Bootcamp Domain Time Issues
16 July 2007, 02:28 PM
#1
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Bootcamp Domain Time Issues
I am trying to get Bootcamp working for Tiger and XP in a domain enviroment. Both XP and Tiger will be bound into Active Directory
I know there are time issues with this, one will be out of time when you boot from one to the other. I have searched for fixes for this but so far I'm having no joy.
Currently the Mac will never login as the time is always 1 hour ahead of actual time so authentication fails, the PC will login and the time usually adjusts itself once logged in (not a cached account, this happens with new accounts also).
One fix PC side stated to alter a reg setting as below:
To fix this, you need to add a key to your Windows system registry to tell Windows that your hardware clock will always be GMT.
*** WARNING: Editing your registry improperly can render your Windows installation inoperable. Proceed VERY carefully. I am not responsible if you mess something up. ***
The short solution for people who know how to edit the registry:
A DWORD key called HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\TimeZoneInformation\RealTimeIsUniversal needs to have the value of "1"
The step-by-step solution is as follows:
1. Boot Windows
2. Click Start --> Run and type regedit. Click OK
3. The Windows Registry Editor should pop up. Navigate within the explorer to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\TimeZoneInformation
4. Click on the TimeZoneInformation "folder" from the navigation pane if you haven't already done so.
5. This assumes the correct key doesn't exist. If it does, you will just change the existing key's value: Right click on the white space within the folder (If you don't have a right mouse button, you may need to download a program called applemouse to emulate the "control-click" of the apple 1-button mouse). Select new --> DWORD Value. Title the key "RealTimeIsUniversal" (No quotes). Set the value to "1" (No quotes again). Hexidecimal should be fine.
6. Either reboot and set the clock in MacOS or set the clock in Windows. You should now be able to reboot into either OS and have a correct clock.
However this hasn't helped matters and the next solution I had was on the Mac side which was below:
You can quit Lingon at this point - that ntpdate command should be issued as root the next time you reboot, which will cause an immediate re-synch of the of the system's date & time against Apple's time servers. Obviously, you must be online for the time-synch operation to succeed.
This did not do the trick either. I am using Bootcamp 1.3, running Tiger 10.4.10 and XPSP2
Platform is an IMac core 2 Duo with 2 gig of RAM, is there any way to keep the time stable, I cant wait for 10.5
I know there are time issues with this, one will be out of time when you boot from one to the other. I have searched for fixes for this but so far I'm having no joy.
Currently the Mac will never login as the time is always 1 hour ahead of actual time so authentication fails, the PC will login and the time usually adjusts itself once logged in (not a cached account, this happens with new accounts also).
One fix PC side stated to alter a reg setting as below:
To fix this, you need to add a key to your Windows system registry to tell Windows that your hardware clock will always be GMT.
*** WARNING: Editing your registry improperly can render your Windows installation inoperable. Proceed VERY carefully. I am not responsible if you mess something up. ***
The short solution for people who know how to edit the registry:
A DWORD key called HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\TimeZoneInformation\RealTimeIsUniversal needs to have the value of "1"
The step-by-step solution is as follows:
1. Boot Windows
2. Click Start --> Run and type regedit. Click OK
3. The Windows Registry Editor should pop up. Navigate within the explorer to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\TimeZoneInformation
4. Click on the TimeZoneInformation "folder" from the navigation pane if you haven't already done so.
5. This assumes the correct key doesn't exist. If it does, you will just change the existing key's value: Right click on the white space within the folder (If you don't have a right mouse button, you may need to download a program called applemouse to emulate the "control-click" of the apple 1-button mouse). Select new --> DWORD Value. Title the key "RealTimeIsUniversal" (No quotes). Set the value to "1" (No quotes again). Hexidecimal should be fine.
6. Either reboot and set the clock in MacOS or set the clock in Windows. You should now be able to reboot into either OS and have a correct clock.
However this hasn't helped matters and the next solution I had was on the Mac side which was below:
- Download Lingon: SourceForge.net: Downloading ...
- Copy the Lingon application to your /Applications folder
- Launch the Lingon application
- Click the toolbar's "Assistant" button (bow-tie icon)
- Make sure that "Run a job at startup" radio button is selected and click "Next"
- In the "Label" field, type in a name for this task, using reverse-domain naming (e.g. org.johndoe.ntpdate)
- Uncheck the "Launch only when I log in" checkbox
- Check "Must be run as root" (this checkbox will be enabled when you un-select the one above)
- Click "Next"
- In the "Job" field, type "/usr/sbin/ntpdate -u" and click "Create"
- At this point, you should be prompted to authenticate as an admin user
You can quit Lingon at this point - that ntpdate command should be issued as root the next time you reboot, which will cause an immediate re-synch of the of the system's date & time against Apple's time servers. Obviously, you must be online for the time-synch operation to succeed.
