Home
> Mac administration, Mac OS X > Creating mobile accounts using createmobileaccount is not working on OS X 10.10.3
Creating mobile accounts using createmobileaccount is not working on OS X 10.10.3
Following the release of OS X 10.10.3, I noticed in my testing that I was no longer able to create Active Directory mobile user accounts using the /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount tool.
The process of using the createmobileaccount tool usually works like this:
- Open Terminal or run a script
- Run the following command with root privileges:
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n network_account_username_goes_here
What normally happens is a new mobile account and home folder are then set up on the Mac for the network_account_username_goes_here account. On 10.10.3, I’m receiving an error indicating that the mobile account could not be created.
To try to narrow down if it was an issue specific to Active Directory account, I tested against both my shop’s Active Directory domain and OpenLDAP domain. In both cases, I received similar errors.
Active Directory on OS X 10.10.3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| computername:~ username$ sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username_goes_here | |
| createmobileaccount built Mar 4 2015 21:45:09 | |
| 2015-04-09 09:22:13.922 createmobileaccount[69912:277627] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7f89a9c162b0 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 09:22:13.982 createmobileaccount[69912:277616] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=699453718), NULL) failed | |
| 2015-04-09 09:22:14.433 createmobileaccount[69912:277616] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_RESUME, &(uid=699453718), NULL) failed | |
| 2015-04-09 09:22:14.542 createmobileaccount[69912:277643] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7f89a9d0e980 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 09:22:14.542 createmobileaccount[69912:277616] MCXCCreateMobileAccount(): Failed to create account. Error = -6304 (mobile account file path is either not a directory or could not be properly created). Cleaning up mobile account record. | |
| 2015-04-09 09:22:14.546 createmobileaccount[69912:277643] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7f89a9d5a840 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 09:22:14.549 createmobileaccount[69912:277616] MCXCDeleteAccount(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=699453718), NULL) failed | |
| 2015-04-09 09:22:14.550 createmobileaccount[69912:277620] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7f89a9c392c0 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 09:22:14.578 createmobileaccount[69912:277643] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7f89ac101990 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 09:22:14.578 createmobileaccount[69912:277616] MCXCDeleteAccount(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_RESUME, &(uid=699453718), NULL)failed | |
| *** mobile account could not be created: -6304 (MCXCCreateMobileAccount(): [newUser createHomeDirectory] failed) | |
| computername:~ username$ |
OpenLDAP on OS X 10.10.3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| computername:~ username$ sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username_goes_here | |
| createmobileaccount built Mar 4 2015 21:45:09 | |
| 2015-04-09 11:34:12.184 createmobileaccount[388:3436] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7fea4b5105b0 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 11:34:12.356 createmobileaccount[388:3432] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=990371), NULL) failed | |
| 2015-04-09 11:34:12.786 createmobileaccount[388:3432] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_RESUME, &(uid=990371), NULL) failed | |
| 2015-04-09 11:34:13.316 createmobileaccount[388:3436] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7fea4b458d50 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 11:34:13.317 createmobileaccount[388:3432] MCXCCreateMobileAccount(): Failed to create account. Error = -6304 (mobile account file path is either not a directory or could not be properly created). Cleaning up mobile account record. | |
| 2015-04-09 11:34:13.322 createmobileaccount[388:3435] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7fea4b458d10 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 11:34:13.329 createmobileaccount[388:3432] MCXCDeleteAccount(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=990371), NULL) failed | |
| 2015-04-09 11:34:13.330 createmobileaccount[388:3433] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7fea4b45a5d0 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 11:34:13.377 createmobileaccount[388:3435] ### syncProxyWithSemaphore error:Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." (connection to service named com.apple.systemadministration.writeconfig) UserInfo=0x7fea4b463590 {NSDebugDescription=connection to service named com.apple.systemadministration.writeconfig} | |
| 2015-04-09 11:34:13.378 createmobileaccount[388:3432] MCXCDeleteAccount(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_RESUME, &(uid=990371), NULL)failed | |
| *** mobile account could not be created: -6304 (MCXCCreateMobileAccount(): [newUser createHomeDirectory] failed) | |
| computername:~ username$ |
To verify that this was a 10.10.3-specific issue, I re-ran my tests in a 10.10.2 VM. On 10.10.2, my results were what I expected: A new mobile account and home folder were created on the VM.
