Access Your Computer From Anywhere
Control a PC from a Mac over the Internet


MacWindows Home

MacWindows News Archives

News items older than a few months


Solutions Descriptions of products, links to company sites, and contact info

 

Tutorials
Information about making Macs and Windows work together

 

MacWindows Tips Practical info for users of cross-platform products

 

News Archives
News older than a few weeks.

 

MacWindows Home

 

Site Map

MacWindows News items from Jan 2004 through March 2004

Most recent news first.

June 2004

Special News Report: Cross-platform News from the Apple Worldwide Developers Conference

Apple's Tiger to improve Windows compatibility. June 29, 2004 -- During yesterday's WWDC, Steve Jobs described some of the features Mac OS X 10.4 Tiger, which he announced would ship during the first half of 2005. Jobs briefly mention some enhanced Windows compatibility features:

  • Better SMB performance
  • SMB home directories
  • Kerebos and NTLM v.2

Jobs also introduced a new search technology called Spotlight that automatically indexes and searches for both content and metadata of files, email, and other data. He noted that Spotlight would be aware of Windows terms for items, for use by switchers. For instance, Spotlight searches will understand that "wallpaper" means desktop pictures, and "wi-fi" or 802.11 stands for AirPort. (Apple described Spotlight as an extension to the file system.)

You can view Job's keynote address here.

Mac OS X Sever 10.4 will include NT Migration Tool. June 29, 2004 -- Yesterday, Apple announced that Mac OS X Server 10.4 ("Tiger Server") will software called NT Migration Tool, which will help migrate from Windows servers to Tiger Server. (See also this Apple press release.) Some of the features of NT Migration Tool:

  • Automatically extracts user and group account information from a Windows Primary Domain Controller automatically moves it into Open Directory.
  • The ability to "take over as the Primary Domain Controller for Windows clients and even host Windows users' home directories, group folders, roaming profiles and shared printers."

Apple said that Tiger server will ship in the same timeframe as the Tiger client, within a year. Like the Tiger client, the new server will support 64-bit processes and 64-bit address spaces in memory, taking advantage of Apple's 64-bit hardware. Other new features also had some cross-platform aspects:

  • An iChat server to work on a local network. It will support both the iChat client and the Jabber clients on Windows, Linux, and PDAs. The iChat server will also offer SSL/TLS encryption and Kerberos authorization.
  • Will include XGrid 1.0, software for clustering Mac servers (see news story below).
  • Site-to-Site virtual private networks using IPsec encryption.
  • A weblog server.
  • Mobile Home Directories. This is a feature that keeps home directories of notebook users on the server, but copies it to the local hard disk to enable the user to take it on the road. When the user returns and plugs in, the home directory syncs with the one on the server.

Developers at WWDC were given a preview release of Tiger Server.

Apple announced cluster server products. June 29, 2004 -- Users will soon be able to use Mac OS X servers in clusters with several products that Apple announced:

  • XGrid, cluster software that lets you use up to 128 agents, up to 10,000 queued jobs and up to 10,000 tasks per job.
  • Xsan ($999 node, unlimited capacity). Xsan is a 64-bit implementation of the SAN cluster file system that lets multiple computers simultaneously access several terabytes of storage on Xserve RAID over high-speed Fibre Channel. Xsan is currently in beta.
  • XServe G5 Cluster node. A version of XServe meant to serve in a cluster.

Apple Remote Desktop 2 based on open source VNC goes cross-platform. June 29, 2004 -- Last week, Apple quietly announced Apple Remote Desktop 2.0, set for shipping next month (US $299 for 10 clients, $499 unlimited). Yesterday, however, we learned that the new version of the remote-control software is that this new version will be based on and compatible with the open source VNC, originally created by ATT Labs at Cambridge, England. VNC is a cross-platform remote control program, with versions for Mac, Windows, and Linux/Unix. The new ARD 2.0 will be able to control and be controlled by other computers running VNC, including Windows and other non-Macs.

Apple displays go back to DVI standard. June 29, 2004 -- In its new line of displays announced yesterday, Apple has abandoned the proprietary ADC display connectors in favor of the industry standard DVI connectors, compatible with Intel-based PCs as well as Macs. Apple used DVI connectors on it's first generation of flat panel displays, but switched to ADC with the first Cinema Displays, which PC's could use only with an ADC-to-DVI connector converter.

By the way, we did see the new 30-inch display ($3300, requiring a new $600 graphics card). It is bigger than the televisions in many people's living rooms, and made the 23-inch display sitting next to is look small. It also produces stunningly high-quality images.

Suggestions for OS X + AD integration. June 28, 2004 -- Aaron Graham suggests a correction for our paper How to Use Active Directory and Macintosh Clients without Schema Changes by Greg Priglmeier. Graham adds:

I have found a small omission in Step 3, after configuring the AD plug-in the user needs to add it to the authentication path also. This step is missed and with out this you can not see the AD domain in WGM.

Brian Zupko has a suggestion for the reader who got stuck at step 4 (Select the domain icon and choose the OD LDAPv3 domain). Zupko's suggestion:

Make sure that in Directory Services authentication tab that AD is listed first then the OD 127.0.0.1 for your OD master second.

Of course AD will be listed technically second, NetInfo/root is always first and that can not be changed. That should correct this issue.

AD / OD user account synchronization question. June 28, 2004 -- Justin Ruddy sent us a question about synching password of an Open Directory group and an Active directory group:

We are attempting to sync the passwords of two user groups, one hosted on Open Directory 10.3.4 and Windows Active Directory 2003. We have created duplicate user accounts in both directories, and are currently using Open Directory for our primary authentication (we have approx. 35 OS X workstations). We have successfully setup the Active Directory connector, but in our understanding, this does not sync passwords on the duplicate accounts. Is this supported? If not, could you recommend a solution that would accomplish this? Any thoughts would be greatly appreciated.

If you have some advice to share,

Norton Corporate Edition interferes with and AppleTalk on Win 2K Server. June 28, 2004 -- Géry Houiller reports this problem:

I've discovered a big problem about Norton Corporate Edition and Windows Server 2000.

We have installed the new NCE 9.0 on 5 PC Dell Server with Windows Server 2000 SP4 French version. Two days after, we have problem about access with Macintosh on AppleTalk channel. When we delete the installation of NCE 9 on the server, everything goes right.

Nudging VPC to find DNS servers. June 28, 2004 -- Bob Morabito was getting DNS errors with Internet Explorer for Windows running in Virtual PC 5.0 (iMac, Mac OS X 10.2, Virtual Switch setting). The fix was unexpected:

I found out that by putting in the address for Google--66.102.9.104, and accessing that page, I am now able to access all others.

VPC/WordPerfect anecdote. June 28, 2004 -- George May has had a good experience with some old software:

My partner in a medical transcription business absolutely refuses to abandon using WordPerfect 5.1 for DOS, but she likes the small size of my G4 Mac Cube (processor upgraded to 1.2 GHz, 1 GB RAM). I didn't think it would be possible, but, after hours of work - installing and configuring WP 5.1 is a nightmare on any platform - we now have a Mac G4 Cube running Virtual PC, running Windows, running DOS, running WordPerfect 5.1 DOS. And WP 5.1 runs faster that it does on her Pentium Gateway PC.

Cluster Support in ExtremeZ-IP. June 25, 2004 -- Derick Naef of Group Logic corrected a reader report from earlier in the week. He tells us:

ExtremeZ-IP currently supports clustering in active-passive mode on Windows 2000 & 2003, and is in use in this configuration and many large customer sites throughout the world. We've supported this for a while.

You can read about it at the Group Logic web site.

Plus we're compatible w/ Mac OS X / AFP 3.1 :)

We are working on even more sophisticated clustering support for a future release of ExtremeZ-IP.

AD and Mac OS X Server based home folders. June 25, 2004 -- Josh Wisenbaker verified a recent reader claim that no schema changes are required for storing home folder on a Mac OS X Server using Microsoft Active Directory. He also sent a description on how to accomplish this:

I did some testing and found that our anonymous friend is correct.

If you use the AFP mountstyle with the AD plugin you can specify a share on your Mac OS X Server to put the home folder in. You must also have SMB running and specify that share in the user's AD profile.

Tip: Entourage 2004 and directory services. June 25, 2004 -- April Acker sent us a tip for getting Entourage 2004 to work with directory services. (A reader previously reported a problem.) Acker's suggestion:

Several users in the group I support were recently upgraded to Entourage 2004, which works great with Exchange and seems to have solved the email-related lockout issues. However, one reoccurring issue we ran into was that Directory Services no longer worked for looking up contact information. Changing the LDAP server to an IP address didn't work either - in fact nothing seemed to work. At the root of the problem was the fact that I had imported the user's previous Entourage X identity. Something involved with importing the identity caused Directory Services to no longer work.

However, deleting the profile and re-creating it allows Directory Services with no problem. All the user's mail will have to be downloaded again, but it is a sure way to fix the problem. I still recommend importing the identity if elements such as signatures, rules, or archived local mail existed in Entourage X. After the import, just delete the actual Exchange profile and re-create it again, with all of the other elements in place already.

Office/Entourage 2004 Installation problem. June 25, 2004 -- Jim Howard had the same problem installing Entourage 2004 that we reported last month:

I had a similar experience trying to test Entourage 2004 as reported earlier by John Wilson. Based on his experience, I did a clean install of Office 2004, manually configured (as much as possible in the Exchange environment) the setup, turned of everything that was automatic (or at least I thought ). Including junk, synchronization, etc. When I started it promptly still cycled through my entire exchange folder structure (about 4300 messages, in about 20 different folder/trees) and moved them all. If it had moved them to the local inbox I would have been okay with that. But it moved all messages from every server folder to the Deleted items folder! I manually copied them back to a new folder to hold them for resorting , but it moved those all to the deleted items folder also! So I quit Entourage 2004, went to my PC, and used Outlook to move the messages back to the inbox/other folders.

Needless to say this is not adequate behavior from a supposedly enterprise level product.

If you've seen this problem,

Microsoft will not extensions NT 4.0 Support . June 25, 2004 -- Ziff Davis reports that Microsoft will not extend support for Windows NT 4.0, as it had looked like it might:

On Monday morning, it looked as if Microsoft had done yet another about-face by extending NT 4.0 support past the rapidly approaching support-cut-off deadlines - despite repeated claims that it had no intentions of doing so.

But by Monday evening, Microsoft was working overtime to correct any misunderstandings caused by its vaguely worded press release about its plans for continuing to offer NT 4.0 fixes beyond the currently stated cutoff period.

Mark/Space Missing Sync for Palm OS to replace HotSync. June 25, 2004 -- Yesterday, Mark/Space announced The Missing Sync 4.0 for Palm OS (US $40) will ship in August. The company said that this version "supersedes PalmSource's aging HotSync Manager for Mac OS X" to move data between a Palm OS handheld and a Mac. Owners of Palm OS 4 and Palm OS 5 handhelds, including PDAs and smartphones from AlphaSmart, Garmin, palmOne, Samsung, Sony and Tapwave, will be able to use Missing Sync. The Missing Sync for Palm OS is that it supports dozens of existing Palm conduits for the Mac, including Apple's freely available iSync Palm conduit and Microsoft's Entourage conduit. It will synchronize over AirPort and Bluetooth connections, and will have iPhoto and iTunes integration. A beta version is available here.