This did not do the trick either. I am using Bootcamp 1.3, running Tiger 10.4.10 and XPSP2
Platform is an IMac core 2 Duo with 2 gig of RAM, is there any way to keep the time stable, I cant wait for 10.5
Last edited by mike1210; 16 July 2007 at 02:31 PM.
16 July 2007, 02:51 PM
#2
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Have a read of this. There is mention of a batch file for XP, so it might be worth giving that shot and seeing if it helps any.
With regards to the Lingon thing. When you had set that up and booted up into OS X and logged in as a local Admin account, had it correctly reset the time? It might be that the startup item is not executing correctly and changing the time as it should.
With regards to the Lingon thing. When you had set that up and booted up into OS X and logged in as a local Admin account, had it correctly reset the time? It might be that the startup item is not executing correctly and changing the time as it should.
16 July 2007, 03:18 PM
#3
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
One other thing. When you boot up into OS X, you should see the login dialog. Underneath the Mac OS X heading is machine name field. Click on that field and you'll see the information displayed changes. Click through there and see if it displays anything about your IP address, also, it should display the current date and time the machine is using, see if that is set as it should be.
The reason I mention the above is that I was reading this thread on macosxhint and the last post mentioned that the Lingon thing was running, but failing because the machine had no internet connection when the startup item was executing. It is quite possible this is why the standard auto date and time sync won't fix the issue, as that'll only happen when you login, and at that point there should be internet access.
The reason I mention the above is that I was reading this thread on macosxhint and the last post mentioned that the Lingon thing was running, but failing because the machine had no internet connection when the startup item was executing. It is quite possible this is why the standard auto date and time sync won't fix the issue, as that'll only happen when you login, and at that point there should be internet access.
16 July 2007, 04:23 PM
#4
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Thanks Markus, the IP is listed (but it's a hardwired public address) the network accounts are listed as unavailable. The machine I would Imagine has internet connectivity as all machines here have open internet connections.
A local admin account is setup on the mac which is the only account that can login when the time is wrong, this can access the net no problem
The machine time is listed as 1 hour ahead when the accounts are unavailable, when the time is changed to the correct time (obtain time automatically is not ticked on the Mac) the acconts are listed as available.
When you boot into PC and back into the Mac the time is then always 1 hour ahead, then AD accounts fail
A local admin account is setup on the mac which is the only account that can login when the time is wrong, this can access the net no problem
The machine time is listed as 1 hour ahead when the accounts are unavailable, when the time is changed to the correct time (obtain time automatically is not ticked on the Mac) the acconts are listed as available.
When you boot into PC and back into the Mac the time is then always 1 hour ahead, then AD accounts fail
Trending Topics
17 July 2007, 09:17 AM
#8
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
I can only get BST London at the mo
, im guessing it would auto change to GMT when the clocks change. Odd thing the PC can login (time changes soon after if wrong) but Mac will not budge if time is out
, im guessing it would auto change to GMT when the clocks change. Odd thing the PC can login (time changes soon after if wrong) but Mac will not budge if time is out
17 July 2007, 03:01 PM
#9
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Silly question I know, but I assume the PC (well, PC side of the mac, you know what I mean) is bound to the AD domain? I assume when the PC boots up it asks you to login and you're entering the same network account you would on the Mac (well, when the time is correct and it lets you in).
Also, I assume that the Mac is bound to the AD domain via the AD Directory Services plugin? What version of Windows Server is running on the server you're binding the mac to? Just going to try a few things here with my setup, see if I can work out what is going on (I'll just fudge the time settings, so no bootcamp setup will be used to throw the time off)
Also, I assume that the Mac is bound to the AD domain via the AD Directory Services plugin? What version of Windows Server is running on the server you're binding the mac to? Just going to try a few things here with my setup, see if I can work out what is going on (I'll just fudge the time settings, so no bootcamp setup will be used to throw the time off)
17 July 2007, 04:01 PM
#10
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Another question for you. What exactly happens when you try to login on the Mac side? Does the login window just shake? Is any kind of message displayed?
I'm going to take a guess here that it's just shaking at you, as that is exactly what I see. Here's what I've done:
Bound my G4 to my AD domain controller (Windows 2003 Enterprise server). I've made sure the times are in sync and I've rebooted and can login as an account on my AD server. I then unchecked the option to auto update date and time, set the clock back an hour and logged out. I then tried to login as the same user account, no go. Login dialog simply shook.
If I click on the Machine name on the login dialog and cycle through to the network accounts section, it says Network Accounts Unavailable. If I resync the time, and check the same thing, it says Network Accounts Available.
So we know probably what we already knew, if the time is out, you cannot login on the mac. The obvious thing is, how to fix this. I'm jsut looking into this to see if I can work out some way to resolve this. There *has* to be a way to do it.
