Archive
Archive for April 9, 2015
Creating mobile accounts using createmobileaccount is not working on OS X 10.10.3
April 9, 2015
12 comments
Following the release of OS X 10.10.3, I noticed in my testing that I was no longer able to create Active Directory mobile user accounts using the /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount tool.
The process of using the createmobileaccount tool usually works like this:
- Open Terminal or run a script
- Run the following command with root privileges:
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n network_account_username_goes_here
What normally happens is a new mobile account and home folder are then set up on the Mac for the network_account_username_goes_here account. On 10.10.3, I’m receiving an error indicating that the mobile account could not be created.
To try to narrow down if it was an issue specific to Active Directory account, I tested against both my shop’s Active Directory domain and OpenLDAP domain. In both cases, I received similar errors.
Active Directory on OS X 10.10.3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| computername:~ username$ sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username_goes_here | |
| createmobileaccount built Mar 4 2015 21:45:09 | |
| 2015-04-09 09:22:13.922 createmobileaccount[69912:277627] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7f89a9c162b0 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 09:22:13.982 createmobileaccount[69912:277616] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=699453718), NULL) failed | |
| 2015-04-09 09:22:14.433 createmobileaccount[69912:277616] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_RESUME, &(uid=699453718), NULL) failed | |
| 2015-04-09 09:22:14.542 createmobileaccount[69912:277643] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7f89a9d0e980 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 09:22:14.542 createmobileaccount[69912:277616] MCXCCreateMobileAccount(): Failed to create account. Error = -6304 (mobile account file path is either not a directory or could not be properly created). Cleaning up mobile account record. | |
| 2015-04-09 09:22:14.546 createmobileaccount[69912:277643] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7f89a9d5a840 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 09:22:14.549 createmobileaccount[69912:277616] MCXCDeleteAccount(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=699453718), NULL) failed | |
| 2015-04-09 09:22:14.550 createmobileaccount[69912:277620] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7f89a9c392c0 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 09:22:14.578 createmobileaccount[69912:277643] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7f89ac101990 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 09:22:14.578 createmobileaccount[69912:277616] MCXCDeleteAccount(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_RESUME, &(uid=699453718), NULL)failed | |
| *** mobile account could not be created: -6304 (MCXCCreateMobileAccount(): [newUser createHomeDirectory] failed) | |
| computername:~ username$ |
OpenLDAP on OS X 10.10.3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| computername:~ username$ sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username_goes_here | |
| createmobileaccount built Mar 4 2015 21:45:09 | |
| 2015-04-09 11:34:12.184 createmobileaccount[388:3436] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7fea4b5105b0 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 11:34:12.356 createmobileaccount[388:3432] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=990371), NULL) failed | |
| 2015-04-09 11:34:12.786 createmobileaccount[388:3432] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_RESUME, &(uid=990371), NULL) failed | |
| 2015-04-09 11:34:13.316 createmobileaccount[388:3436] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7fea4b458d50 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 11:34:13.317 createmobileaccount[388:3432] MCXCCreateMobileAccount(): Failed to create account. Error = -6304 (mobile account file path is either not a directory or could not be properly created). Cleaning up mobile account record. | |
| 2015-04-09 11:34:13.322 createmobileaccount[388:3435] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7fea4b458d10 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 11:34:13.329 createmobileaccount[388:3432] MCXCDeleteAccount(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=990371), NULL) failed | |
| 2015-04-09 11:34:13.330 createmobileaccount[388:3433] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7fea4b45a5d0 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 11:34:13.377 createmobileaccount[388:3435] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7fea4b463590 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 11:34:13.378 createmobileaccount[388:3432] MCXCDeleteAccount(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_RESUME, &(uid=990371), NULL)failed | |
| *** mobile account could not be created: -6304 (MCXCCreateMobileAccount(): [newUser createHomeDirectory] failed) | |
| computername:~ username$ |
To verify that this was a 10.10.3-specific issue, I re-ran my tests in a 10.10.2 VM. On 10.10.2, my results were what I expected: A new mobile account and home folder were created on the VM.
Mobile account creation on OS X 10.10.2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| computername:~ username$ sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username_goes_here | |
| createmobileaccount built Nov 16 2014 15:10:36 | |
| 2015-04-09 10:28:29.316 createmobileaccount[968:5545] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=699453718), NULL) failed | |
| 2015-04-09 10:28:29.809 createmobileaccount[968:5545] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_RESUME, &(uid=699453718), NULL) failed | |
| computername:~ username$ |
Mobile account creation via the OS loginwindow
One piece of good news is that this does not appear to affect the creation of mobile accounts via the loginwindow. In my testing against my Active Directory domain, automatic mobile account creation via the loginwindow appears to work fine.
The process I used in my testing looked like this:
- Bind test Mac running OS X 10.10.3 to my shop’s Active Directory domain, with mobile account creation enabled in the Apple Active Directory plug-in’s settings.
- Verify that the test account was not present as a mobile account on the Mac
- Log in with the test account’s credentials at the loginwindow
The results were what I expected: A new mobile account and home folder were created on the test Mac.
To help get this issue fixed, I’ve filed a bug report. For those interested in duping it, it’s bug ID 20482382.
Update 4-10-2015: My bug report has been closed as a duplicate of bug ID 20295898. If you want to file a bug report that dupes mine, please use the following bug ID to do so:
Bug ID 20295898
For those interested in the details, I’ve also posted the bug report to Open Radar:
Categories: Mac administration, Mac OS X
Der Flounder 
Recent Comments