Group Logic Releases OEM version of ExtremeZ-IP with AppleTalk for Windows XP Pro. June 22, 2004 -- Group Logic has released an OEM-only version of its ExtremeZ-IP file server for Windows XP Professional that includes the AppleTalk network protocol. The company said this was in response to "Microsoft's discontinuation of Windows 2000 Professional OS and its subsequent removal of AppleTalk from the replacement Windows XP Professional OS." Group Logic also said that the new OEM solution is "hundreds of dollars" less than Windows 2003 Server.

More on AD Plugin and Home Directories. June 22, 2004 -- A reader who wishes to remain anonymous takes issue with this June 11 reader statement:

If you want to store the home folders on a Mac OS X Server using AD for authentication then you are going to need to make a schema change or use the LDAPv3 plugin and loose all that easy AD integration work.

Our anonymous reader says:

This is incorrect. As for Mac OS X Server 10.3.3, you can absolutely store home directories on Mac OS X Server for both Windows and Mac clients without schema changes and using the AD plugin.

More on loss of Entourage/Exchange calendars. June 22, 2004 -- Darren Heinrichsen comments on one of the previous speculations for causes to the problem of Entourage X causing a loss of calendars:

I am sure that we do not have virus scanning (or any other type of scanning) turned on for the M: drive. The calendar wipeout only happens with Entourage users, not with any of our PC users.

MacServerIP, Cluster servers, and Novell 6.5. June 22, 2004 -- Matthew Wie sent a report on the virtues of using MacServerIP:

We use MacServerIP here in the UK, supporting about 600 users sharing 4 TB of data. Having used SFM we've found 2 distinct advantages:

1. Cluster Support. SFM is NOT cluster aware, if services fail over you have to re-create volumes and this is unacceptable in an environment this large.

2. SFM has a limit of around 65'000 per volume. With data the size of ours we easily outsize this making SFM pretty redundant.

I'm currently testing ExtremeZ-IP but there seems to be no cluster support. Speed is good and it's got a very intuitive interface.

I'd be interested if you've heard of anyone using Novell 6.5 with Mac files. We are also testing this but it's very buggy.

(The MacWindows MS Cluster Services and NetWare and Macintosh report pages haven't had much reader input recently. If you have something to add,

Microsoft advice for Virtual PC and USB devices. June 11, 2004 -- We went trolling through the Microsoft Knowledge Base for information on using USB devices with Virtual PC, and found several useful articles:

AD and home users in Mac OS X 10.3.3-plus. June 11, 2004 -- Josh Wisenbaker answers a reader's question from June 8 regarding storing Mac users' home directories on the Mac OS X 10.3 server:

If you want to store the home folders on a Mac OS X Server using AD for authentication then you are going to need to make a schema change or use the LDAPv3 plugin and loose all that easy AD integration work. There is something that most people miss however.

By default the AD plugin creates local homes, mounts the SMB home that is in the user's AD profile on the desktop and puts the SMB home folder in the Dock. Starting with 10.3.3 Apple fully supports using network based SMB homes and there is a hidden option in the AD plugin to activate it.

dsconfigad is the command line version of the AD plugin. It has two hidden options, -localhome and -mountstyle. If you execute a 'sudo dsconfigad -localhome disable' then the plugin will not create a local home, but rather use the windows SMB home folder as a network home. You can use the -mountstyle flag to specify SMB or AFP for the mount, although SFM isn't kerberized and you will get a challenge box on login for the AFP share.

Greg Priglmeier agrees. "Josh is correct. AD creates home users by default." (Priglmeier author of How to Use Active Directory and Macintosh Clients without Schema Changes.)

Suggestion for loss of Entourage X/Exchange calendars. June 11, 2004 -- Several more readers report seeing the problem of Entourage X causing a loss of calendars, including one suggestion. First, Jim Roletter is another reader describing the problem:

We had the same problem here with a user in our school district. He was using Entourage all his calendar items on the Exchange server were deleted. The connection to the Exchange Server was being made via IMAP over a network while at a conference.

Todd Schneider has a suggestion that is a bit unexpected:

Does your Exchange Server have a drive letter "M"?

We had a similar problem with hot syncs to user's folders where the calendar would get wiped out. (Actually, all the calendar events would lose their start times and end up on the current day).

Turns out that every time a server virus scan ran it would scan drive 'M' and corrupt the calendars, after the next sync was done only users who synced their palm pilots were affected.

You may want to check your virus scan schedule to see if there a connection.

If you've seen this suggestion work,

Verification of and suggestion for problem with Entourage and LDAP. June 11, 2004 -- Several readers have reported seeing the problem of Entourage not querying LDAP or Active Directory that we reported on June 2. Jeff Boyle found a way around it:

I just tried the query of emails and found that I too couldn't get names coming back. In the advanced section I enabled "this server requires me to login" and it now works as expected.

Gunnar Reichert-Weygold seed the problem with ADmitMac:

I can duplicate this problem. I'm running the latest version of ADmitMac and we just installed Active Directory here. It's true, if I type in the email address, it can verify, while any other info comes back with "LDAP Server Error: No entries in the directory service match the search criteria."

ADmitMac 1.1
OS X 10.2.8
Entourage 10.1.4

Dave Leary has a slightly different version of the issue:

I have a very similar problem with Entourage 2004.

At work LDAP works just fine with Apple mail, but fails most of the time with Entourage. The exception is that if someone has recently sent me an email, I can the get the email address just by typing their name, but I suspect that this is more of a local look up than actually using the LDAP server.

If I try to send to a new person, LDAP fails & gives me an error message

Casey McCullough has the problem with Active Directory:

We are not even able to get Entourage to query AD by email address. We keep getting an Error -3260 when we type in a name or email address in Directory Service. The Error -3260 description is as follows: "The connection to the server failed because the network is unavailable."

I'm able to send/receive email, so that's not the problem. I searched this error and came up with nothing.

I think I've got all the right information plugged in on the setup of the Directory Service, but any help/advice you could give would be greatly appreciated.

William Urbanczyk:

I saw your post on macwindows.com. My organization is seeing the same issue with Entourage 2004 not querying LDAP or AD. Apple mail and address book work A-OK but not Entourage.

Thought I'd pass this along so you knew it just wasn't your configuration.

Michiel Schriever:

I read your article on Office 2004 no able to query the LDAP server. I have the same problem. It does connect (no error message), I can ping the server manually, and the old Office worked fine...

If you've seen the problem, or can comment on Jeff Boyle suggestion,

Problem with OS X server 10.3.4 and Win XP clients. June 11, 2004 -- Darius Fisher is having a problem with slow PC client performance when connected to Mac OS X Server:

I am at my wit's end with an Xserve running Mac OS X Server 10.3.4 - I have had the same problem ever since 10.3. Our sister company has the same problem also.

We have 2x PC's now - Ix P4 single 3 GHz Dell XP Pro and 1x dual 2.8 GHz Xeon Dell (6500 I think) XP Pro. We also have about 7x various G4's - fastest being dual 1.25 GHz. The PC's are our fastest machines until we get new G5's soon. We do motion graphics / editing and feature film Visual FX. We have a gigabit Ethernet network.

The problem is that the PC's slow to a crawl when they render from after effects to drives on the Xserve. The 3 GHz does it so slowly that we used to think it had crashed (same is true just when saving an after effects project to network drives - copying is also slow) The dual 2.8 Xeon is our newest machine. It manages to render and save to the network drives so I thought it didn't have the same problem. But when I did a comparison to rendering and saving to it's C drive, it did the same operation 3 times faster. The Macs have no problem and do the same operations exactly the same if rendering or saving locally or to the Xserve drives.

We are connecting through SMB, all machines have the same user name and passwords etc. I have set the PC's WINS server to the IP addresses of the Xserve.

Our sister company got rid of the problem by reinstalling OS X server. I tried this the other day (complete wipe and install) and the problem is still there.

I did notice in the Windows error logs in the server manager tool, (I can't remember what the app is called I'm off-site at the moment) - that the windows machines seemed to be looking for an incorrect IP for something - we use static internal IP's for all machines - the cable router provides DHCP for numbers above 100 in our range and below are static - but the error was looking for 92.168.123.1 I believe, and our Xserve is 192.168.123.1 and .2. I am not expert in reading these logs anyway.

If you've seen the problem,

A technology first: A PowerPC emulator runs Mac OS X in Windows. June 10, 2004 -- An open source project called PearPC has become the first PowerPC emulator running in Windows and Linux on Intel-based PCs. PearPC can run Mac OS X "with some caveats," according to the developers, Sebastian Biallas and Stefan Weyergraf, who give the warning:

Please note that this is an experimental program not meant for productive use. There are still unimplemented instructions, mysterious bugs and missing features. Don't use it on important data, it WILL destroy them sooner or later!

The first version, v0.1, was released on May 10. The current version 0.1.2, released on May 20 is available for download from the project site. There is a story about installing PearPC at OS News.

Existing Mac emulators, such as Basilisk II, emulate a pre-PowerPC 680x0 processor, and can only run up to Mac OS 8.6. Another project, SoftPear, attempting to recreate a Mac OS X environment running in Apple's opens source Darwin for x86.

If you've tried PearPC,

(Thanks to Javier Macías and Marcel Ovidiu Vlad for bringing PearPC to our attention.)

Another view on Norton Auto-Protect on VPC in Panther. June 10, 2004 --Stephane Bourassa reports turning of Norton Antivirus Auto-Protect fixed the Panther performance problem:

Turning off Auto-Protect features into Norton Antivirus has doubled &emdash; if not tripled &emdash; the speed of VPC 6 my with Panther 10.3.4 800 MHz eMac G4 computer. It has transformed my VPC from a painful to a convenient experience.

Several other readers have reported that this speeds up Virtual PC in Panther (see our Virtual PC 6 Reports page). However, readers have also reported that this had no effect. We have a fairly large collection of suggestions for speeding up Virtual PC in Panther on our Virtual PC 6 Reports page.

Good AutoCAD performance in VPC in Mac OS 9. June 10, 2004 -- A reader called Iwert told us about his positive experiences running AutoCAD in Virtual PC. He is using an older (upgraded) Mac with Mac OS 9, which does run Virtual PC faster than Mac OS X. He is also using Windows NT, which does run faster than Windows XP in VPC. His report:

I just wanted to let you know that AutoCAD 2000 runs like on a Pentium III 1.6 GHz on a Pismo with PowerLogix 1 GHz upgrade, 768 MB RAM and Windows NT 4 on Virtual PC 5.0.4 under Mac OS 9.2.2.

I am really astonished by the speed of this combo, it is at times faster than my Pentium 2.5 GHz at work. Startup of Virtual PC + AutoCAD is certainly faster. Working in AutoCAD is transparent and without any slowdowns. Switching layouts is fast, and drawing 3D no problem. It even gets faster when mounting the NT volume on a RAM disk, and battery life greatly improves.

