OS X Server & Office Documents - Temporary Lock Files

First thing to check is whether your server is set to disconnect idle users after 30 minutes. If so, you should probably increase the time.

Next thing to check is whether you've addressed the dreaded ".TemporaryItems" feature in all MSOffice apps. MS Apps save their autosave files on the root of whatever drive the original file was opened from. If that drive is a network share, then a hidden .TemporaryItems folder is created there by the first user to open a file. By default, all other users are locked out of that folder, due to it inheriting the default permissions of the first user that created a file there. This leads to a lot of users getting errors about files not being able to be opened.

if you google .TemporaryItems, you'll see lots of possible resolutions.

These links might be helpful.

http://answers.microsoft.com/en-us/mac/forum/macoffice2011-macword/naming-or-per missions-error-on-the-destination/b09492af-3726-4631-b0a8-deb71956d709

http://hints.macworld.com/article.php?story=20051122213207398

http://prowiki.isc-csg.upenn.edu/wiki/MS_Office_and_Network_Volumes

The following is an imortant point from the last link:

"There is a slight secondary issue to this one: Word uses the uid of the user on the computer it is running on to create a working folder within the ".TemporaryItems" folder. If the users who are connecting to the network share are using local accounts on the Macs that they are working from (that is not using ActiveDirectory or OpenDirectory accounts), then their user IDs will almost all be 501. This means that they will all be using the same folder. Usually this does not cause any problems (as long as the inherited permissions on the server are created correctly), but it is something to keep in mind when you are troubleshooting."

Hi cpraman,

Apologies, it's me (OP) but using a different ID. That is the most clear explanation of the potential problems so thank you very much.

I have read-read and RE-read about the .TemporaryItems folder and have one at the root of each share :

drwxrwxrwt 2 administrator staff 68B 6 Mar 15:52 .TemporaryItems

I've noticed when editing a spreadsheet, for example, the $temp file will be created in the same directory as the original file, and nothing seems to appear in the .TemporaryItems folder? (user is in the staff group). That has chmod 777 applied via -R also.

That final note has really caught my eye. This Mavericks solution is replacing an old Windows SBS box so the Macs were never joined to Active Directory, nor are they currently attached via Network Accounts to OpenDirectory.

They login to the share via the OD credentials, but if it's using the local account to form the UID of 501 then that to me, is where the problem lies! I suppose the only way around this is to attach the Macs properly to OD?

Also, where are the timeout settings on File Sharing in Mavericks, I know they move the smb.conf about and it's had a name change so i'm a bit reluctant to go down to the config level.

Again many thanks for the reply, very useful.

Chris

Update.

Just opened a Word Document, edited, saved and closed and guess what, inside the re-made .TemporayItems folder created with the permissions from those sites :

drwx------+ 3 userA staff 102B 11 Mar 10:20 folders.501

It looks like it's the 501 issue, all the users creating as 501 rather than their OpenDirectory UID.

However, in another share the below is present : 501 is present but there are other IDs here.

drwxrwxrwx+ 2 administrator staff 68B 21 Sep 2012 folders.1284385672

drwxrwxrwx+ 2 administrator staff 68B 24 Feb 17:29 folders.1602886050

drwxrwxrwx+ 3 administrator staff 102B 27 Aug 2013 folders.1981918951

drwxrwxrwx+ 2 administrator staff 68B 22 Aug 2013 folders.258175715

drwxrwxrwx+ 3 administrator staff 102B 11 Mar 08:50 folders.501

drwxrwxrwx+ 2 administrator staff 68B 5 Mar 17:30 folders.502

drwxrwxrwx+ 2 administrator staff 68B 6 Mar 12:18 folders.503

drwxrwxrwx+ 2 administrator staff 68B 25 Feb 17:34 folders.504

drwxrwxrwx+ 2 administrator staff 68B 20 Nov 17:43 folders.537266444

drwxrwxrwx+ 3 administrator staff 102B 21 Dec 2012 folders.718566976

drwxrwxrwx+ 3 administrator staff 102B 7 Mar 2012 folders.77529368

drwxrwxrwx+ 2 administrator staff 68B 20 Jan 09:30 folders.813781633

I haven't had reports of this folder having any locks.. perhaps it was an issue with the .TemporyItems folder in the other share having the wrong permissions. Shall monitor and come back!

