Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Mountain Lion clients login very slowly, stay slow

Hi folks,


I manage a school with two Mac Mini OS X servers. One server handles Open Directory and a few other services, the other is almost entirely file sharing, including student home folders. Since updating the computer lab of 36 iMacs to Mountain Lion, client login has been ridiculously slow and the machines continue to perform poorly while using accounts with remote home folders. It can take up to 10 minutes to get to a usable browser window with all 36 logging in. I've found that the same Mountain Lion machines are much faster using local accounts, so it's not just that 10.8 is laggy. Also, our older Snow Leopard clients login fine, so I think the network and hardware should be able to handle it. Even just one or 10.6.8 machines load up in 1/3rd the time of 10.8 machines.


Has anyone seen this problem? Are there settings that are slowing down ML? Preferences that have to be trashed? Profiles that need rebuilding? Any help would be appreciated.

OS X Server

Posted on Jan 21, 2014 12:19 PM

Reply
16 replies

Jan 21, 2014 10:18 PM in response to Linc Davis

Linc, i'm wondering if this is also affecting my server since i also have slow authentication problems.


I'm using mavericks server.

the

sudo changeip -checkhostname checks out fine


This is what I see in server admin:

User uploaded file

when I click on edit next to hostname I see this:

User uploaded file

is the local hostname supposed to be man12.local?  everything I read says that is not how it should be.  but this is how server seems to set itself up.  Is it a problem, and if so, how to fix it?  Simply reinstalling isn't going to fix it, because i've built it from scrath about a dozen times in the last 3 months and this is always the result, so fixing it does require some deeper, manual, intervention

Jan 22, 2014 1:12 AM in response to ajm_from_WA

Hi


"Is the local hostname supposed to be man12.local?"


Yes.


"Everything I read says that is not how it should be. . ."


You can be forgiven but I think you're getting confused in your reading? The local hostname means its Bonjour name which is not the same as its hostname. The platform is multicast in nature first and unicast thereafter so whenever you see the word .local (note the dot before the word) you should assume Bonjour is meant. You should never use .local as the basis for internal DNS services in a wholly mac environement especially when contemplating Open Directory and everything else that depends on it.


". . . so fixing it does require some deeper, manual, intervention.


With respect there's nothing to fix. Besides you can't stop it from appending .local to whatever you've used for its computer name.


As to the OPs problem it's hard to say based on the little presented. Although where he/she says: "One server handles Open Directory and a few other services, the other is almost entirely file sharing . . ." raises a few alarm bells in my mind.


What have you tried? If it was me basic network troubleshooting is where I would start first. What do the logs say? Are the correct DNS servers being referenced? Are ping times slow for IP and hostname resolution?


HTH?


Tony

Jan 22, 2014 9:26 AM in response to Antonio Rocco

Thanks for checking this out, here's what I've found:


changeip -checkhostname reports Current and DNS hostnames match (for both servers) and reports correct IPs. The names are the global names (server.mydomain.com) if that matters.


DNS looks okay. Clients are connecting to the DNS server (the mac mini that serves OD, but not files for students) and reverse lookup seems right.


The logs are interesting. There was nothing in the AFP log for past few weeks, despite file sharing being used constantly. The OD log showed hundreds of these warnings:

2014-01-22 00:04:57.961151 PST - 93833.2081470, Module: SystemCache - Misconfiguration detected - Failed to insert key 'untitled_2@ODserver.mydomain.com' for entry '0x7fdb7f1026e0' into hash 'Kerberos' as 'non-authoritative'


Can someone point to a fix for misconfig?

