Jamf Nation Community

Hi scentsy,

No Jamf binary is deployed.
I unbound from AD, ensured there is no computer record in AD, rebooted, bound to AD again. No change.
I also tried adding a different network location to no avail.

az

got it.
my bad, I assumed you were using "Casper Suite" (Jamf Pro) to manage your mac devices.

I'm no expert in this area, but make sure your ntp server is correct on your mac devices.
Also when you go to User&Groups->Login Options->Edit (Network Account Server)->can you see your Active Directory Domain (without any issues)?
and inside "Directory Utility" ->Search Policy->Authentication->Do you see your Active Directory Domain? (along with "All Domains")

Unfortunately our macs it takes about 40-55 seconds to communicate with our Domain, if its outside the Domain after 40-55 seconds it uses the cached credentials.

Hi scentsy,

NTP Server: using the default, apple.time.com in System Preferences/Date & Time/Date & Time.
Active Directory Domain is green.
Search policy is visible, All Domains.

Problem is with latency (up to 3 minutes) when logging in to local accounts with an AD, domain joined Mac not connected to the Active Directory network.

az

@arthurmzee We haven't seen any slow logins. Have you tried wiping and re-imaging the machines? Has anything changed inside your environment? When having issues binding to our OD server, we ran Maintenance scripts and re-booted which seemed to fix our issues. This is the software we used -- we had all boxes checked--.

http://www.titanium.free.fr/maintenance.html

Jared

Also, make sure that you wipe out any old network account home folders. You can do this by going to Go > Computer > Macintosh HD > Users and delete any that aren't needed.

Hi jared_f,

I tried all your suggestions to no avail.
If I turn off the wifi before shutting down or restarting, logging in to local user accounts on AD bound Macs happens quickly.
However, if the wifi is on, not connected to the AD network, it takes a couple of minutes to login to a local user account on an AD bound Mac.

Thank you for your suggestions, az

Are these first time logins to the device or recurring logins that are slow?

We see slow login on first time login for any AD bound mac and mobile accounts. Any login afterwards is usually under 30 seconds.

Lowering your DSBindTimeout value should help: https://www.jamf.com/jamf-nation/discussions/19910/slow-login-after-binding-to-ad#responseChild11996...

Hi millers, These are recurring logins.

Hi Josh.Smith, Lowering timeout didn't change anything.

Thanks for your help though,
az

Hi az

Try changing time server to whatever is being used by the AD service, so they match.

Does the login delay also happen when wifi is off, but connected to the network via a patch cable?

Maybe SSH into a 10.12.2 Mac connected via patch cable and watch the system log during login – IIRC:
tail -f /var/log/system.log

Can you reach all the IP addresses of your AD service, not just some of them – is there a firewall which might block access until failover to another domain controller?

Do you see the same problem with a clean install of 10.12.2?

Alter the bind configuration so it doesn't mount network home for domain accounts. Same issue?

Try a single DNS entry in your network configuration, or two from the same range.

Regards
James

Hi James,

The login delay does NOT happen when wifi of off, regardless if connected to the network via ethernet.

I can reach all IP addresses of the AD service.

Same problem with clean install of macOS 10.12.2.

I don't mount network home for domain accounts.

This all happened after updating Macs to macOS 10.12.2,

Anybody else having the same issue?

Thanks in advance, az

Hi Friends,

Any body else have any clues here? The problem persists with the macOS 10.12.3 update.

Thanks in advance, az

If it's happening when wifi is on, check to see if it's trying to connect to a network buried down in our wifi preferences. We sometimes have an issue with our bound accounts if the wifi is last as it will scan for the other networks. If you remove all the other wifi networks or move the wifi network you want to the top, that might fix the issue.

Hi BenL,

I'll try that and report back.
Thanks for the tip, az