Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2806: Mobility HomeSync fails when using an AFP share mount from ExtremeZ-IP

Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:08 AM

Applies to: All versions of DirectControl on Mac OS X 10.7 and higher

Problem:

Mobile Accounts have been created with AFP network home folders shared out via GroupLogic ExtremeZ-IP.

If there are no other AFP shares mounted when Home Sync starts, then the task will complete successfully.

If there are other AFP shares mounted in Finder when Home Sync starts, then the sync fails and the following messages may be seen:
  • "Connection failed. there was an error connecting to the server "afpserver.domain.com". Check the server name or IP address, and then try again"
     
  • "URLs with the type "afp:" are not supported."
     
  • "The sync could not complete because your network home at "afp://afpserver.domain.com/sharefolder" is currently unavailable"
User-added image

Ejecting the shared folder will allow the Home Sync to immediately work again.


Cause:

Centrify Support have worked with GroupLogic and have determined the issue to be within the Kerberos handling of the ManagedClient process (This process handles the credentials of the Home Sync FileSyncAgent).

The issue can be reproduced with the native Apple plugin and without Centrify installed.

Apple have been notified and an Apple bug created at: Apple Bug ID #14267909


Workaround:

There are three workarounds available:

Option 1:
  • Eject any currently mounted AFP shares before attempting a Home Sync with a Mobile Account.

Option 2: 
  • Mount any extra shares using SMB instead, where this issue does not exist.

Option 3:
  • Configure the following settings within ExtremeZ-IP:
     
  • ExtremeZ-IP Administrator > Settings > File Server tab > Login Methods > 
    • "Allow Encrypted Logins" [Enable]
    • "Allow Kerberos Logins" [Disable]
    • User-added image
  • Save the changes and restart the service.
     
  • Now on the Mac when the AD user logs in and goes to mount the second AFP share, it will prompt them for credentials, but only the first time. Once the user saves the credentials to the Keychain, they will be able to successfully Home Sync with both AFP shares mounted.

Resolution:

None, the issue is located in a module which only Apple has access to.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.