Jan 23, 2014 4:21 PM in response to Linc Davis

Ping is extremely fast, less than a millisecond for both servers. Below are the netstat results. Is there anything strange there?


tcp:

23237 packets sent

7252 data packets (7025756 bytes)

6 data packets (4047 bytes) retransmitted

0 resends initiated by MTU discovery

14750 ack-only packets (11 delayed)

0 URG only packets

0 window probe packets

396 window update packets

866 control packets

0 data packets sent after flow control

27293 packets received

8418 acks (for 7026614 bytes)

376 duplicate acks

0 acks for unsent data

18689 packets (17430398 bytes) received in-sequence

89 completely duplicate packets (65343 bytes)

0 old duplicate packets

1 packet with some dup. data (50 bytes duped)

339 out-of-order packets (457155 bytes)

0 packets (0 bytes) of data after window

0 window probes

152 window update packets

17 packets received after close

0 bad resets

0 discarded for bad checksums

0 discarded for bad header offset fields

0 discarded because packet too short

427 connection requests

26 connection accepts

0 bad connection attempts

0 listen queue overflows

446 connections established (including accepts)

464 connections closed (including 7 drops)

12 connections updated cached RTT on close

12 connections updated cached RTT variance on close

2 connections updated cached ssthresh on close

4 embryonic connections dropped

8408 segments updated rtt (of 7203 attempts)

32 retransmit timeouts

0 connections dropped by rexmit timeout

0 connections dropped after retransmitting FIN

0 persist timeouts

0 connections dropped by persist timeout

0 keepalive timeouts

0 keepalive probes sent

0 connections dropped by keepalive

449 correct ACK header predictions

16504 correct data packet header predictions

7 SACK recovery episodes

2 segment rexmits in SACK recovery episodes

1475 byte rexmits in SACK recovery episodes

81 SACK options (SACK blocks) received

298 SACK options (SACK blocks) sent

0 SACK scoreboard overflow

udp:

18565 datagrams received

0 with incomplete header

0 with bad data length field

0 with bad checksum

54 dropped due to no socket

5046 broadcast/multicast datagrams dropped due to no socket

0 dropped due to full socket buffers

0 not for hashed pcb

13465 delivered

1825 datagrams output

ip:

41714 total packets received

0 bad header checksums

0 with size smaller than minimum

0 with data size < data length

0 with ip length > max ip packet size

0 with header length < data size

0 with data length < header length

0 with bad options

0 with incorrect version number

6 fragments received

0 fragments dropped (dup or out of space)

0 fragments dropped after timeout

3 packets reassembled ok

41489 packets for this host

62 packets for unknown/unsupported protocol

0 packets forwarded (0 packets fast forwarded)

72 packets not forwardable

88 packets received for unknown multicast group

0 redirects sent

24833 packets sent from this host

0 packets sent with fabricated ip header

0 output packets dropped due to no bufs, etc.

42 output packets discarded due to no route

0 output datagrams fragmented

0 fragments created

0 datagrams that can't be fragmented

0 tunneling packets that can't find gif

13 datagrams with bad address in header

0 packets dropped due to no bufs for control data

icmp:

54 calls to icmp_error

0 errors not generated 'cuz old message was icmp

Output histogram:

echo reply: 1

destination unreachable: 54

0 messages with bad code fields

0 messages < minimum length

0 bad checksums

0 messages with bad length

0 multicast echo requests ignored

0 multicast timestamp requests ignored

Input histogram:

echo reply: 15

destination unreachable: 33

echo: 1

1 message response generated

ICMP address mask responses are disabled

igmp:

29 messages received

0 messages received with too few bytes

0 messages received with wrong TTL

0 messages received with bad checksum

0 V1/V2 membership queries received

0 V3 membership queries received

0 membership queries received with invalid field(s)

0 general queries received

0 group queries received

0 group-source queries received

0 group-source queries dropped

29 membership reports received

0 membership reports received with invalid field(s)

29 membership reports received for groups to which we belong

0 V3 reports received without Router Alert

7 membership reports sent

ipsec:

0 inbound packets processed successfully

0 inbound packets violated process security policy

0 inbound packets with no SA available

0 invalid inbound packets

0 inbound packets failed due to insufficient memory

0 inbound packets failed getting SPI

0 inbound packets failed on AH replay check

0 inbound packets failed on ESP replay check

0 inbound packets considered authentic

0 inbound packets failed on authentication

0 outbound packets processed successfully

0 outbound packets violated process security policy

0 outbound packets with no SA available

0 invalid outbound packets

0 outbound packets failed due to insufficient memory

0 outbound packets with no route

ip6:

6953 total packets received

0 with size smaller than minimum

0 with data size < data length

0 with bad options

0 with incorrect version number

224 fragments received

0 fragments dropped (dup or out of space)

0 fragments dropped after timeout

0 fragments that exceeded limit

112 packets reassembled ok

4497 packets for this host

0 packets forwarded

512 packets not forwardable

0 redirects sent

477 packets sent from this host

0 packets sent with fabricated ip header

0 output packets dropped due to no bufs, etc.

