User profile for user: geekinit
geekinit Author
User level: Level 1
0 points

Open Directory payload fails when pushed from Profile Manager

I have set up Apple Server 3.1.1 running Open Directory and Profile Manager. I have a valid wildcard SSL certificate securing all services. The Mac server is joined to both Open Directory and Microsoft Active Directory in that order. I've run "changeip -checkhostname" and everything checks out. I'm able to enroll Macs and iPads in the server and push out profiles.


I need to push out two directory payloads (Microsoft AD and Apple's OD). I can push the Microsoft AD payload and credentials and the Mac will join Active Directory, however when I push the Open Directory payload, the Macs join neither AD or OD and /var/log/system.log on the Mac Client shows the following.


Apr 7 08:52:50 Erics-Virtual-Mac.local mdmclient[71]: [Daemon:0] Processing server request: InstallProfile for: <Device>

Apr 7 08:53:21 Erics-Virtual-Mac.local AirPlayUIAgent[281]: 2014-04-07 08:53:21.411762 AM [AirPlayUIAgent] Changed PIN pairing: no

Apr 7 08:53:21 Erics-Virtual-Mac.local AirPlayUIAgent[281]: 2014-04-07 08:53:21.449480 AM [AirPlayUIAgent] Changed PIN pairing: no

Apr 7 08:53:21 Erics-Virtual-Mac.local logind[74]: -[SessionManager getClient:withRole:inAuditSession:]:241: ERROR: No session dictionary for audit session 100000

Apr 7 08:53:21 Erics-Virtual-Mac.local logind[74]: _SMGetSessionAgent:73: ERROR: __SMGetClientForAuditSessionAgent failed 2

Apr 7 08:53:22 Erics-Virtual-Mac.local AirPlayUIAgent[281]: 2014-04-07 08:53:22.175244 AM [AirPlayUIAgent] Changed PIN pairing: no

Apr 7 08:53:22 Erics-Virtual-Mac.local AirPlayUIAgent[281]: 2014-04-07 08:53:22.218190 AM [AirPlayUIAgent] Changed PIN pairing: no

Apr 7 08:53:22 Erics-Virtual-Mac.local mdmclient[71]: Error: Error Domain=ConfigProfilePluginDomain Code=-319 "The 'Directory Binding Account' payload could not be installed. Attempts to bind to the server 'mdm.mysecretdomain.org' returned an unspecified problem." UserInfo=0x7f8c696840a0 {NSLocalizedDescription=The 'Directory Binding Account' payload could not be installed. Attempts to bind to the server 'mdm.mysecretdomain.org' returned an unspecified problem.} from: InstallPayload in DirectoryBindingPayloadPlugin

Apr 7 08:53:23 Erics-Virtual-Mac.local mdmclient[71]: Error: Error Domain=ConfigProfilePluginDomain Code=-320 "The 'Directory Binding Account' payload could not be removed. The server 'mdm.mysecretdomain.org' either couldn't be found, or was not responding." UserInfo=0x7f8c69767a40 {NSLocalizedDescription=The 'Directory Binding Account' payload could not be removed. The server 'mdm.mysecretdomain.org' either couldn't be found, or was not responding.} from: RemovePayload in DirectoryBindingPayloadPlugin

Apr 7 08:53:23 Erics-Virtual-Mac.local mdmclient[71]: CPProfileManager.uninstallProfileCore plugin removal reported error = -320 (The 'Directory Binding Account' payload could not be removed. The server 'mdm.mysecretdomain.org' either couldn't be found, or was not responding.).

Apr 7 08:53:23 Erics-Virtual-Mac.local mdmclient[71]: CPProfileManager.installProfile returning error -319 (The 'Directory Binding Account' payload could not be installed. Attempts to bind to the server 'mdm.mysecretdomain.org' returned an unspecified problem.)

Apr 7 08:53:23 Erics-Virtual-Mac.local mdmclient[71]: *** ERROR *** [Daemon:0] ### Errors while processing: InstallProfile ###

Apr 7 08:53:23 Erics-Virtual-Mac.local mdmclient[71]: *** ERROR *** [Daemon:0] <ConfigProfilePluginDomain:-319> The 'Directory Binding Account' payload could not be installed. Attempts to bind to the server 'mdm.mysecretdomain.org' returned an unspecified problem.

Apr 7 08:53:23 Erics-Virtual-Mac.local mdmclient[71]: *** ERROR *** [Daemon:0] ###################################


When I attempt to join the Mac client to open directory through Users & Groups and Login Options, I am able to join. The only thing I notice is that it prompts me that, "This server provides SSL certificates. Do you want to trust the certificates from mdm.mysecretdomain.org? You can continue without trusting certificates. Trusting these certificates could allow unauthorized access to your computer." I select "Trust" and the Mac client joins up just fine. I'm not sure if this is related to payload could not be installed or not. I'm using "mdm.mysecretdomain.org" as a placeholder for my real domain. DNS resolves to the real domain and it has an SSL certificate.


I really need to be able to push these OD settings out via Profile Manager. Any help or suggestions are appreciated. Thank you.

OS X Mavericks (10.9.2), Apple MDM and Profile Manager

Posted on Apr 7, 2014 9:05 AM

Reply
3 replies
User profile for user: Noraa
Noraa
User level: Level 1
15 points

Mar 5, 2017 12:58 AM in response to geekinit

I know this is a couple of years old now, but I just recently ran into the same issues with macOS Server 5.2. I was able to solve it in the end by NOT providing login credentials for the Open Directory server. The username and password fields are marked as optional, so can be left blank. Doing that allowed the profile to install properly and the computer to join to the macOS open directory.

Reply
User profile for user: BJH75
BJH75
User level: Level 1
7 points

Jul 16, 2014 3:51 PM in response to geekinit

I'm having this same issue exactly with 10.9.4 and 3.1.2. I was putting together a demo of some PM functionality and when I configured the bind to OD and pushed it out it seemed to fail on the first one or two attempts. After I logged out with my user and pushed again, it seemed to take...that one time.


During my demo, I was unable to push out the Directory payload, getting "failed" even after several reboots and updates.


I spend a couple hours afterwards trying to figure out why, and am coming up empty.


Like yourself, a manual configuration via the "Join" or via Directory Utility works (either with joining the computer, or simply binding).


But when the payload is delivered either by pushing via PM or by manually importing the .mobileconfig I get the exact errors as above.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Open Directory payload fails when pushed from Profile Manager

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up