All in all I am very happy, and just dished the OrangePC with 450 MHz AMD k6/2 from my desktop machine, which was now at least 2 times slower then the upgraded Pismo. I suspect the 1 MB L2 cache at full speed is contributing a lot to the speed increase.

Another report of Virtual PC and USB QuickCam problems. June 10, 2004 -- A reader named Dave reports a problem getting a USB QuickCam camera working with Virtual PC:

I cannot get my Logitech QuickCam 4000 webcam to work with VPC 6.1. Have you figured out a way to get it to work? It works fine on my Mac and it recognized by VPC, but none of the Logitech software recognizes it.

We had a previous report of this problem last October, now on Virtual PC 6 Reports page.

VPC 6 "auto-update" in Mac OS X 10.3.4. June 8, 2004 -- Jim Breashears reports that after he updated to Mac OS X 10.3.4, Virtual PC automatically updated itself. Microsoft told him that an upgrade is required for Mac OS X 10.3.4, but he reinstalled his version 6.0 with success. Breashears reports:

I have 2 G4 PowerBooks with VPC 6 on them. I had not upgraded to 6.0.1 on either because I use the printing function which is absent in the new version. I was going to wait a (long) while before I considered any "upgrade" because I am perfectly happy with what I have now.

When I started both machines up this morning (both in a "saved state"), Tuesday, June 01, 2004, they were upgraded from 6.0.1 and Microsoft's dialogue boxes were open about setting up and registering the new version! There was no dialogue box on either machine asking for permission.

MS tech support and told me that sometimes an upgrade is a must and that is why it was done, however, a dialogue box should have come up notifying me.

I asked him why the need for the upgrade and he said to increase stability. I told him that I was perfectly happy with the set up that I had. He told me that it was a required upgrade for the 10.3.4 version of the Mac OS. That dialogue box was missing from the forced upgrades on both machines.

After my original call to MS tech support I found that shared networking no longer worked. I called MS back and they tried some things, but were unable to get it working again. They said I'd have to buy a new copy and reinstall it so they transferred me to sales who said that they were out of stock and would have another shipment in 14 days.

I can't afford to be out of work that long, so I took my 6.0 upgrade and reinstalled (which MS tech support said they didn't think would work because it is an upgrade, not a full version). It seems to work fine. I remembered that Connectix's upgrades were the size of the full versions so there was some confidence in doing this.

Update to Active Directory and Mac 10.3.3 instructions. June 8, 2004 -- We've posted an update to Greg Priglmeier's paper How to use Active Directory and Macintosh Clients without Schema Changes, which use a Mac OS X Server. Priglmeier has revised section Part 2b "Basic Open Directory authentication on clients."

Nathan Mueller sent in a question about the procedure:

Greg Priglmeier's directions "How to Use Active Directory and Macintosh Clients without Schema Changes" are PERFECT! However there is only one thing lacking. How can I get AD users Mac home directories to store on the 10.3 server? Is there a setting in LDAPv3 that can be used the map the home directories?

If you know the answer,

Update on Active Directory users who can't empty the Trash. June 8, 2004 -- We've had a few more comments on the problem where OS X users can't delete the Trash. Henrik Ahlberg in Sweden comments says that old accounts have the problem after a server upgrade:

We have had the earlier mentioned problems with "empty trash" for AD authenticated OS X users (10.3.3 and 10.3.4).

We have recently migrated from NT4 domain to a 2003 AD structure. 600 (250 Mac) users. "Old" accounts will not be able to empty their Trash, while with newly created accounts it works fine! We have also found this problem to be non-computer-specific... G4, G5, PB, G4 Xserve all acts the same...

Hugh Burt, who previously reported having the problem, does see this as a platform-dependant issue:

I don't think it is anything to do with user accounts as I, using my AD account, can't empty the trash on G4s but can on iMacs.

Another tip for importing Address Book contacts into Entourage. June 8, 2004 -- Liz Fox sent in another method to import contacts from Address Book into Entourage:

I puzzled over this too and found a very easy solution. Open Addresses. Select all, drag to Entourage addresses. They came in exactly right. No massaging necessary.

Maintenance Upgrade for CrystalFire Wormhole, Mac-PC file transfer. June 8, 2004 -- CrystalFire Software has released CrystalFire Wormhole 1.1.4 (US $15 per computer; free upgrade), an upgrade to the simple Windows-Mac file transfer program. The new version includes the following improvements:

SQLiteServer 1.0 for Mac, Win, Linux. June 8, 2004 -- SQLabs has released SQLiteServer 1.0 for Windows, Mac, and Linux. SQLiteServer 1.0 (US $269 for 10 clients, $369 unlimited) allows you to access SQLite databases from any client written to understand the server's protocol.

TIP: Entourage 2004 and Proxy Server. June 2, 2004 -- Matthew Pinto sent us a workaround to a problem he was having with Entourage 2004 and Proxy Server:

We have a proxy server here and when I have HTTP set to "ON" in the Network Control Panel, Entourage 2004 becomes Disconnected. This is rather frustrating when trying to first set up Entourage as it will not connect and gives you a cryptic message as Error -114.

The fix my IT department came up with was to create an Automatic Configuration Page (http://"proxy web page"). This seems to bypass this problem with one exception: Internet Explorer will stop working (while Safari is OK). The other problem with this is that Automatic Setup is only available in Panther.

I'd like to hear if others have had this issue and if they had a better work around.

If you've seen this problem, or have a better workaround,

TIP: Windows domain rename with Exchange. June 2, 2004 -- Tony Trumbo shared with us a Microsoft solution to problem related to using .local in Panther Active Directory Integration. The problem is trying to rename a domain. Trumbo reports:

I know there has been previous discussion on MacWindows about the use of .local in Active Directory domain names. Renaming the domain to end in something other than .local was possible with Windows 2003 but it wouldn't work if you had Exchange in the domain. Microsoft has just released a tool that now allows you to rename a domain with Exchange 2003 in the domain. The tool can be found at a Microsoft page called Exchange 2003: Domain Rename Fixup (XDR-Fixup).

Hope this is of some use to MacWindows readers.

TIP: Another way to import Address Book contacts to Entourage. June 2, 2004 -- A reader called Dr. Ioh ads a simple method to previous suggestions for moving contacts from Address Book to Entourage 2004:

You can also export all your contacts from Address Book as a single vCard, then drag this to Entourage's Address Book. Works well, with minimal cleanup.

Reader problem: Entourage not querying LDAP or AD. June 2, 2004 -- Martin Hill asks for help with this problem:

Entourage 2004 is unsuccessful in querying our LDAP server or our Active Directory Server to pull out addresses of users in our organization we wish to email to.

Apple's Address Book does successfully connect and query our LDAP server as does Apple Mail, but Entourage 2004 refuses to.

Test we have done so far indicate that Entourage is sending malformed LDAP queries that have the LDAP server sending back error messages. We've found that calling up Entourage's Directory Services and typing in the email address of someone in our organization WILL correctly pull up their entry in the LDAP server, but typing in their name doesn't work!

We'd be keen to know if anyone else is having problems with this as well or whether it is an issue with our particular configuration?

If you've seen this problem

Mac OS X 10.3.4 update fixes LDAP storms. June 2, 2004 -- Larry Jenkins reports some good news about the recent 10.3.4 update:

The Active Directory plugin for OS X 10.3.3 was generating huge LDAP queries against the preferred Domain Controller set in the Directory Access Active Directory Configurations and pushing them to 100 percent utilization. The 10.3.4 update has reduced the Mac LDAP queries from the Macs to a trickle.

If you've seen this

10.3.4 Server update fixes problem with AD and Mac Manager. June 2, 2004 -- Adam Wanninger reports that the 10.3.4 update for Mac OS X Server fixes a problem with Active Directory and Mac Manager:

I built a fresh 10.3.3 server and bound it to our Windows 2000 AD. I could bring up the users in Workgroup Manager, but if I tried to drag them to Mac Manager, it would tell me that the user couldn't be found. I updated to 10.3.4 and now it works. Pretty neat!

More fixes for OS X AD users can't delete Trash. June 2, 2004 -- A pair of readers added new suggestions for fixing a problem where OS X users can't delete the Trash (on our Active Directory Integration Page). Larry Jenkins found a corrupt user account:

We have a large site using Active Directory authentication for over 1500 users. We have 160 Mac users using Active Directory authentication. We have experienced one Mac user that cannot empty the Trash when logged in using Active Directory authentication. This occurs for this user no matter which Mac he is logged into. Other Active Directory Accounts and local accounts can empty the trash on the same Macs. In the Active Directory profile for this problem user all the permissions seem identical to similar users. All members of the same groups, etc.

The fix was to delete the user account, clone a working account with the same permissions, and reattach the users Exchange (email) account to the new AD profile. The user can now empty the Trash.

It was a corrupt user account.

Hugh Burt says the problem only affects Power Mac G4s:

I have also come across this and have found that it is a machine specific problem. In my experience it only effects Power Mac G4s. It does not seem to happen on iBooks, PowerBooks and iMacs (old or new).

8-port KVM switch controls of both USB and PS/2 Macs and PCs. June 2, 2004 -- Yesterday, Iogear released the MiniView Ultra+ MultiPlatform KVM switch ($500), an 8-port KVM switch capable of controlling both USB and PS/2 Macs and and Windows or Linux PCs, and Sun Solaris machines via a single USB keyboard, mouse, and monitor. An AutoScan mode allows monitoring of each attached computer for a specified amount of time.

Source of cheap KVM switches. June 2, 2004 -- Michael Gates offers some advice for people seeking a KVM switch:

tomatochip.com has very cheap switches by CompuCable. I got a PS/2 type KVM two-way with two bundled cables for $25 or so. They have USB as well. The scroll wheel and right button work fine through the switch I bought.

May 2004

10.3.4 Update for OS X and OS X Server may fix AD binding. May 28, 2004 -- Apple has released 10.3.4 updates for Mac OS X and for Mac OS X Server. Among the bug fixes and improvements, Apple lists this for the Mac OS X 10.3.4 Update:

The Mac OS X Server 10.3.4 Update refers to Active Directory integration:

In addition, several readers have reported that the 10.3.4 update clears up a problem OS X 10.3.3 has with binding to Active Directory. Brad Immanuel:

Just thought I would chime in and let you know that updating to 10.3.4 solved all my 10.3.3 AD binding and logging in issues.

David Toub:

You may recall that in previous versions of 10.3, I was not able to bind to my Active Directory setup. I'm happy to report that since updating to 10.3.4, binding works. I'm still unable to browse our network, but I suspect that is a matter of working with Kerberos, etc. and our network administrator. Clearly some good work has been done on the cross-platform networking side, which is great.

Shane Palmer:

I upgraded to the 10.3.4 update and now I am able to bind to Active Directory again with no problems.

Palmer also sent us an explanation of what caused the 10.3.3 problem. He said "After comparing these logs from 10.3.2 and 10.3.3 I found that the actual problem was when the AD Plugin attempted to set the password for the AD computer account." (We've posted his full report on our Active Directory Integration reports page.)

If you've seen the Mac OS X 10.3.4 have any affect on a cross-platform issue,

Reader problem with Active Directory Integration instructions. May 28, 2004 -- Michael Richards has a problem with the Active Directory Integration instructions by Greg Priglmeier:

I am using the second version (1.1) of the MacWindows article How to use Active Directory and Macintosh Clients without Schema Changes.