1008 output packets discarded due to no route

9 output datagrams fragmented

18 fragments created

0 datagrams that can't be fragmented

0 packets that violated scope rules

512 multicast packets which we don't join

Input histogram:

hop by hop: 193

TCP: 144

UDP: 4131

fragment: 224

ICMP6: 2260

Mbuf statistics:

2765 one mbuf

two or more mbuf:

lo0= 279

3909 one ext mbuf

0 two or more ext mbuf

0 packets whose headers are not continuous

0 tunneling packets that can't find gif

0 packets discarded due to too may headers

0 failures of source address selection

0 forward cache hit

0 forward cache miss

0 packets dropped due to no bufs for control data

icmp6:

1 call to icmp_error

0 errors not generated because old message was icmp error or so

0 errors not generated because rate limitation

Output histogram:

unreach: 1

router solicitation: 12

neighbor solicitation: 16

neighbor advertisement: 12

MLDv2 listener report: 18

0 messages with bad code fields

0 messages < minimum length

0 bad checksums

0 messages with bad length

Input histogram:

MLDv1 listener report: 15

neighbor solicitation: 8

neighbor advertisement: 1920

Histogram of error messages to be generated:

0 no route

0 administratively prohibited

0 beyond scope

1 address unreachable

0 port unreachable

0 packet too big

0 time exceed transit

0 time exceed reassembly

0 erroneous header field

0 unrecognized next header

0 unrecognized option

0 redirect

0 unknown

0 message responses generated

0 messages with too many ND options

0 messages with bad ND options

0 bad neighbor solicitation messages

0 bad neighbor advertisement messages

0 bad router solicitation messages

0 bad router advertisement messages

0 bad redirect messages

0 path MTU changes

ipsec6:

0 inbound packets processed successfully

0 inbound packets violated process security policy

0 inbound packets with no SA available

0 invalid inbound packets

0 inbound packets failed due to insufficient memory

0 inbound packets failed getting SPI

0 inbound packets failed on AH replay check

0 inbound packets failed on ESP replay check

0 inbound packets considered authentic

0 inbound packets failed on authentication

0 outbound packets processed successfully

0 outbound packets violated process security policy

0 outbound packets with no SA available

0 invalid outbound packets

0 outbound packets failed due to insufficient memory

0 outbound packets with no route

rip6:

0 messages received

0 checksum calcurations on inbound

0 messages with bad checksum

0 messages dropped due to no socket

0 multicast messages dropped due to no socket

0 messages dropped due to full socket buffers

0 delivered

0 datagrams output

pfkey:

0 requests sent to userland

0 bytes sent to userland

0 messages with invalid length field

0 messages with invalid version field

0 messages with invalid message type field

0 messages too short

0 messages with memory allocation failure

0 messages with duplicate extension

0 messages with invalid extension type

0 messages with invalid sa type

0 messages with invalid address extension

0 requests sent from userland

0 bytes sent from userland

0 messages toward single socket

0 messages toward all sockets

0 messages toward registered sockets

0 messages with memory allocation failure

Jan 29, 2014 10:40 AM in response to Dreyfuzz

As usual with network related issues it's difficult to offer anything really effective without actually being there. Let's assume your OD Master is running DNS Services. Would your secondary server - assuming an OD Replica? - have appropriate DNS records created for it on that Server? Are ping times the same for IP address and hostname? Any A/V software installed? Do you see the same behaviour with a base/stock install with nothing 3rd-Party added? Have you disabled IPv6?


I've not seen the issues you describe after upgrading multiple workstations at multiple sites to 10.8 or even 10.9. It really should behave as your other clients do.

Mountain Lion clients login very slowly, stay slow

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.