Troubleshooting issues with macOS Asset Binding
- AD asset binding fails with an error message “Attempt to bind to server returned an unspecified problem.”
- Re-check for all the settings in the policy. Ensure that you provide the full Organizational Unit designation, and the account credentials used for AD binding should be intact. Try binding the Mac with the same settings as you have used in the policy.
- Ascertain that the macOS device and the domain controller are in the same network.
- Verify if the device can reach the Active Directory server while on the corporate network.
- Ensure that the time on the device matches with the server.
- The policy association is unsuccessful with the message “Failed to apply action to the device. The Library Linking account data could not be installed. Attempting to connect to the server resulted in an undefined issue.”
Add the same IP address specified as Active Directory Domain on the policy as the DNS server name on the device. To perform that, navigate to System Preferences > Network > Advanced > DNS Servers to enter the DNS server to the Mac.
Failed to apply the action to the device. The ‘Directory Binding Account’ payload could not be installed. Attempts to bind to the server returned an unspecified problem.
Failed to apply the action to the device. The ‘Directory Binding Account’ payload could not be installed. The server either couldn’t be found or was not responding.
These errors occur when the server name or credentials specified in the policy are incorrect, or the server cannot respond.
Verify if the server name is intact. Then, try applying the policy after some time.
If the issue persists, modify the host file on the device to point the FQDN to the IP address of the Domain Controller.
To edit the host file on Mac,
- Open Finder.
- Navigate to Applications > Utilities > Terminal.
- Enter the following command:
sudo nano /private/etc/hosts
- Enter the password when prompted.
- Next, add a new entry. Specify it in the following format:
IP address server.domain.com
Enter the IP address followed by the server name (or domain name) you want to associate with it.
- The AD Asset Binding policy is associated successfully, but the mobile user account is not created at login, and the login screen appears blank on the device.
When Login Windows Preferences are associated with the device, it would be difficult to create a network user via AD Asset Binding.
Perform the following steps:
- Remove the login window preferences associated with the device.
- Log in to the device using an AD user account credentials.
- Try enabling the login window preferences once again.
- The mobile user account will be created and listed on the login window.
- Attempts to bind to the server domain failed due to a credentials problem.
This error can occur if the domain account credentials provided in the policy is invalid.
- Verify the domain account credentials that you provided in the policy and check if any typo exists.
- Confirm whether the domain account password has expired.
- If a user account is locked out, they will not be able to login to the AD domain. So, an administrator can check if the given account is in a locked state from an AD bound Mac.
- Launch Directory Utility.
- Navigate to Directory Editor.
- Choose the node to the domain.
- Click on the lock icon to authenticate with an account that has the required permissions.
- Search for the user account and check with the attribute lockoutTime attribute. If it holds a value other than 0, it means it is locked.
- Edit the attribute to ‘0’.