At step 4 I get stuck at "Select the domain icon (small globe) and choose the OD LDAPv3 domain. "

First, there is no listing of that in the drop down menu.

If I select Other and select LDAPv3 and click OK, the window never goes away. I end up having to click Cancel to get rid of the window.

That's where I am stuck.

If you can shed some light,

More suggestions for VPC/Panther performance problem. May 28, 2004 -- We've had several more suggestions for overcoming the huge slowdowns of Virtual PC in Panther. Before we get to those, here is a summary of what readers have suggestion so far:

Hans Derycke recommends shutting off VPC's Mac integration features:

I had the same issue with VPC under Panther as reported on the MacWindows Virtual PC 6 page, and I solved it by switching off some of the OSX-VPC integration. Here's how:
  1. Go to Start, Settings, Control Panel.
  2. Open Administrative Tools
  3. Open Services
  4. Double-click the Virtual PC Services Application. Change the Startup type to Manual. Hit OK, and restart Windows.

    I haven't found much of a downside to switching this off. It disables the shared clipboard, so that for me, Windows and OS X now have separate clipboards. That means that in Windows, Control-X, C, and V work with the Windows clipboard. However, I can still use Cmd-X,C, and V to copy from OS X to Windows (not the other way, though).

    The other thing is that I can't drag-and drop files between OS X and Windows. I use a shared folder to get around that problem.

Tendro Ramaharitra had success by installing VPC on an external hard drive:

I ran Win XP corporate edition on my Virtual PC, with drive image on my internal Hard drive. I read the article at MacWindows, although turning off Norton auto protection does not have an effect. It was really slow !

Couple weeks ago, I bought an external Hard drive running on my FireWire 800, I installed the new PC Drive image on it and somehow it became so fast. I takes 1 min 25 sec to boot windows (it used to be about 7 min). My machine is a PowerBook G4 15.2" with 1 GB RAM.

If you've tried any of these,

TIP: Importing Address Book contacts into Entourage 2004 contact. May 28, 2004 -- Several readers wrote in response to Wednesday's reader complaint that Entourage 2004 cannot import Address Book contacts.

Eleni Nine sent us the names of a couple of utilities that fill some holes in the recently released Entourage 2004:

To the person who stated that Entourage 2004 does not provide a method to import Address Book contacts, I have a free solution (and good one at that). It's Address Book Exporter, a freeware solution that exports all your Address Book contacts to a tab-delimited text file. Even better, it provides settings specifically for matching Entourage (although it is for Entourage x.V, it still works very well w/Entourage 2004).(Be sure to give a small donation for your appreciation.)

As for synching the two programs, the best solution (although very complex in settings) is Sync Entourage-Address Book 2 which is designated for Entourage 2004 and Panther Mail. It's shareware that runs $20 but if you need to keep both apps synchronized then this is your best solution.

Rand Lien is using iSync:

It took a while and and new phone, but I've been successful at using iSync with Entourage 2004. It also synced all of my contacts from Apple's Address book (hundreds). First I installed Entourage and imported all my Mail settings and messages (thousands). It worked great, even kept all my folders intact. Then I purchased a new Treo 600 and set it up with iSync. Then I used PalmOne's HotSync Manager to sync my phone with Apple's Address Book and iCal. The combination of the Treo 600 Address Book and iCal sync with iSync, and the HotSync Manager sync with Entourage keeps all my tools (toys) in sync, including my Mac at home though .Mac with iSync.

MS can make life difficult, but I must admit that I love the new Project feature in Entourage 2004!

For our previous reports on Entourage 2004, see the MacWindows Entourage Reports page.

More on Entourage 2004 issues. May 28, 2004 -- We continue to receive reader reports about Entourage 2004.

Adrian Cooke found that binding to Active Directory had a negative result on Entourage 2004:

I first tested Entourage 2004 Test Drive on a Mac with wasn't bound to AD with the ADPlugin. It found the Exchange 2000 server, directory server and free/busy server. Mail, calendar and contacts all synchronized okay, although they took a long while to do so, about 15 minutes for my mailbox which is 50 MB.

I then tested it again on another Mac which was bound to AD with the ADPlugin. This time it wouldn't find the directory server or free/busy server.

David Hulse found problems with signatures and OLE tables and images:

I've been using the Test Drive of Entourage in conjunction with Exchange 2000 servers. I'm pleasantly surprised about most of the features, but one thing I noticed was that email signatures appear to be either on for all mails or off. There is no equivalent of the Outlook for Windows option to discard the signature when replying.

An email with OLEd graphics such as a JPEG or a table directly sent from Word or Excel also will not render correctly in Entourage. If Microsoft could fix this one, the Entourage client would finally be able to replace the PC on my desk, which is currently there for Outlook only.

Shane Palmer had a positive experience with Entourage 2004 and calendars and contacts:

My initial testing of connecting Entourage 2004 (I am currently using the Test Drive version) to Exchange is much more positive than that of Entourage X. For one thing I was not able to get Entourage X to work with my Exchange calendar and contacts, and although it works now in Entourage 2004 it could have also been fixed by the upgrade of our Outlook Web Access server to Exchange 2003. I have not done much testing beyond this though.

Another case of OS X 10.3.3 crashing Finder. May 28, 2004 -- Richard Bodman is another reader reporting the OS X 10.3.3 Finder crashing with Win 2000 Server:

I have experienced the same problem on my mixed Mac and PC local network.

Sometimes when trying to copy a file from my G5 to my PowerBook 17" G4, the file will start to go, (which starts with the deletion of any duplicate file in the receiving folder) then there is a crash. The result is that there is no longer any older copy of the file I was trying to send on the receiving machine.

The problem has occurred many times.

If you've seen this problem and have installed 10.3.4 upgrade,

Microsoft update Exchange Server more frequently. May 28, 2004 -- Ziff Davis' Microsoft Watch web site reports that Microsoft will increase the frequency of updates to Exchange Server product to two years. Microsoft is considering do the same with SQL Server updates, according to the story. Microsoft had previously announced that it will deliver more Windows Servers updates.

SQLiteManager 1.1 updates Mac, Windows database tool. May 28, 2004 -- Yesterday, SQLabs is pleased released SQLiteManager 1.1 (US $39) for Mac OS and Windows, an update to the database manager for SQLite databases. Among SQLiteManager's abilities are creating and browsing tables, indexes, and views; inserting, removing, and editing table records; executing arbitrary SQL statements; and saving SQL scripts directly in any database. The new version adds some user interface improvements, new search criteria, the ability to insert a timestamp when editing a field, among other things.

Terra Soft putting 64-bit Linux on Xserve G5. May 26, 2004 -- Today, Terra Soft Solutions announced that it has a beta version of a 64-bit Linux called Y-HPC running on Apple G5 Xserve and on Cluster Node hardware. The company said:

Terra Soft successfully enabled an Apple G5 Cluster Node with immediate support for SATA, USB, and FireWire. Fan control support is in progress ...

Y-HPC, still in beta, is only 64-bit operating system for Apple Power Mac G5s. Although the G5 platform is 64-bit hardware, Mac OS X is not yet -bit. Terra Soft also said that it will release Y-HPC and Yellow Dog Linux v4.0 (a 32-bit Linux) in June.

Suggestions for using free/busy in Entourage X. May 26, 2004 -- Jeremy Reichmans responded to a reader report of not being able to get the Free/Busy feature to work in Entourage X:

One of the people asking about Exchange was trying to get free/busy to work in Entourage 10.1.4/11. It will not necessarily work in the same server that you access your account from.

Entourage 10.1.4 and 11 both need access to the Public Folders server in order to see free/busy data. In my environment, we finally got this working for Entourage 10.1.4 and later by replicating the free/busy Public Folders from a back end server to all of our front end servers.

This is accomplished through an Exchange replication process, and I presume it's automatic. It means that we can type in the address for our front end server followed by "/public/" in the Advanced tab of the Exchange account setup, and free/busy will work.

This advice is now on the Entourage MVPs site.

We also require DAV over SSL, so the DAV connection to the free/busy Public Folders is also encrypted.

Also, since it's vaguely related: we could not get event invitations to be recognized as such in Outlook/Windows and OWA clients. They would show up as .ics attachments, not invitations (with the accept/decline interface). It turns out that, because we were asking Entourage 10.1.4 users to send out messages through our non-Exchange SMTP server (PMDF Mail), their invitations were not getting the required MAPI wrapper. I would suggest anyone who is having problems set up SMTP services on an Exchange server -- however, normal precautions apply, so you'll probably want to require authentication (Entourage 10.1.4 can use SPA, which I think is NTLMv1) and SSL.

More Entourage 2004 reports: Word and Entourage issues. May 26, 2004 -- We've received more reports on the new Office 2004 and crossplatform issues. Monday's reports were about Entourage 2004. Today, we start with a note about Word 2004.

Jardar Abrahamsen has a Word 2004 review that reports problems with compatibility with Word for Windows when certain international characters are used. He sent us a summary of his report:

  1. Problematic support for keyboard layouts.
  2. Improper input methods for "Unicode characters". The consequences are:
  3. Incompatibility with Word for Windows.
  4. Incompatibility with other Unicode-savvy Mac applications: copy and paste.
  5. Incompatibility with other Unicode-savvy Mac applications: save and load.

Richard Jenkins replies to Monday's report by Jeremy Matthews. He's seen both of the issues Matthews reported, but believe one of them is a feature, not a bug:

> Jeremy Matthews:

1) Using the "check names" LDAP lookup feature in new email returns a -17799 error...

That is our experience as well. We have Exchange 5.5 in production and Exchange 2003 in late testing, and various LDAP services on other platforms. We can't get LDAP info, using either identical settings or a variety of new configs. We'll keep trying though.

> Jeremy Matthews:

2) "Subscribing" to public folders does not include their children. If you want a subfolder, you have to select them one by one (what a pain). Also, Entourage says that there are no messages for some public folders, of which I find more than 200 in Entourage v. X and Apple's Mail!

No, this is a feature! We have thousands of the damn things on our server, and most other IMAP clients just grab the whole list. This is a huge time waster, as an initial connection has to download them all and their content headers, and then while you're subsequently connected it keeps sneaking looks to see if anything changed, and synchronizing them... I for one am glad to see some management of Public Folders in a Mac client.

Can't please everyone!

John Wilson found a problem with Entourage's installation:

I installed Office 2004 yesterday afternoon on my Mac, told the install wizard to import my previous identity (from Entourage) and then delete all previous versions of Office (which on my Mac went back to Office 98 in some esoteric settings in the Classic side). It seems to have done all that correctly. When I opened Entourage, it remembered all my settings, displayed my calendar, contacts and e-mail correctly. So far so good.

