Mac IT Guy: Network overload, OS X Server

I have a series of older 802.11 b/g Airport Expresses set up in several rooms of the house, to let me stream music; at the heart of it all is a Time Capsule (which uses 802.11 b/g/n). They all work fine, except in my son’s room, which is furthest from the Time Capsule; his old Titanium laptop gets really poor reception.

So I installed my old Airport Extreme in his room and configured it to extend the network from the Time Capsule. My son now gets perfect WiFi for his laptop. But if I try to stream music to any of the Airport Expresses, they keep dropping the signal. Why doesn’t this work? And is there some better way to extend my network to the furthest room?

Streaming iTunes over those old 802.11g Airport Expresses and then extending the network using an older Airport Extreme (which I’d guess is also 802.11g) may be asking that old hardware to do too much. I’d recommend upgrading your Airport Expresses to newer models, and set them to stream iTunes over 802.11n; you can keep the old Airport Extreme in his room. Since the Time Capsule has separate antennas for 'g' and 'n';, this should clear up the problem nicely.

However, if you’re planning on upgrading your son’s laptop anytime soon, I’d do the opposite: Upgrade the Airport Extreme in your son's room to something that supports 802.11n. Then you can stream iTunes over the 802.11g network. Again, that should also clear up the problems you’re seeing. (Personally, I’d go with this second solution if you can; your son can probably use the faster network more than iTunes would—not to mention the new laptop.)

Next question:

We are a medium-sized theater company in Toronto. We have a small IT department—four people—and about 100 users. Most of them use Windows machines, but about 20 of them use Macs.

We want the Macs to log in to the Windows domain controller, as the Windows machines do. We also want to control what the Mac users can and can’t do, add links to shared resources, update their computers from an OS X server, and back up their Documents folder to a server.

So we installed OS X Server 10.5 and 10.6, then got the Macs to bind to our domain and receive policies from Workgroup Manager. However, some things aren’t working the way we’d like:

1) Laptop users who have been connected to the network via WiFi then sleep their machines and take them home find they can’t log in when their Macs wake up.

2) On our Windows network, we use a Group Policy Object to redirect users’ My Documents folders to a file server; this produces both a local and server copy. We tried to do this on the Macs by using Portable Home Directories syncing. But that syncing has never worked properly: Despite listing some folders as exclusions, sometimes users’ entire Libraries or their IMAP mail folders are synced. Other times, the sync doesn’t seem to have done anything: Copies on the file server are older than what’s on the local drive.

3) Some users get repeated pop-up messages that their files can’t sync; those pop-ups appear on top of whatever application they’re using, making it difficult to do anything. It got so bad that we had to disable sync altogether.

4) We would like to push updates to the users via our OS X Servers. We have been able to set the computers to look at our OS X Servers via Workgroup Manager and then used Apple Remote Desktop’s softwareupdate command-line tool. But we’ve found that the list of updates provided by our OS X Servers are much smaller than what we’d get if we logged in with a local administrator account and asked Apple’s servers. Our OS X Servers seem to have the right updates, but they don’t show up in the clients.

Any ideas?

That’s a lot of issues, but I’ve seen them all before in similar situations. Taking the problems in order:

1) Assuming the laptops are bound to Active Directory, you need to make sure your Active Directory servers fully reachable from the outside world. Can you authenticate against them, get Kerberos tickets, and so on? If you can do so partially—if, for example, the servers resolve in terms of DNS, but can’t get those Kerberos tickets—it may be that the laptops can’t really connect to them to authenticate and so exit from sleep. The fact that the laptops can log in when the network is completely dead tells me that this is what you’re running into. The solution is to either make sure that Active Directory domain is just invisible to the outside world or to allow for authentication against the servers from the outside.

2) As for the Portable Home Directories (PHDs), they can be a bear to set up, and even minor mistakes can make you tear your hair out. The first thing you should do is carefully read the Apple documentation—in particular, the User Management PDF, and the white papers on Systems Management and Client Management. They’re written for educational purposes, but the information is critical to proper implementation of PHDs.

That done, make sure your Mac OS X Servers are all on Mac OS X 10.6 Server. (It had some big changes to PHD syncing.) Finally, go through the client sync logs—especially FileSyncAgent logs in ~/Library/Logs—to see where the errors are actually happening.

3) Those dialogs are really, really annoying. You can manage them in Workgroup Manager, in the details for PHD syncing. The keys you want to enable are Suppress Sync Errors; the full list is on pages 73 and 74 of that Client Management. Keep in mind that you may be trading convenience for the risk that the user won’t realize when something bad has happened.

4) For the software updates, first review the Software Update service documentation, and make sure your settings are correct. You should also review the whitepapers mentioned above. In particular, pay close attention to the URL you are using for the Software Update service on your clients.

John Welch is IT Director for The Zimmerman Agency, and a long-time Mac IT pundit.

Have a question about managing networked Macs, at work or at home? Write us at macitguy (at) macworld.com.

Subscribe to the Apple @ Work Newsletter

Comments