Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Mac slow to login (El Capitain) bound to Active Directory

Hi All,

I've got a strange one, I've got a Macbook Air that's causing my a slow login response when coming back from sleep it can usually hang for about 15 - 30 seconds after sleep, has anyone experienced this issue?

Running the latest OS X El Capitain on 9.92 Hosted Casper JSS

I've tried the following commands from various Googling:

rm /var/vm/sleepimage

!/bin/sh

sudo defaults write /Library/Preferences/com.apple.loginwindow.plist DSBindTimeout -int 5
exit 0

No luck, i've also done PRAM and SMC reset still nothing.

Sachin

Like Comment
Order by:
SOLVED Posted: 7/12/16 at 11:26 AM by McLeanSchool

We're experiencing similar issues as well. Have you tried rebinding to AD after making the changes you made?

Like
SOLVED Posted: 7/12/16 at 12:07 PM by JustDeWon

FileVault2 enabled?

Like
SOLVED Posted: 7/12/16 at 12:46 PM by mbezzo

as @McLeanSchool mentioned, in my experience it's an AD bind issue - an unbind/rebind will likely do the trick.

Like
SOLVED Posted: 7/12/16 at 1:34 PM by Matt.Ellis

Also what kind of accounts local, or mobile that authenticate via AD. if there the latter then is the system connected via ethernet or wifi?

Like
SOLVED Posted: 7/12/16 at 4:18 PM by bbot

We had the same issue that affected nearly all Yosemite machines. After updating to El Capitan, a good chunk of the issue went away. Subscribing to see if anyone else has a good explanation on what would fix this.

Like
SOLVED Posted: 7/12/16 at 5:09 PM by Sachin_Parmar

@McLeanSchool - yeah tried unbinding and rebinding the machine to active directory and even unchecked the allow authentication from any domain in this forest to see if a local D.C. Would pick up the account and authenticate quicker.

Only additional thing I can add is that we've got EAP-TLS User based cert authentication on Macs both Wifi and Ethernet got over 150 machines working fine just this one seems to be showing issues.

@JustDeWon - FileVault 2 was enabled but when removed and fully decrypted the issue still persists

@Matt.Ellis - they're automatically created an Admin, Mobile and Managed account

Like
SOLVED Posted: 7/12/16 at 9:28 PM by mbezzo

I'd suggest unbinding the computer from AD, deleting the AD machine account from AD directly, then rebinding. Usually rebinding fixes for me, but I've had a few stubborn cases where this seemed to do the trick. YMMV of course.

Like
SOLVED Posted: 7/13/16 at 12:02 AM by donmontalvo

If your Mac doesn‘t sleep or wake when expected

Does pmset -g custom show sleep value at 1?

Like
SOLVED Posted: 7/13/16 at 3:49 PM by jtrappey

We saw a similar issue which turned out to be related to the "Use UNC path from Active Directory to derive network home location" checkbox in the Directory Utility/AD plugin. It wasn't consistant since some folks had this enabled on the AD side. Took a while to figure that out. Once we disabled that, everything sped up on logins for our "legacy" users.

Like
SOLVED Posted: 7/13/16 at 4:32 PM by Sachin_Parmar

@donmontalvo - checked the sleep settings both Battery power and AC Power are set to 10

@jtrappey - Interesting fix, I tried to disable that setting, rebooting etc and it's still showing symptoms of slow/lagged login after sleep

@mbezzo - Tried the AD unbind/rebind and deleted the object from AD waited for replication etc, still no luck still showing the same symptoms, interesting thing at the moment is I have a macOS Sierra machine in a lab on dev beta 2 and it's showing me the same issue but it's random on that machine, bound to AD, FileVaulted, Casper Built, ADPassMon Enabled on Both Machines, 802.1X Configured on both machines.

Like
SOLVED Posted: 7/13/16 at 4:34 PM by mbezzo

man, my suggestions along with @jtrappey's have pretty much always done the trick. Just not sure what else could be going on there! Sorry!

Like
SOLVED Posted: 7/13/16 at 4:47 PM by Sachin_Parmar

@mbezzo - No worries, pulling my hair out too because I cannot even figure out what's going on, let me open a support req with JAMF and will update if we find a fix

Like
SOLVED Posted: 7/13/16 at 4:58 PM by bbot

We had a support case open with Apple and they suggested the below. Unfortunately, performing all these actions didn't make the problem go away completely.

Unchecking box for "Allow authentication from any domain in the forest."

Removing the UNC path and profile from user's Active Directory object

They also felt it could be network related. In terminal, when we ran a netstat -a | grep tcp4, we found that after logging in from sleep, it was connecting to a DC thousands of miles away when there were multiple DC's on site.

Like
SOLVED Posted: 7/13/16 at 6:01 PM by donmontalvo

I guess it depends on how AD is set up.

We've always had this one on in large environments without any issues.

$ dsconfigad -show | grep Authentication
  Authentication from any domain = Enabled

We keep this one disabled:

$ dsconfigad -show | grep UNC
  Use Windows UNC path for home  = Disabled
Like