THEN I noticed that e-mail was disappearing from my Exchange Inbox and discovered that it was being moved to the LOCAL Inbox. As I kept watching, mail continued to be moved from my Exchange mailboxes to my local Inbox. Since I work in an IT dept., I thought I should let it go to see what happened for testing purposes. By this morning there were over 3700 e-mails in my local Inbox. I have a very extensive storage hierarchy on our Exchange server (several hundred folders?) and some e-mail from most of those folders has already been moved to the local Inbox. Most of those e-mails have an icon indicating that they are "on the server" (about 95 percent), but others indicate that they are stored locally. Looking at my Exchange account from Apple Mail, I see that the e-mail stored on my office Mac's local Inbox is not showing up in the folders they are supposed to be in, so to some degree or another they seem to have been truly moved (more than the 5% that don't have the "on the server" icon).

Additional info - I have no rules set up in Entourage at all. Junk mail is on, at the lowest setting, but that should move junk e-mail to the server Junk Mail folder, not the local Inbox. This may have been occurring in Entourage X as well. I hardly ever used it because I had been seeing some strange e-mail moving around, like the symptom described above.

Guesses at this point: Entourage may be trying to make a local copy in case it gets disconnected from the server -- an Off-line copy -- but since the folders don't exist locally, everything gets copied into the Inbox. Counter argument: all mail from the Sent Items were moved to the local Inbox, not the local Sent box, which does exist. (My server Sent box is now empty!) (Not sure if both Sent folders have the same name, however. Have to check.)

I quit Entourage so this anomalous process has stopped, but I now have to reclassify 3700 e-mails!

If any of you have ideas why this is occurring, please let me know. At this point I would say I can't recommend Entourage at all.

Another reader reports:

The new Entourage looks nice-and-neat, except for one BIG glitch: There is no way to import contacts from Apple's Address Book to Entourage's. This problem existed in Office X, but I thought they'd have thought of repairing it...

There's no way I'm going to manually rewrite all my contacts in Entourage, and just because of that glitch I'm not going to use Entourage...

Entourage 2004 reader reports mixed. May 24, 2004 -- Microsoft has released Entourage 2004 as part of the new Office 2004. According to the Microsoft web site, it still requires WebDAV and LDAP to be enabled on Exchange Server 2000 (with Service Pack 2) or later. Our first reader reports on the new version were mixed.(If you'd like to comment on Entourage 2004, )

Readers find problems with Entourage 2004

A pair of reader found new problems that they say did not occur with previous versions of Entourage X. Daniel Katz reported a problem with Entourage 2004 and Exchange receipts:

I have all my Exchange return receipts filed into a "receipts" folder, which has worked fine in Entourage v.X without a problem. However, I noticed an odd thing when upgrading to Entourage 2004: most of the contents of the "receipt" folder would not sync with Exchange! Strange is that some of the files did sync and always the same ones, even after recreating the Entourage profile or emptying the cache. These files are visible in Outlook 2003 and Entourage v.X -- why not Entourage 2004?

I've narrowed down the problem to this: Entourage will NOT see Outlook "Read" or "Not Read" receipts. It will, however, see Delivery ("Delivered") receipts. You can easily replicate this by sending yourself an e-mail using Outlook 2003, asking for both a Read and Delivery receipt. You will receive both receipts in Outlook 2003, but in Entourage 2004 you will only receive the Delivery receipt. I have duplicated this on more than one Entourage installation and Exchange account. We run Exchange 2003.

As far as I can tell, this is a MAJOR flaw in Exchange support for Entourage 2004 that did not exist in Entourage v.X's IMAP support.

Jeremy Matthews found several

I imported settings from Entourage X, and I noticed a few problems that don't appear under Entourage v. X:

1) Using the "check names" LDAP lookup feature in new email returns a -17799 error: The directory service was unable to perform the search. Settings are identical in both versions of Entourage.

2) "Subscribing" to public folders does not include their children. If you want a subfolder, you have to select them one by one (what a pain). Also, Entourage says that there are no messages for some public folders, of which I find more than 200 in Entourage v. X and Apple's Mail!

Both versions are setup identically...

Readers with easy upgrade experiences

Rick Hazey reports success in getting Exchange 2004 up and running:

The Windows IT department of a client of mine received and installed Entourage 2004 on his MacOS X computer, but was unable to configure it properly for use with their Exchange Server. Having installed Entourage X with mixed success in the past, I wasn't too optimistic. However, much to my surprise, setup was fast, easy, and automatic. The setup consisted of allowing Entourage to locate and retrieve the configuration information. All I had to do was verify the information as correct.

I decided to try the test drive version with another client, where I had been unable to make Entourage X work at all. The process was also fast and automatic...This is a vast improvement over previous versions and I can finally rid my corporate clients of Outlook 2001.

Timothy Frantz also had good luck, using Entourage 2004 for Mac Test Drive:

Well, after a year or more of trying, I can now use one program for my email needs. Out of the box, Entourage 2004 imported my old Entourage X settings and I can now send email OUTSIDE of my company's Exchange network.

Before, I could send/receive email normally from coworkers, and I could receive email from outside the network, but I had to use the web-based client to send outside the network. What a pain it has been to have two programs open all the time. But this seems to be working fine.

You can find previous reports of Entourage X issues on our Entourage Reports page.

More on Entourage X causing loss of Exchange calendar. May 24, 2004 -- Several more readers report seeing the problem of Entourage X causing a loss of calendars. Daniel Hudkins writes:

We are using Exchange 2003. I am using OS X 10.3.3 and Entourage Version 10.1.4.

Today I experienced exactly the behavior described in the May 13, 2004 posting of Robert Berger. It deleted my entire calendar folder from the Exchange server. I had to restore from a backup.

I have taken Entourage (which I was testing for next academic year) offline and will not begin again until patch is available or we get 2004.

Lorin Rivers as has seen the problem:

My calendar and contacts also were deleted. Entourage got blamed for bringing down the Exchange server...

Update to Active Directory and Mac 10.3.3 instructions. May 24, 2004 -- We've posted an update to Greg Priglmeier's paper How to use Active Directory and Macintosh Clients without Schema Changes. The instructions use a Mac OS X Server. If you'd care to comment,

(We have additional suggestions on our Active Directory Integration Reports page.)

PC-Mac PasswordVault v3.0 adds portability. May 24, 2004 --Lava Software is now shipping PC-Mac PasswordVault v3.0 (US $20), a password manager for secure storing of website usernames and passwords, Internet banking data and Windows, MacOS X and MacOS Classic computers. (A Linux version is in the works.) New features in this version include:

Readers verify Exchange calendar events loss; suggestion for Free/Busy. May 18, 2004 -- Several reader responded to last week's report of Entourage/Exchange calendars getting erased, and problems with the Free/Busy feature. Pete Crosby reports seeing the first problem:

I have had the same problem and I have lost all of my calendar events several times. All I can recommend is that you back up your Microsoft Users Data folder frequently. At preset I am only syncing items from a specific category rather all.

I have had users that sync all categories and have not had problems.

Darren Heinrichsen has also seen the loss of calendar events as well:

I have had this happen to us as well... Out of about 15 Macs that we have using Entourage with Exchange, 3 different users have had their calendars totally wiped out (one person in particular it has happened multiple times). Luckily we backup exchange mailboxes and were able to restore the calendar, but it's very annoying.

Karen Elsbree offers a suggestion for the Entourage Free/Busy problem:

We have also seen this problem with the Entourage Free/Busy. We have replicated the Free/Busy folder from our 5.5 sites to our 2003 site and used the FQDN/public/ in the free/busy server field and the error went away.

However, we still have "no data" for the calendars when we create a meeting and click on the scheduling tab.

If you've seen either problem,

Slow VPC and Norton. May 18, 2004 -- Ryan McLean is another reader who has seen turning off Norton Antivirus speed up Virtual PC:

It was great to read the posts about slow running VPC. It took about 2-3 hours just to boot Windows 2k on my 12" 1 GHz PowerBook. Turning off the Norton Autoscan and rebooting fixed the problem.

Panther 10.3.3 Finder bug with Win 2000 Server: crashing Finder. May 18, 2004 -- Anthony Soroka reports of a strange (and annoying) problem that began with the Panther 10.3.3 update:

We upgraded all of the Macs here to OS X 10.3.3 about two weeks ago. Since then we have had intermittent issues where a Mac user tries to move or copy files from folder to folder on the same server and the Finder completely crashes (the window closes) and the file they were moving is gone. This server is used by Macs only at least 98 percent of the time. A virus scan has found no virus on the server, a Windows 2000 Server with a Windows 2000 domain.

If you've seen this problem,

Comments and suggestions on the AD, Mac Client paper. May 18, 2004 -- We've had a pair of comments on Greg Priglmeier's paper How to use Active Directory and Macintosh Clients without Schema Changes.

A reader called Perdurabo

When one tries to perform Step 5 of this document it fails because there is no information to configure the client machine to grab preferences from the OD server.

Seems like a glaring error unless I'm missing something.

Brent Westmoreland also notes some holes, but offers to fill them in with some new information:

In "Part 2" and "Part 3" of Greg's write up for binding to an AD domain he instructs people to join the domain without first synchronizing the time with a Domain Controller. If you do not first provide time synchronization services to your Domain Controller, then you may have trouble binding to AD through GSSAPI. You could also experience problems with single sign-on later if the clocks between the two grow too far out of skew (by default this is 5 minutes).

Additionally, under "Part 3" where he says:

"Login locally to the OD server using your admin account and the launch Server Admin application.

Select Open Directory/Settings

  • Change the role to: 'Open Directory Master'
  • Select Open Directory/Protocols.
  • Enter your search base and write it down for later use.
  • Examples: 'dc=domain,dc=com' or 'dc=domain,dc=local'"

He does not specify whether you use the same search base as the AD server or whether this is a new search base to be used exclusively for Open Directory. This could be confusing for AD administrators who are not familiar with OD.

It may also be helpful to give some troubleshooting information for the ADPlugin, I usually tell people who are having trouble to enable Remote Login from the System Preferences menu. Then use an SSH client from a monitoring client to attach* to the machine that is having trouble with the ADPlugin and issue the following commands:

sudo killall -USR1 DirectoryService

The above command puts lookupd in debug logging mode. Next, issue the command:

tail -f /Library/Logs/DirectoryService/DirectoryService.debug.log |
grep ADPlug

This will allow realtime viewing of the Debug AD log in realtime.

Finally, attempt to do your adbind or adlogin from the client having trouble. The ADPlugin will spew loads of useful information into the terminal window and typically allow you to figure out what might be going wrong.

*As a footnote: to attach to a Mac using ssh from another Mac open Terminal.app from the /Applications/Utilities folder and type:

ssh user@hostname.com

and enter the appropriate password.

Reader problem: Xserve performance crawls with Active Directory. May 18, 2004 -- Randall M. say he has to frequently reboot his Xserve because it comes to a crawl since Active Directory was added:

We have an Apple Xserve hosting our Mac art department. We have a Windows 2000 AD domain for the Windows clients. At present 42 Macs and 26 PC's access the Mac server for files(art).

Before moving to Windows 2000 and AD and PC's accessing the server we ran as smooth as a babies butt. After AD and Windows 2000 domain we had to add host files for Mac Exchange users and the server has to be continually rebooted because it just comes to a crawl. As far as we can remember nothing was changed in the switches where it sits. And even though the gigabit switch uses spanning tree the Xserve has always worked before.