I'm going to take a guess here that it's just shaking at you, as that is exactly what I see. Here's what I've done:
Bound my G4 to my AD domain controller (Windows 2003 Enterprise server). I've made sure the times are in sync and I've rebooted and can login as an account on my AD server. I then unchecked the option to auto update date and time, set the clock back an hour and logged out. I then tried to login as the same user account, no go. Login dialog simply shook.
If I click on the Machine name on the login dialog and cycle through to the network accounts section, it says Network Accounts Unavailable. If I resync the time, and check the same thing, it says Network Accounts Available.
So we know probably what we already knew, if the time is out, you cannot login on the mac. The obvious thing is, how to fix this. I'm jsut looking into this to see if I can work out some way to resolve this. There *has* to be a way to do it.
Last edited by Markus; 17 July 2007 at 04:09 PM.
17 July 2007, 04:16 PM
#11
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Silly question I know, but I assume the PC (well, PC side of the mac, you know what I mean) is bound to the AD domain? I assume when the PC boots up it asks you to login and you're entering the same network account you would on the Mac (well, when the time is correct and it lets you in).
Also, I assume that the Mac is bound to the AD domain via the AD Directory Services plugin? What version of Windows Server is running on the server you're binding the mac to? Just going to try a few things here with my setup, see if I can work out what is going on (I'll just fudge the time settings, so no bootcamp setup will be used to throw the time off)
Also, I assume that the Mac is bound to the AD domain via the AD Directory Services plugin? What version of Windows Server is running on the server you're binding the mac to? Just going to try a few things here with my setup, see if I can work out what is going on (I'll just fudge the time settings, so no bootcamp setup will be used to throw the time off)
Windows server is running 2k3 Service Pack 1
17 July 2007, 04:24 PM
#12
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Another question for you. What exactly happens when you try to login on the Mac side? Does the login window just shake? Is any kind of message displayed?
I'm going to take a guess here that it's just shaking at you, as that is exactly what I see. Here's what I've done:
Bound my G4 to my AD domain controller (Windows 2003 Enterprise server). I've made sure the times are in sync and I've rebooted and can login as an account on my AD server. I then unchecked the option to auto update date and time, set the clock back an hour and logged out. I then tried to login as the same user account, no go. Login dialog simply shook.
If I click on the Machine name on the login dialog and cycle through to the network accounts section, it says Network Accounts Unavailable. If I resync the time, and check the same thing, it says Network Accounts Available.
So we know probably what we already knew, if the time is out, you cannot login on the mac. The obvious thing is, how to fix this. I'm jsut looking into this to see if I can work out some way to resolve this. There *has* to be a way to do it.
I'm going to take a guess here that it's just shaking at you, as that is exactly what I see. Here's what I've done:
Bound my G4 to my AD domain controller (Windows 2003 Enterprise server). I've made sure the times are in sync and I've rebooted and can login as an account on my AD server. I then unchecked the option to auto update date and time, set the clock back an hour and logged out. I then tried to login as the same user account, no go. Login dialog simply shook.
If I click on the Machine name on the login dialog and cycle through to the network accounts section, it says Network Accounts Unavailable. If I resync the time, and check the same thing, it says Network Accounts Available.
So we know probably what we already knew, if the time is out, you cannot login on the mac. The obvious thing is, how to fix this. I'm jsut looking into this to see if I can work out some way to resolve this. There *has* to be a way to do it.
17 July 2007, 04:43 PM
#13
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Well, at least we're on the same page here, which counts for something I guess 
I'm testing a startup item I've written and it seems as though it might work. It certainly works if I login, change the time to something daft, then reboot. On the login dialog I click on the machine name until I see the date and time and it has updated it to the correct time, plus it's correct when I've logged in.
I'm just double checking it's working, then I'll test to make sure I can login via an AD account. If it all works I'll get you a copy to test with.
I'm testing a startup item I've written and it seems as though it might work. It certainly works if I login, change the time to something daft, then reboot. On the login dialog I click on the machine name until I see the date and time and it has updated it to the correct time, plus it's correct when I've logged in.
I'm just double checking it's working, then I'll test to make sure I can login via an AD account. If it all works I'll get you a copy to test with.
17 July 2007, 05:19 PM
#14
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Some good news for you, looks like the startup item works and it should address the issue you are seeing. There is one caveat though, and it's with the ntpdate command. It seems that it does not deal with the future too well, by that I mean if the computers date and time is set to a date in the future, even if it is only tomorrow, then the command runs but it does not set the date and time. If the date is in the past, for example yesterday, it will set it.
