Lion Server For Dummies
The best-selling new biography of Steve Jobs
Follow us on twitter
Windows Servers and Macs
Tips and Reports
Windows on Mac
TIP: Fix Lion 10.7.2 and .local AD domain by disabling DNS multicast
Monday, November 14, 2011
Louie Campagna found a way to fix Lion 10.7.2 problems with .local Active Directory domains by tweaking an Apple solution for Snow Leopard. It involves turning of disable multicast advertisements from mDNSResponder. (Last year, we posted another, different Snow Leopard solution involving multicast. Note also, that we've previously reported a workaround involving multicast from Centrify for slow Lion SMB access in Active Directory in .local domains.) Here's what Campagna did to solve the problem:
Like many, I've been tearing my hair out trying to figure out the solution to erratic network account availability and slow logins with Mac OS Lion, since the day it shipped. We are currently running 10.7.2, which we hoped would resolve the issues, but it made them worse. However, I believe with a few tweaks, I have solved the problem.
- Log in as an administrative user, and follow the instructions at this Apple link to disable multicast advertisements from mDNSResponder. [This is for Snow Leopard, but works for Lion].
- Next, fire up terminal and run the command sudo nano /System/Library/SystemConfiguration/IPMonitor.bundle/Contents/Info.plist
- Arrow down to the line for mdns_timeout and change the value from the default of 5 down to 1. Apple recommends increasing this number, but it just made things worse. 1 is the magic number.
- Ctrl+X and save, and then open up System Preferences.
- Open up the Network preference pane, go to Advanced, and choose DNS. Under the search domains, add your AD domain(s).
- Apply that, and then load up the Directory Utility. You'll need to make sure you're set to authenticate against All Domains, and mark that you'd prefer a domain server, and enter the IP of a domain controller.
- Reboot the computer after making sure all your settings are saved. Wait for the red "Network accounts are unavailable" light to go away.
This will take approximately 60 seconds. You'll then have a quick AD login with faster access to network resources as well.
If you've tried this fix
Confirmation of disabling DNS multicast to fix Lion/AD in .local domain
Friday, November 18, 2011
Lawrence Fung had luck with the procedure described in "TIP: Fix Lion 10.7.2 and .local AD domain by disabling DNS multicast":
The TIP that Louie Campagna provided works for our school. We have the so-called Magic Triangle with the .local domain. We used to have 10.6.7 working with the mdns_timeout value increased from 2 to 5 seconds as Apple suggested. After upgraded to 10.6.8, we started having problem logging in. It took more than 3 minutes to log into the computer. When I was working on the computer, anything required password such as network folder access or software update took about 2 minutes to get through. So now after trying Louie's tips, all these are gone and the login takes less than 20 seconds.
If you've tried this
Reader confirms that disabling multicast fixes Lion AD issue
Tuesday, January 24, 2012
Keith Adams confirmed at tip that suggests you can fix Lion problems with .local Active Directory domains by disabling DNS multicast:
Our issue was resolved by disabling MultiDNS broadcast. This tip worked like a champ for us! I had been struggling with the issue since 10.7 came out. Now this fix has resolved the issue of not being able to login as network users on 10.7 machines. We could always bind but not use network accounts. THANKS!!! We were running 10.7.2 on workstations and WS 2008 r2 on the DC. One odd thing was that when I did an upgrade install from snow leopard to Lion when it first came out everything worked fine for existing network accounts but new accounts could not be added.
If you've tried this
Related: Lion and File Sharing Tips and Reports