Our boss is breathing heavy down our backs for answers as to why our "stupid Macs aren't working". We are at wits end as to why ourselves.

Scenario:

1. Mac server worked fine on NT domain. Changes:

a. Moved to Windows 2000 Domain with AD
b.26 Windows 98 users access folders

2. Problems:

a. Mac server (Heavily equipped) experiences heavy loads
b. Mac clients crawl
c. Win clients loose connections to Mac Server

We tried things like removing the server from the DNS and Computer and Users on AD but this caused the NB naming to be lost on Win clients. The only thing I have not tried was adding a static entry into the Wins database on AD but can't see how that would help unless the bombarding is a result of Win clients roaming around.

If you've seen this problem,

Virtual PC support for G5's delayed. May 13, 2004 -- Mac Observer and eWeek are reporting that Microsoft is delaying the release of Virtual PC 7 for Mac OS X, which would be the first version of the PC emulator to run on Macs with G5 processors. In the Mac Observer report, Microsoft confirms that Microsoft is delaying the Virtual PC 7 release until the second half of the year. VPC 7 will be the first version of the emulator developed by Microsoft, which purchased the product from Connectix last year.

Mark/Space upgrades for Missing Sync for Pocket PC. May 13, 2004 -- Yesterday, Mark/Space released Missing Sync for Pocket PC 1.0.4, a free upgrade to the software that uses iSync to synchronize information between a Pocket PC and Mac OS X. New features include:

Workaround for problem with Active Directory, 10.3.3, and audio CDs. May 13, 2004 -- Jason Simons responded to our May 4 report of a problem with Mac OS X 10.3.3 and Active Directory and audio CDs. He suggests a workaround:

We have seen this as well, but you should also notice that Font Book doesn't work! We have actually seen this since 10.3 was released when using the AD plugin. The workaround that I have found is to check the box that caches the last user logon for offline operation. When you log in, there will be a dialog box that asks you to create an account for mobile computer (or something like that). Choose create, and you should be able to use CD's again. We have a bug filed with Apple, but they haven't fixed it yet.

Reader problem: Entourage/Exchange calendar gets erased. May 13, 2004 -- Robert Berger reports two problems with Entourage accessing Exchange Server. The first sounds serious:

1.) I've now had a repeating problem where my calendar items get completely wiped out periodically (and unpredictably). Usually, the items are still available in the Exchange Web interface, but sometimes, it will resync and put the items from Exchange back into Entourage. Most times, it just ends up wiping out the calendar in both places.

I have no idea how to track this down. Are there log files to look at? Is there any way to recover my calendar info (it wipes out EVERYTHING, my entire history).

2.) I also have not been able to get Free/Busy to work. The Entourage interface lets my check the free/busy status, gives me a login prompt to log into the Exchange web interface server. I don't know how it got the address of the web interface server as I entered the Exchange Server real address (HQ-EX-1.mydomain.com/public/) in the free/busy server field in the Advanced tab of the Accounts preferences.

After I click OK on the login I get:

Error: Scheduling data could not be found

Explanation: Scheduling data could not be found. Check your Entourage account settings and try again. If you continue to receive this message, contact your Exchange account administrator for assistance.

Error: 1401

I am running Windows 2003/Exchange 2003 on some HP server (its not under my control), Mac OS X 10.3.3, Microsoft Office v. X 10.1.5 on a PowerBook G4.

If you've seen either problem,

Group Logic releases MassTransit 4.5. May 11, 2004 -- Group Logic has released MassTransit 4.5 for Mac OS X and Windows, a upgrade to the company's cross-platform file transfer and remote workflow solution. The system is designed to "drive, verify and manage high-speed transmission of graphics,multimedia, digital assets and other production files between client and customer locations." The upgrade is free to users of Mass Transit 4.2 or later for Mac OS X) and MassTransit 4.0 or later Windows. New features include:

(For more info, see the press release.)

TIP: Active Directory and Mac 10.3.3 Server and Clients. May 4, 2004 -- We've posted Greg Priglmeier's paper How to use Active Directory and Macintosh Clients without Schema Changes on a web page. Priglmeier describes the paper:

I have been working on AD integration for several months and I'd like to share a document that I generated for complete Mac authentication and workstation management.

Details: Windows 2003 AD Server, Mac 10.3.3 Server and Client.
Basic AD Authentication for clients.

How to use AD and Open Directory together to manage Mac clients with Workgroup Manager. Single sign features and how to set this up on the OD Server.

Priglmeier is interested in feedback, so if you'd care to comment,

Tip: VPC/Panther speed up tricks. May 11, 2004 -- A pair of readers commented on slow Virtual PC performance under Mac OS X 10.3.

Geoff Williams has a workaround that is interesting in that it defines a symptom to look for:

I'm running 10.3 panther and have VPC 5.0.4. This can run at a crawl or at a good speed. What I found made the difference is the CPU usage of 'kernel-tas' especially whilst VPC is starting up.

You can monitor this in Terminal with the command: top -o cpu

If you see that the CPU usage for "kernel_tas" exceeds that of "Virtual PC," save the PC, quit VPC, and restart the Mac and VPC. All will be OK.

Having to restart is a is a bit of a nuisance, though. You can do a save whilst it is loading a program or whatever and it just restarts where it left off.

If you've tried this, .

Eric Winemiller refute a tip from last week that suggested disabling USB in VPC:

It does seem much slower, but from the things I do it appears to be related to disk access. Boot up is terrible slow and so is launching applications, but once the app is loaded performance seems to be close to what it was. Turning USB off did not seem to have any effect.

QEMF, experimental PC emulator for multiple platforms. May 11, 2004 -- QEMF 0.5.5 is an experimental PC emulator for PowerPC and Intel boxes. It can run Windows 98. However, it is designed to run in Linux; QEMF does not yet run in Mac OS X.

Software that makes Windows look like Mac. April 27, 2004 -- Sameer Aidoor reports on software that gives Windows a more Mac-like look:

I thought I'd recommend this piece of software called Style XP that is similar to Windowblinds, although a lot more lighter and convenient to use. It has some themes for download, that really give Windows an authentic Macintosh feel. I'm using the Mac OS X Jaguar theme, which also changes desktop icons to Mac icons, including mouse pointers... and is really worth it.

Works great on Windows XP, although I'm sure it would be fine for other versions too.  

Previews of next-generation Windows and Mac OS X. May 11, 2004 -- Microsoft and Apple are showing off their next-generation operating systems. PC Magazine has a story describing Microsoft's preview version of Longhorn at the recent Windows Hardware Engineering Conference (WinHEC).

Apple announced that it will show a preview of Mac OS X v10.4 "Tiger" at its next Worldwide Developers Conference (WWDC) during Steve Jobs' keynote on Monday, June 28.

OS X Security Update slows VPC -- cutting USB helps. May 4, 2004 -- Hasani Hunter reports that the latest Mac OS X security update slowed Virtual PC to a crawl, but that disabling USB in VPC has helped:

For some odd reason, after the last security update, VPC is unusable. It took me over 4 HOURS to install windows server 2003 and well over 3 HOURS to install windows 2000 Pro... I installed the latest FreeBSD 5.2.1 and even that took at least hour and a half even though it usually takes me no more than 10 minutes on a regular PC.

It is completely unusable. In fact VPC seems to be taking up at least 60 percent of my CPU doing nothing. Otherwise, for regular use, the CPU is completely pegged out at 100 percent.

However, after I disabled USB (in VPC) and VPC seems a lot faster now.

If you've seen this problem or the USB speedup trick,.

Reader verifies tip for binding to Active Directory. May 4, 2004 -- Don Clark verified an April 20 workaround we published for the Mac OS X 10.3.3 problem with binding to Active Directory:

I booted to a 10.3.2 partition on a FireWire drive to perform the workaround you described and it worked perfectly. Thanks for the tip!

Merlin's Empty My Trash Script for AD. May 4, 2004 -- Merlin Hartley sent us a Unix script that you can use to fix the Active Directory problem of Mac OS X being unable to delete their trash.

We also have the OS X with AD trash problem so I have written a little script - when double-clicked, this deletes the contents of the trash of the currently logged-in user.

Copy the contents between the ####s into a [plain text] document called:

"Empty My Trash.command"

#####################################

#!/bin/csh
# To Empty stubborn Trash
#
# written by Merlin Hartley 2004-04-20

# Padding for Prettyness!
echo ""
echo ""
echo ""

# Asking for Confirmation
echo "Are you sure you wish to remove all items from your Trash?"
echo 'Press "n" to cancel'
set cont = $<
if ( $cont == "n" ) then

echo "goodbye"
exit

endif

# Letting user know what is happening
echo "Removing all Trash contents"
rm -r ~/.Trash/*

# Padding for Prettyness!
echo ""
echo ""
echo ""
echo ""
echo ""
echo ""

# Echoing for friendliness
echo "Done"

#####################################

If this works for you,.

Question on Merlin's AD Integration guide. May 4, 2004 -- Stewart Holbrook has a question about Merlin's Active Directory integration instructions, which we published last week:

I followed 'Merlin's step-by-step guide to AD integration in 10.3.3' and it worked perfectly up to the binding part. Thank you very much for that. However I'm a bit confused by the 'Logging On As An AD User' part of his guide

After the bind, I rebooted and there was a user called 'Other' in the user list. I tried to logon with an AD user's credential's here but just got the Shaky screen as if the password was wrong.

Have I done something wrong? Where are you asked if you want to create a 'mobile account'?

Problem with Active Directory, 10.3.3, and audio CDs. May 4, 2004 -- Court Levy reports more weirdness with Mac OS X 10.3.3 and Active directory, this time playing audio CDs:

We have been seeing a problem with the Active Directory plug-in that I have not seen posted before. When we bind to AD in 10.3.3 we can not use audio CDs. When we put in an audio CD we get a message that the Disk is a format that OS X can not read and we are forced to eject it (data CD's work just fine). Local admins get the same message. If we unbind from AD it works again.

We use SMB home directories, but it seems to happen even without this.

If you've seen this problem,.

VPN Tracker now compatible with Asanté FriendlyNET VR2004 series. May 4, 2004 -- Equinux has released VPN Tracker 2.2.7, a free update to the virtual private network (IPsec) client for Mac OS X. The new version allows Mac users to create a VPN connection through the Asanté FriendlyNET VR2004 series routers, improved logging, and fixed some bugs.

Equinux also has posted a how-to documentation for Asanté routers.

FileMaker ships Meetings 2.0 and FileMaker Tasks 2.0. May 4, 2004 -- FileMaker, Inc. is now shipping FileMaker Meetings 2.0 and FileMaker Tasks 2.0 (US $69 each, or for a limited time, $99 for both, free upgrade). The software are major upgrades to the company's meetings management and tasks management software for Windows XP and Mac OS X 10.2.8 or later. Both are now compatible with the recently released FileMaker Pro 7 and include new features.

New in FileMaker Meetings 2.0:

New in FileMaker Tasks 2.0:

Create multiple windows to construct a personalized work environment.

