Open Radar

 
Apple Developer Relations14-Aug-2015 07:34 AM

There are no plans to address this in 10.10.x.

We are closing this bug report.

If you have questions regarding the resolution of this issue, please update your bug report with that information.

Please be sure to regularly check new Apple releases for any updates that might affect this issue.

Summary:
Starting with Mac OS X 10.9 and continuing through every release up to and including the latest beta release of 10.10.5 (14F25a)
Attempting to bind to Active Directory when in a AD site that contains a RODC as the primary DNS server for the site results in a failure to bind to active directory with an unknown error being reported by directory utility.

Steps to Reproduce:
1. Install OS X and update to latest shipping version (10.10.4)
2. Attempt to bind to AD from a AD site that has a RODC as primary DNS server
3. Directory Utility fails with unknown error.

Expected Results:
As per previous OS version 10.8.5, AD Plugin should attempt to locate a RWDC in the DNS service records and bind to that RWDC

Actual Results:
Directory Utility reports an unknown error and the bind is unsuccessful

Regression:
10.7.0 - > 10.7.2 exhibited this issue, however 10.7.3 resolved the issue. https://support.apple.com/en-us/HT202278
10.8.x does NOT exhibit this issue at all.
10.9.0 -> 10.9.5 does exhibit this issue
10.10.0 -> 10.10.5 (14F25a) does exhibit this issue
10.11 beta’s do NOT exhibit this issue

It would be great to the get the fixes implemented in L-Cap back ported to 10.10.x and even 10.9.x
We have a substantial fleet of ~50,000 Mac OS X devices across 2200 sites that are currently unable to bind to AD ‘out-of-the-box’

Notes:
Attached sys diagnose and open directory debug log for the period of time during a bind attempt