I have a script to join AD domain on MDS workflow, it works when deploy MacOS bigsur but when deploy MacOS Monterey, it failed with following errors:
dsconfigad authentication server could not be contacted. (5200)
I have tried to run the script on the mac manually and the result is successfully. Therefore I dont know why it failed during the MDS workflow.
Any suggestion? Below is the script sample:
DC=‘dc.xxx.com’
adDomain=‘ad.xxx.com’
adminUser=‘addcomputer’
adminPassword=‘password’
computerID=scutil --get ComputerName
computerOU=‘OU=Workstations,DC=ad,DC=xxx,DC=com’
dsconfigad -add -domain $adDomain -force -preferred $DC -username $adminUser -password $adminPassword -computer $computerID -ou $computerOU
Regards,
Ray
Look in the /var/log/install.log and you should see what it is failing.
tim
Hi Tim,
In the install.log, the error said:
2021-11-11 12:55:17+08 mac-test package_script_service[859]: ./postinstall: dsconfigad: Authentication server could not be contacted. (5200)
If I run the postinstall script manually (using sudo), it can work.
Please advise.
Best Regards,
Ray
Few more information provided.
on the postinstall script I have added some commands to show the status on network and dns, it looks like all network port status are inactive (en0 to en5)
It weired that I am using http server to dowload the DMG image and run the MDS successfully but just has the connection problem when running postinstall script. (hdiutil mount http://[imageserver]/{image.dmg}
Best Regards,
Ray
We join the network in recovery, but that is different from post-install. There is a checkbox for “wait for network”. Did you select that? Is network enabled when you log in to test after it has finished?
tim
Yes, I have already enabled “wait for network before installing resource” option and also the network is enabled after finished the workflows and reboot the computer. Only the postinstall script failed to join the machine into the AD domain.
Finally, on the postinstall script, I have added the following command to enable the network manually before run dsconfigad command:
networksetup -createlocation xxx populate
after add above command, the postinstall script can run dsconfigad command successfull.
I am not sure is it just the case for me when deploying MacOS Monterey on M1 machine, but want to share this experience to you.
Thanks
Ray
One more thing to share when deploy MacOS Monterey on M1. Some softwares like Firefox & Acrobat DC cannot install on the workflow because Rosetta 2 hasn’t installed. I checked the mds-firstboot.log the reason is cannot detect the network connection. (same as the postinstall script cannot detect the network) We are using external USB dongle to connect the network, (en5)
May I know MDS 4.x support external USB network connector? (en5)
MDS just checks for network by doing this:
test=$(ifconfig -a inet 2>/dev/null | sed -n -e '/127.0.0.1/d' -e '/0.0.0.0/d' -e '/inet/p' | wc -l)
try running
ifconfig -a inet 2>/dev/null | sed -n -e ‘/127.0.0.1/d’ -e ‘/0.0.0.0/d’ -e ‘/inet/p’
and see if it returns a line with the current ip address:
inet 192.168.0.121 netmask 0xffffff00 broadcast 192.168.0.255
Also, the log in /var/log/install.log should show this. If you have Pro or Enterprise support, we can get on a zoom call and get it all figured out.
tim
After completed the workflow and reboot the machine, I can get the result after run the command you mentioned.
But during the workflow run, I didn’t see it on the log.
Attached the install.log and mds-firstboot.log for your reference.
(Attachment install.log is missing)
(Attachment mds-firstboot.log is missing)
Sorry, it looks like the support page does not support attachment. Therefore I cannot upload the log file to you for reference.
Just have a new update for your information.
I checked that the reason why some applications cannot install on M1 via the workflow. For example, Mozilla Firefox and Adobe Acrobat Reader DC. Both they are not compatible with M1 and need Rosetta 2 to run, but by default Monterey has not install Rosetta, so I need to run a custom script to install rosetta before install those application as below.
/usr/sbin/softwareupdate --install-rosetta --agree-to-license
After Rosetta has installed, those software can be installed successfully.
On MDS do you think we can add an option to install rosetta?
Thanks.
Ray