April 2004

Workarounds to Panther Trash on AD problems. April 27, 2004 -- Several readers have reported workarounds to the problem report last week of Mac OS X users on Active Directory not being able to Empty the Trash of a Windows server. Roy Atkinson uses Terminal:

Yes, we are seeing exactly the same issue here. Some users cannot empty Trash when logged into any Mac on the domain, while others can do it freely.

The Trash can be emptied from the command line (without sudo, which is puzzling as well). We are creating a script for users who don't want to use the command line until we find a permanent solution.

Allan Soerensen basically does the same, but uses a GUI interface with the $10 Cocktail utility:

Same problem here. About 50 Mac clients and a Win 2000 server. I solved the problem using Cocktail's build-in feature "Force empty trash". Works like a charm.

Merlin's step-by-step guide to AD Integration in 10.3.3. April 27, 2004 -- Merlin Hartley sent us directions on integrating Macs with Active Directory:

Active Directory Integration for Mac OS X

1. Configure Active Directory Authentication.

  • DO NOT Use 'Active Directory Users and Computers' on a Windows machine
  • DO NOT Create a Computer account in the Domain. 'Directory Access' will create the relevant Computer account.

2. Using 'Directory Access' from the Utilities folder:

A. Click the lock to authenticate
B. Double click on 'Active Directory'
C. Enter 'domain.co.uk' into both the 'Forest' and 'Domain' boxes (the DNS name of your Domain)
D. Enter the computers DNS name into the 'Computer ID' box
E. Goto 'Advanced Options'
F. Enable 'Cache last user'
G. Enable 'Authenticate in multiple domains'
H. Enable 'Prefer this domain server' and enter 'dc.domain.co.uk' (a domain controller in your Domain)
I. Enable 'Allow administration by' and enter 'Local Admins,Domain Admins, Enterprise Admins' ("Local Admins" is a group you can create in Active Directory to give specific users local admin rights on the OS X machine)
J. Click 'Bind' and authenticate using a Windows 'Domain Admin' account
K. On the 'Authentication' tab choose 'Custom Path'
L. Click 'Add' and select '/Active Directory/domain.co.uk'

3. Reboot the Mac and you should find 'Other' on the list of users.

Notes:

1. Logging-on as an AD user

  • When asked whether you want a 'mobile account' click 'Create.' This creates a local Mac Home Directory
  • Mounts the Windows Home Directory drive onto the Desktop - puts shortcut in Dock
  • Allows connection to servers in the Domain without re-authentication e.g. smb://servername.domain.co.uk/group_folders
  • Restores mounts after first logon

2. Caveats, Bugbears and Gotchas

  • User accounts are cached in case the network is unavailable
  • All previously authenticated users appear on the logon menu
  • The user may not be able to empty their 'Trash' - currently investigating!

The empty trash problem I have replicated on many different computers with different setups ... on 10.3.3 and 10.3.2 - it only affects AD authenticated users that are not in the 'Allow administration by' groups.

TIP: Virtual PC 6 and OS 10.3.3 using USB serial adapters. April 20, 2004 -- Ed Grau sent us tip for getting a Keyspan USB/Serial adapter to work with Virtual PC in Panther:

Along with many other users, I too could not get my Keyspan USB-to-Serial adapter to work. However doing a little experimenting and purely by accident, I discovered that if you have the Keyspan connected to the USB port before you start VPC, it seems to work OK, even though the Keyspan software says there is no device present.

I'm running Windows 200 Pro. I have not tried this method with Windows XP.

NOTE: As well as having the Keyspan connected to the USB port on the Mac, it was also connected to a live serial device on the other side. I had to hit my return key several times but it started communicating OK.

Also, after shutting down VPC in the "Save State" mode, and restarting with the Keyspan adapter connected, it was still working. I experimented and disconnected the Keyspan adapter and restarted VPC. I got a message the adapter was missing and then it would not work at all after reattaching with VPC still running. Again, restarting VPC with the Keyspan adapter already connected will allow it work.

Active Directory/OS X 10.3.3 binding problem workaround. April 20, 2004 -- John Blase offers a workaround to the Mac OS X 10.3.3 problem with binding to Active Directory:

I found a workaround to the problems with my Active Directory binding procedure in 10.3.3:

I had to use a 10.3.0 computer to bind the computer name. Once it was bound, I bound the 10.3.3 computer using the SAME computer name, and it bound properly. I could then unbind the 10.3.0 computer, and the 10.3.3 stayed bound.

The computer name MUST be created in Active Directory first, before the binding will work.

The authentication works great, and everything seems to be hunky dory!

If this works for you,

OS X users can't delete Trash. April 20, 2004 -- April Acker reports another problem of not being able to Empty the Trash of a Windows server from Mac OS X:

I see my postings on MacWindows have gotten a few very helpful responses, as well as some sympathy from users experiencing similar issues. The bad news is that I have not seen a decrease in the number of lockouts, despite much troubleshooting and server tweaking. However, with office 2004 a few short months away, hopefully the bulk of the lockout problems may soon be behind us.

Now I have run into another issue:

About a week after one of the users was migrated to OS X, he was unable to empty his trash. The issue was not that an item in the trash was preventing him from emptying it (I got no message saying an item was in use, for example). Instead, OS X verifies that the user wants to empty the trash, and by all outward appearances seems to go through the motions of emptying the trash. However, the files stay in the trash!

I started by fixing the permissions on his trash, and then by repairing permissions on the drive. I tried just about everything in the book to fix the "stubborn trash" issue. I even wiped the drive and reinstalled everything from scratch. Finally, I tested additional users. A local user on his machine can empty the trash, and I discovered that so can another active directory user.

Here's the kicker: when I log the problem user onto the domain using another machine, he cannot empty the trash ON THAT MACHINE EITHER. A second user began experiencing this issue shortly after we upgraded him to OS X, and the exact same is true of him. if I log him in to a brand new machine, the trash cannot be emptied there either.

This is clearly not an OS X permissions issue, but something tied to the AD account. Perhaps it is something that does not exist on the Windows client side, but when translated through Panther manifests itself this way? FYI we use 2000 servers. I am stumped.

If you've seen this problem,

Citrix problem with Mac OS X 10.3.3. April 20, 2004 -- Chris Waldrip reports a problem with the Citrix Mac OS X client and the recent Mac OS X 10.3.3 update:

I've confirmed this on about a dozen machines in our office.

With Citrix 6.30.314 connecting via TCP-IP (not the default TCP-IP+HTTP) Mac OS X 10.3.3, users get an error that the printer couldn't be setup when they launch their Citrix connection.

I've confirmed that this is related to the Print Config preference in ~\Library\Preferences\Citrix ICA Client\. Removing this file usually resolves the issue.

Has anyone else seen this issue? Since this has only appeared after upgrading users to 10.3.3 I have to assume it has to do with a minor change in how Mac OS X handles printers that Citrix cannot work with.

I'm reporting this to Citrix as well.

If you've seen this problem,

USB Server enables Macs, PCs, share devices. April 20, 2004 -- Keyspan is now shipping USBServer (US $129), a device that shares connects USB devices over a wireless or Ethernet network. Macs and PCs (Mac OS X 10.2.8 and Win2000/XP) are able to use the devices. USB Server works with printers, scanners, and multi-function printers.

PrintIt 1.0 works with VPC. April 20, 2004 -- Print It 1.0 (US $25) from MacEase is a new system-wide background enhancement to OS X that allows you to select and print anything on your display, even when it not usually selectable. Stephen Becker of MacEase told us that the new utility also works with Virtual PC 6. You can also combine selections from several different spots and create a single print job. A contextual menu provides other options and features.

Mediafour Ships XPlay 2, iPod for Win 98/ME/2000/XP. April 16, 2004 -- Mediafour released XPlay 2 (US $30), a new version of its Windows software for iPod users, an alternative to iTunes for Windows. Unlike iTunes for Windows, XPlay lets users copy music from their iPod to the PC. XPlay also provides Windows integration for Mac-formatted iPods. XPlay is also the only way to use iPods with older versions of Windows, including Windows Me and Windows 98SE. New features include:

XPlay was the first software that enable use of iPod with Windows, and is still the only software to enable Windows users to use both Windows- and Mac-formatted iPods.

TIP: Use Panther Terminal Dock menu to connect to servers. April 16, 2004 -- Christopher Erickson accidentally found a new server browser accessible from Terminal's Dock menu in a recent Panther build:

I found the following new ability in the utility Terminal on Mac OS X 10.3.3. I accidentally control-clicked on Terminal when it was running in the Dock. I saw an unusual menu item there, "Connect to server". Choosing this opened a browser with the following protocols listed:

ssh
sftp
ftp
telnet

The cool thing is that you can browse your local subnet for these services. Curious, I switched to Terminal and found the "Connect to server" command under File. I don't know when it was added, but I think only in a very recent build of Mac OS X 10.3.x.

More suggestions for OS X 10.3.3 and Active Directory binding. April 16, 2004 -- We continue to receive suggestions for the Active Directory problems with the Mac OS X 10.3.3 Update.

John Kinsella has not seen the problem, but offered some advice:

Our experience with 10.3.3 and binding has been good. We had a major DNS issue, but once we fixed that, binding has been flawless. We're not doing anything funky with AD, haven't extended it in any way. I wonder if the folks who cannot bind to AD with their credentials are using the domain/username logon method or just the username method. When binding in 10.3.3 we've noticed that just username is sufficient.

Our base image is now setup with a modified local default user account template (from which the AD accounts, and all new local accounts, get copied when they log in) I created a simple AppleScript and set it as a login item for this default user account template. It will query NetInfo and grab the path to the HomeDirectory attribute if it is specified and then mount that share. If anyone is interested in this script, I'd be happy to send it along (free of charge of course :-). It will only work, though, after a machine has been successfully bound to AD.

Steven Jones found a solution to one issue, but still has a problem:

We had issues getting 10.3.3 machines to join AD and without modifying the schema, but it wasn't getting it to bind. We would get the message that asks you if you would like to join the existing account.

Of course, we did not attempt to upgrade machines that were already bound. We instead updated an image and cloned the machines we wanted to upgrade, then bound them to the AD Win 2003 server. Unbinding them prior to the update would probably have worked (I'm assuming). O'Reilly's site had some excellent information regarding how to do this but we found that a lot of the info they had in their config was not completely necessary for us.

Here's what worked for us on O'Reilly's site. We did not use LDAPv3 though, because of the weaker authentication.

One thing that was not clear in the information we were able to find was the the option to cache logins the active directory plugin configuration. If you are setting up a laptop, you better check this option. You will get a prompt to create a mobile account upon login.

Our problem came from the way we have users network share points set up. All users would authenticate correctly, and pass a kerberos ticket with no problem. That same ticket would even get passed on to other connected server shares under SMB.

In fact, it lets you into everything but you can only see what you have access to under Windows security permissions. The problem was that only some users share points would map and others would not. After some very extensive testing, we have it narrowed down to something with the way NFS home directories are setup on one domain because it did not happen on others.

If the user (whose share did not mount) goes to connect to server and attempts to mount the share using SMB it still works without prompting for authentication (kerberos ticket was still passed). Interestingly enough, making it a startup item would not fix this issue. Users that could mount their share belonged to an admin group, but adding a user (who couldn't mount) to the admin group would not fix it nor would creating a new user as admin. That's where we were very stuck for a while.