Yes the dreaded 501 issue.

On my network, I was forced to manage all user accounts from the server because of this. That way, each user gets a unique ID number. My users are either Network Home folders or Mobile Home Folders as a consequence.

For a tightly managed office, this is no biggie, and has some up-sides too when it's time to replace client workstations.

For a small office where workers tend to bring their own devices, it can create some friction.

Note that in the users & groups control panel, there's an advanced option that let's you change a user's ID number, but everything I have read has said that this is dangerous to do to an existing account

I haven't, yet! heard of any locked files or problems today... (yet!).

I'm a bit confused as to where those other UIDs are coming from, you'd imagine if none were on the OD that 501 would always be used. There is a handful of Windows clients but not as many as the random UIDs in my last post.

I logged into the share using Mavericks and that used 501.

Hey again Cpraman,

Unfortunately, there is one or two instances of this still creeping up. It is most definately related to a time issue.

If they have a spreadsheet open and save every 15 minutes all day, there is no problem but a period of inactivity greater than 15 minutes it seems to close any SMB connection thats open and then deny access until that temp file is removed and the original file renamed and moved back to a new name.

It's Mavericks with the latest versions of anything so I haven't dug into the configs to look at timeouts as you mentioned but I imagined it 'could' make a difference?

Chris

Google search for "smb idle disconnect mavericks" gave a lot of results. Seems the idle disconnect setting is not accessible via the server app anymore, but can still be set via the command line.

http://www.tuaw.com/2013/10/27/did-mavericks-kill-your-network-drive-access-here s-a-fix/

http://www.reddit.com/r/osx/comments/1qhmkw/os_x_109_smb_shares_disconnecttimeou t/

http://reviews.cnet.com/8301-13727_7-57556009-263/tackle-os-x-file-sharing-not-a llowing-additional-users/

https://groups.google.com/forum/#!topic/macenterprise/BTv_HdVEenE

a couple more:

this one looks promising -> http://krypted.com/mac-security/missing-server-app-settings-for-afp/

Also, the following commands will dump all the relevant settings to a terminal screen, and you can see all the potentially configurable settings.

$ sudo serveradmin settings afp

$ sudo serveradmin settings smb

On my machine, which is pretty much default config, the AFP idle disconnect is set to no, however there is also an idle disconnect time of 10 minutes listed.

afp:idleDisconnectOnOff = no

afp:idleDisconnectTime = 10

A dump of SMB settings shows no idle disconnect time is configurable specifically for SMB, so I'm guessing it respects the AFP setting as far as disconenct time goes. Just a guess though.

As I have some Windows clients AFP only isn't really an option unfortunately.

I think we've got it narrowed down to inactivity. If a user keeps saving every 15 minutes they can keep that document open all day and it tidily exits. If left open for greater than (we think) 30 minutes unsaved, that's when issues start to happen.

I'm assuming this is SMB causing it. (lots of assumptions here!).

Since there doesn't seem to be a configurable way of setting the SMB idle disconnect time, I suggest you try changing the AFP idle disconnect time, and see if the system also applies this to SMB.

For example, you could try the following, which should change the idle disconnect to 1 hour. and then try other values as well. If that has an effect over SMB, you'll know pretty quickly:

$ sudo serveradmin settings afp:idleDisconnectTime = 1

$ sudo serveradmin stop afp

$ sudo serveradmin start afp

This is driving me crazy as well. New 10.9 server and Office 2011 documents seem to randomly report that the file is locked for editing by another user. What the the eventual fix for you?