to icmp_error

              0 errors not generated because old message was icmp error or so

              0 errors not generated because rate limitation

              Output histogram:

                        unreach: 1

                        router solicitation: 12

                        neighbor solicitation: 16

                        neighbor advertisement: 12

                        MLDv2 listener report: 18

              0 messages with bad code fields

              0 messages < minimum length

              0 bad checksums

              0 messages with bad length

              Input histogram:

                        MLDv1 listener report: 15

                        neighbor solicitation: 8

                        neighbor advertisement: 1920

              Histogram of error messages to be generated:

                        0 no route

                        0 administratively prohibited

                        0 beyond scope

                        1 address unreachable

                        0 port unreachable

                        0 packet too big

                        0 time exceed transit

                        0 time exceed reassembly

                        0 erroneous header field

                        0 unrecognized next header

                        0 unrecognized option

                        0 redirect

                        0 unknown

              0 message responses generated

              0 messages with too many ND options

              0 messages with bad ND options

              0 bad neighbor solicitation messages

              0 bad neighbor advertisement messages

              0 bad router solicitation messages

              0 bad router advertisement messages

              0 bad redirect messages

              0 path MTU changes

    ipsec6:

              0 inbound packets processed successfully

              0 inbound packets violated process security policy

              0 inbound packets with no SA available

              0 invalid inbound packets

              0 inbound packets failed due to insufficient memory

              0 inbound packets failed getting SPI

              0 inbound packets failed on AH replay check

              0 inbound packets failed on ESP replay check

              0 inbound packets considered authentic

              0 inbound packets failed on authentication

              0 outbound packets processed successfully

              0 outbound packets violated process security policy

              0 outbound packets with no SA available

              0 invalid outbound packets

              0 outbound packets failed due to insufficient memory

              0 outbound packets with no route

    rip6:

              0 messages received

              0 checksum calcurations on inbound

              0 messages with bad checksum

              0 messages dropped due to no socket

              0 multicast messages dropped due to no socket

              0 messages dropped due to full socket buffers

              0 delivered

              0 datagrams output

    pfkey:

              0 requests sent to userland

              0 bytes sent to userland

              0 messages with invalid length field

              0 messages with invalid version field

              0 messages with invalid message type field

              0 messages too short

              0 messages with memory allocation failure

              0 messages with duplicate extension

              0 messages with invalid extension type

              0 messages with invalid sa type

              0 messages with invalid address extension

              0 requests sent from userland

              0 bytes sent from userland

              0 messages toward single socket

              0 messages toward all sockets

              0 messages toward registered sockets

              0 messages with memory allocation failure

  • Dreyfuzz Level 1 Level 1 (0 points)

    Still digging for a solution here. Antonio, can you give me some more details about what you meant by the statement below?

     

    Although where he/she says: "One server handles Open Directory and a few other services, the other is almost entirely file sharing . . ." raises a few alarm bells in my mind.

     

    Thanks!

  • Antonio Rocco Level 6 Level 6 (10,315 points)

    As usual with network related issues it's difficult to offer anything really effective without actually being there. Let's assume your OD Master is running DNS Services. Would your secondary server - assuming an OD Replica? - have appropriate DNS records created for it on that Server? Are ping times the same for IP address and hostname? Any A/V software installed? Do you see the same behaviour with a base/stock install with nothing 3rd-Party added? Have you disabled IPv6?

     

    I've not seen the issues you describe after upgrading multiple workstations at multiple sites to 10.8 or even 10.9. It really should behave as your other clients do.

  • ajm_from_WA Level 1 Level 1 (10 points)

    Is disabling IPv6 something you recommend generally?  Do it on both clients and server? 

     

    Looks like networksetup -setv6off Ethernet  will do it via terminal

  • Antonio Rocco Level 6 Level 6 (10,315 points)

    I always disable IPv6. What would be the point of wasting valuable time resolving hostnames to non-existent addresses in a private (IPv4) network? The command you list is what I use. In case you need it for wireless clients:

     

    sudo networksetup -setV6off Wi-Fi

Previous 1 2 Next