If you have run into this issue,.

Aladdin ships StuffIt Deluxe 8.5 for Windows. April 16, 2004 -- This week Aladdin Systems released StuffIt Deluxe 8.5 for Windows (US $40), and upgrade to the cross-platform compression and encoding utility for PCs. The improvements include:

StuffIt Deluxe for Windows can compress and decompress archives in the StuffIt X format, as well as a number of other Mac and PC formats.

More suggestions for Entourage X problems with Exchange. April 12, 2004 -- Readers have sent in several more suggestions for dealing with reported Entourage X problems with Exchange Server.

David Morgenstern has a suggestion for the problem authentication causing Active Directory accounts to lock out:

I also have had much painful experience with this issue. Certainly, I've found that if there is any hint of an authentication problem then the account is locked out. This lockout happens even if I've only received one error message telling of a wrong password and I supposedly have a couple more tries in the bank. Nope. It's locked out on the first go.

Sometimes, I've noticed that the authentication problem is worse when moving Entourage from Offline mode back to Online. So I now do the following: Click Entourage into Online mode and then Quit the program. Launch the program and enter the password.

(Morgenstern is the West Coast editor of eWEEK.com, and a contributing editor at Creativepro.)

Eric Morgan has a suggestion for getting Entourage working with Exchange 2003:

I recently upgraded servers from Windows 2000/Exchange 5.5 to Windows 2003/Exchange 2003. I spent a good part of the morning trying to get all features on Entourage (Mac OS X 10.3.3) working--global contact list, Calendar, scheduling, and email). I quickly discovered that you need LDAP&Free/Busy server configured to make this happen.

I wanted to make sure everyone knew about the "search base" option on the Directory tab. I put in the active directory tags (cn=users,dc=domain name,dc=com) in the search base field.

Users = user container name.

domain name = domain name - com = com.

In the Free/Busy server field I put the servername/public/.

I can now search my global contact list and schedule appoints with coworkers, calendar, and email.

Jeff Boyle suggests reinstalling Office X:

We have been having intermittent problems and some major pains with Exchange and Entourage. I highly recommend the tips on the Entourage MVP site [part of the Microsoft MVPs program]. They suggested clean install of Office X (use remove Office if you have to which is on the value pack):
  1. Boot into safe mode (Shift at restart) and isolate the machine (i.e., no network or peripherals and stop all startup processes).
  2. Install Office X (I also put on most of the value pack including fonts) then open each app to initiate it.
  3. Then install the patches and again open each app.
  4. Repair disk permissions.
  5. Now configure entourage manually for exchange while in safe mode.

    Runs like a dream on three machines so far. Its a pain, but it works!

More fixes for the Panther 10.3.3 Active Directory Plugin. April 12, 2004 -- We've had more suggestions for fixing Active Directory problems with the Mac OS X 10.3.3 Update.

Will Jorgensen sent an update to his previous report:

I previously reported problems binding to our AD domain when 10.3.3 was installed. I have tried Apple's fix and I am still not able to bind to the domain. I get the exact same error message about needing a FQDN. I can get bound to the domain by booting to a 10.3.2 drive, binding under the appropriate computer name and moving the AD plugin files found in the /Library/Preferences/DirectoryServices folder over to the 10.3.3 disk. This however doesn't work as well as I'd like since every time I reboot I have to initially log into a local account, then do a search in AD using Address Book. After doing that, I can log out and log in using my network account.

Shane Palmer tried some of the suggestions from other readers, but they did not work. Then he discovered that the Unbind action deleted the computer account form the Active Directory:

I too am having problems with binding to Active Directory after updating to Mac OS X 10.3.3. I also have Domain Admin rights, but contrary to Mark Fojas' experience I am no longer able to bind Macs to Active Directory. I get the error that I have insufficient privileges. The key point here is that, regardless of how our Active Directory is set up and the procedures I use to bind to AD, I was able to do this with Mac OS X 10.3.2 but after upgrading to Mac OS X 10.3.3 and using the exact same steps I am no longer able to bind to AD. Like other users pointed out if my Mac was already bound to AD before the 10.3.3 update I can still use my AD credentials to login. I have not attempted to unbind my main Mac as I am afraid I won't be able to bind it again unless I reinstall 10.3.2.

I also tried Peter Jensen's tip but it did not help.

After some more testing, I am still not able to get 10.3.3 to work with our Active Directory environment, but I did notice a behavior that some people may not be expecting. I had an install of 10.3.2 that I had successfully added to Active Directory and did an Unbind on it through Directory Access utility. I rebooted the machine and did a Bind again to add it back to AD but got the same "Insufficient Privileges..." message that 10.3.3 gets.

After several more attempts I realized that the Unbind action actually deleted the Computer Account from the AD. This took me by surprise because this is not typical behavior when you remove a PC from AD. I added the Computer Account back in AD and it worked fine. I did however have to reboot my Mac and wait a few minutes for AD to synch everything up before it would successfully Bind again. This may solve some problems a few people were having when trying to rebind their Mac to AD.

I submitted a bug report to http://www.apple.com/macosx/feedback/ and suggest that anybody else still having trouble submit a bug report as well.

Peer-to-peer, Mac-Win employee status tracking. April 12, 2004 -- Today, Glass Bead Software released In-Out Board (US $9 per user), a new cross-platform employee status tracking tool. In-Out Board runs on a peer-to-peer basis on Windows 98, 2000 and XP and Mac OS X and Mac OS 8.6-9, and is priced at about $9 per user.

Office 2004 goes final, May release announced. April 6, 2004 --
Today, Microsoft announced that it will release Microsoft Office 2004 for Mac OS X by the third week of May. Microsoft also said that it will release Office 2004 to manufacturing on April 14, which means the software will be final. Microsoft is now taking pre-orders of Office 2004.

Microsoft did not say if Virtual PC 7 would be part of the Professional edition when Office 2004 ships. The company has previously said that Virtual PC 7 would ship during the first half of 2004.

A major new cross-platform feature will be Compatibility Reports. You will be able to run a Compatibility Report on a Word, Excel, or PowerPoint files to check for incompatibilities with the Windows version of Office, or with older Mac versions. If a problem is fixable, the Compatibility Report will offer to fix it for you.

Entourage problems verified, suggestions offered. April 6, 2004 -- Two readers responded to last week's reports of Entourage problems with Exchange Server. Sandra Ketrow verified one of the problem issues:

I just read April Acker's post about Entourage X problems with a large network, particularly the lockout issue. I have been totally stymied about this, thinking it was maybe OS X problem, maybe incompatibility with the network, but have not been able to find a fix. At least I know now what this is, and that I am not alone!

John Bergh has some suggestions:

First, from April Acker:
1. A problem with authentication causes AD accounts to lock out. There is no rhyme or reason to this.

2. Users occasionally cannot send mail, and receive an SMTP error which then also causes their AD account to lock out 50 percent of the time.

I have noticed that if you configure your Entourage account as and "Exchange" account there is some sort of Microsoft voodoo with regards to the entering of your password. If you enter your password incorrectly it shows up as FOUR failed attempts on the Exchange server side... I don't know if that number is different in other organizations, but I'm an Exchange admin and I just saw it happen minutes ago. A similar situation exists with OS 9 and Outlook 2001. We just increased the "account lock" to 9 failed attempts and that helped our OS 9 users and their not-so-nimble fingers.

Related to this is yet more MS weirdness... You must type your password slowly or it will fail. If I recall you don't get an error (you get right in to Entourage).

Add this on top of it all: I can fail my login attempt but still receive mail... If I try to send mail I get prompted to reenter my password(because I flubbed it earlier) and then it works.

So, most of this can be alleviated by entering your password slowly. Don't ask me why!

I set up Entourage as an IMAP (not Exchange) client and I don't have either of those problems. I don't get calendaring but it's worth the decreased hassle. I also had to set up Directory Services separately to hit the "global" address book but that too is okay with me. There are other issues I'm slowly discovering so I'm recommending Entourage on X with certain reservations, to say the least.

Secondly, from Ben Robertson:

Also, the Address book doesn't seem to work. I don't get any of the global address' listed (but, they are seen because you can start to type a users' name, and it gets filled in)

If you go to Tools->Directory Services do you see them? Again, I've stopped using the "Exchange" account setup but I recall that my "global" addresses did not show up in my "Entourage" address book, only under Directory Services.

Santa Barbara Mac Networkers Retreat to cover cross-platform issues. April 6, 2004 -- MacRetreats will hold a 3-day conference called Mac Networkers Retreat ($699 before June 1 and $799 after) for Mac networking and IT professionals on July 7 - 9. The even will be held on the campus of the University of California at Santa Barbara. The Retreat will feature a series of lectures, discussion groups, and workshops covering Mac IT network topics, including cross-platform integration.

PDF2Office v1.0.3 released. April 6, 2004 --
RecoSoft Corporation has released PDF2Office v1.0.3 (US$129, education price US$89), an update to its PDF document converter for Mac OS X 10.2 and later. (See also this press release.) PDF2Office can convert PDF files to editable documents in Microsoft Word, AppleWorks, RTF, and other formats. PDF2Office recreates the layout of the original document, applying styles, extracting and placing graphic images, and creating tables, headers, footers, columns, and other details.

TransMac 6.1 enables PCs to access Mac disks, create Mac CDs on a PC. April 6, 2004 -- Acute Systems is shipping TransMac 6.1 (US$64) software that allows Windows to read and write Mac formatted (HFS and HFS+) disks. TransMac supports Mac CDs, floppies, hard drives and removable drives that have Mac format volumes. It also reads Mac multisession and hybrid CD, CDR and CDRW disks. You can also create file-based Mac volume images which can be written to CDR/CDRW using many Windows CDR authoring packages. To enhance the reading of files on Mac disks, TransMac includes automatic file type/extension mapping between platforms.

Missing Sync for Tapwave syncs Macs and Zodiac handhelds. April 6, 2004 --
Mark/Space, Inc., is now shipping The Missing Sync for Tapwave (US $40), software that will sync a Tapwave Zodiac console and Mac OS X 10.2.8 and later over USB or Bluetooth. The Zodiac is gaming device based on Palm OS. Although many Zodiac games require a Windows installer, The Missing Sync for Tapwave allows Mac users to do drag-and-drop installs of games into the Zodiac, which the software will mount on the desktop. The software also will sync music, audio and digital picture files between iPhoto or iTunes on the Mac and either of the handheld's expansion card slots.


For older news see:

2004: | January-March |

2003: | January-March | April-June | July-September | October-December |

2002: | January-March | April-June | July-September | October-December |

2001: | January-March | April-June | July-September | October-December |

2000: | January/February | March/April | May/June | July/August | September/October | November/December |

1999: | January/February | March/April | May/June | July/August | September/October | November/December |

1998: | December | November | October | September | August | July | June | May | April | March | February | January |

1997: | December | November | October |

Newer Archived News Page

To search MacWindows, see the left column on the MacWindows home page.


| Top of Page |

| Current News (MacWindows Home) | Solutions | Tutorials | MacWindows Tips |


This site created and maintained by John Rizzo
Copyright 2004 John Rizzo. All rights reserved.