If you want to PM me you email address I'll send you a zip file which contains the startup item, simply expand the zip file, drop it into /Library/StartupItems/ then reboot. Login as a local Admin account and it should display a dialog asking you to fix a startup item, click "Fix" then click "Restart" on the next dialog. This should then get the startup item to run on subsequent boots.
To test it, simply login as a local admin account, change the time to say three hours ago, then reboot. When you get to the login dialog, click on the machine name until you see the date and time, and, if all is going well, you should see the current time, and not the time you had set it to. If it's correct, try logging in, which should work.
The utlimate test of course is to then boot into Boot Camp, then reboot into OS X and see if it works as it should. The date and time on the login dialog will tell you wether things are working or not.
If you want to PM me you email address I'll send you a zip file which contains the startup item, simply expand the zip file, drop it into /Library/StartupItems/ then reboot. Login as a local Admin account and it should display a dialog asking you to fix a startup item, click "Fix" then click "Restart" on the next dialog. This should then get the startup item to run on subsequent boots.
To test it, simply login as a local admin account, change the time to say three hours ago, then reboot. When you get to the login dialog, click on the machine name until you see the date and time, and, if all is going well, you should see the current time, and not the time you had set it to. If it's correct, try logging in, which should work.
The utlimate test of course is to then boot into Boot Camp, then reboot into OS X and see if it works as it should. The date and time on the login dialog will tell you wether things are working or not.
17 July 2007, 05:34 PM
#15
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
I think I also know why the Lingon thing didn't work. With a true startup item, you have StartupParameters.plist file which contains various bits of information, one section is called "requires", this essentially says "I should not run until after XXX has run". In this case the required items are "Network" and "Resolver", both of which are somewhat important when you're trying to update the time against an ntp server.
Looking at the lignon stuff, there is no mention of specifying when during the boot sequence it should run, so my guess would be it runs before the network interface has been configured, thus the update won't work, and you're stuck with a "bad" date and time.
Looking at the lignon stuff, there is no mention of specifying when during the boot sequence it should run, so my guess would be it runs before the network interface has been configured, thus the update won't work, and you're stuck with a "bad" date and time.
19 July 2007, 08:27 AM
#16
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
manged to sort this in the end by pointing the time server to one our Domain controllers, massive thanks to Markus though for helping me with this
21 July 2007, 01:46 PM
#18
Scooby Regular
Thread Starter
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
In Uni we have only one time server, however only the domain controllers can access it, it's restricted on the core router to IP address which is a booger, many thanks for that though. Im going back and fro from parallels to boot camp as managment are undecided on what to use in the labs, both have their niggles and both must be able to be imaged via LANDesk remotely. BTW thanks for the parallels tip before re: shut down not suspend which doesn't make the mem and sav file. Only niggle is new users get new preferences files and the machine suspends which is an ****. I've contacted parallels with suggestions for future releases, another being the config file can be locked so student can't change it.
21 July 2007, 02:50 PM
#19
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
I did post on the Parallels forum asking about changing the behaviour of the close button as it looks like it's a hard shutdown, ie; poweroff, rather than safe one, but that does make some sense.
Also, there was an update to Parallels earlier in the week, did mention something about increased compat with Autocad, which I think you had tried and it seemed to work. Always worth looking at.
With regards to an imaging solution, I'd say that a VM solution rather than BootCamp would be better as you'd be restoring a file, rather than messing around with an actual partition. Of course if LANDesk has the ability to do what Netrestore Helper and/or Winclone can (restore from image file to specific partition), then that should work. Of course if you can remotelty run NRH and point it at an image to restore then that's something, but you'd need to make sure no-one uses the machine at that point, just in case the operation goes **** up, as it might screw the BC partition. At least with the VM thing it's just killed the file, which is easilly replaced.
As for config lock, you could change setup the VM settings as you wish, then change permissions to read/execute for owner, group and world. That might prevent changes from being made. You could also refresh the settings on logout using some software distribution solution, thus the next user will get fresh settings.
Also, there was an update to Parallels earlier in the week, did mention something about increased compat with Autocad, which I think you had tried and it seemed to work. Always worth looking at.
With regards to an imaging solution, I'd say that a VM solution rather than BootCamp would be better as you'd be restoring a file, rather than messing around with an actual partition. Of course if LANDesk has the ability to do what Netrestore Helper and/or Winclone can (restore from image file to specific partition), then that should work. Of course if you can remotelty run NRH and point it at an image to restore then that's something, but you'd need to make sure no-one uses the machine at that point, just in case the operation goes **** up, as it might screw the BC partition. At least with the VM thing it's just killed the file, which is easilly replaced.
As for config lock, you could change setup the VM settings as you wish, then change permissions to read/execute for owner, group and world. That might prevent changes from being made. You could also refresh the settings on logout using some software distribution solution, thus the next user will get fresh settings.
Thread
Thread Starter
Forum
Replies
Last Post