Mobile account creation on OS X 10.10.2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| computername:~ username$ sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username_goes_here | |
| createmobileaccount built Nov 16 2014 15:10:36 | |
| 2015-04-09 10:28:29.316 createmobileaccount[968:5545] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=699453718), NULL) failed | |
| 2015-04-09 10:28:29.809 createmobileaccount[968:5545] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_RESUME, &(uid=699453718), NULL) failed | |
| computername:~ username$ |
Mobile account creation via the OS loginwindow
One piece of good news is that this does not appear to affect the creation of mobile accounts via the loginwindow. In my testing against my Active Directory domain, automatic mobile account creation via the loginwindow appears to work fine.
The process I used in my testing looked like this:
- Bind test Mac running OS X 10.10.3 to my shop’s Active Directory domain, with mobile account creation enabled in the Apple Active Directory plug-in’s settings.
- Verify that the test account was not present as a mobile account on the Mac
- Log in with the test account’s credentials at the loginwindow
The results were what I expected: A new mobile account and home folder were created on the test Mac.
To help get this issue fixed, I’ve filed a bug report. For those interested in duping it, it’s bug ID 20482382.
Update 4-10-2015: My bug report has been closed as a duplicate of bug ID 20295898. If you want to file a bug report that dupes mine, please use the following bug ID to do so:
Bug ID 20295898
For those interested in the details, I’ve also posted the bug report to Open Radar:
Categories: Mac administration, Mac OS X
Leave a comment
Recent Comments
 | Ben LeRoy on Losing a giant |
 | Peter-Erik on Downloading installer packages… |
 | nathanhaggard on Losing a giant |
 | andras0602 on Disabling login window clock d… |
 | Jeff on Losing a giant |
Der Flounder 
Nice catch RIch!
It looks like if you create the home directory (mkdir /Users/username) and set the ownership on the directory properly before running createmobileaccount, then it will succeed.
I’ve been working to modify one of our scripts and the workaround makes it a little ugly, but it does seem to work.
One downside of this approach is that it doesn’t seem to pull in the default user template.
Ugh. Having the same problem. Existing mobile accounts work, but new ones don’t.
The workaround of creating the user dir locally first ins’t working for me, either.
I started doing this because
a) Too many applications don’t work correctly out of the box with network homes (at one point Safari!!!! was one of the broken applications) and
b) the WGM “make mobile account on login” failed to do its job.
So I scripted up a lgoinHook to do the work. And it worked for 10.9.x and 10.10.x until the .3 update. Apple, why, oh why, do you break system utilities with these updates?
As James pointed out, it works, if you first create the user account manually by mkdir /Users/username_goes_here and then change the owner by chown -R username_goes_here /Users/username_goes_here.
So a little addition to the work around in order to get it to pull the user template…
1) mkdir /Users/username
2) sudo chown -R username /Users/username
3) sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username
4) sudo rm -r /Users/username
5) sudo createhomedir -c -u username
That should do it. This has worked for me thus far.
I can now see the user in the users and groups but it still won’t login to the machine if there is not an existing connection during authentication. what am I missing? can I do a runas or SU in terminal for it to cache the password?
Replace line 3 with: sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount –v –P –n username and it’ll cache the password
This is a huge problem for me. I have a script that runs in a lab auto-creates users from student’s AD accounts. I ran updates on the Macs and now the script is hosed. Thank you for confirming what I was starting to suspect that it was the 10.10.3 update that killed my script. I traced the script failures back to mobile account creation. I sure hope this gets fixed soon.
I myself was trying to get the createmobileaccount command to work but for some reason I couldn’t. Then this article confirmed that since I was testing in 10.10.3 this wouldn’t work. Please fix this soon Apple…but thanks users for a temporary work around.
This seems to be working in 10.11.1 . Doesn’t even give the non-critical errors it used to. Not sure which intervening release fixed this.
FYI…it appears this issue has been resolved in 10.10.5. At least I couldn’t create the account using the method Richard has outlined here which I have used successfully prior to 10.10.5. So decided to create account using createmobileaccount tool and it worked. So it appears to have been fixed in 10.10.5
This seems to have cropped up again (or something similar) on Catalina, at least 10.15.5. It won’t accept -P to authenticate the user, so I had to run with -n -a adminuser then run AGAIN with -P, which didn’t want to work either…no time to create a Bug currently, but it is annoying!