For as long as I've been running Tiger server, I've been disappointed in the AFP server. I've kept my ear to the ground and have found that many other admins at larger Mac sites share my frustration. It's always been amusing to me that the most Mac-centric function of OS X Server is also its weakest.
The symptom is as follows. The server will be chugging along and suddenly all users are either a) disconnected or b) told that don't have permissions to any shares. If you open Server Admin, select you server, go to AFP and then Connections, the Status of all clients will be "Disconnected/Asleep."
You probably have a lot of instances of the AppleFileServer process and at least one of them is consuming all available CPU resources. You can revive the server by killing all the AppleFileServer processes and then use Server Admin to start the AFP service again. This band-aid will last a couple hours to a couple of days. Longer term relief is found with a server reboot.
I was able to reduce the frequency of the issue by spreading my shares across more Xserves, disabling SMB services and by keeping network homes separate from normal shares. Even so, at least one server would have AFP die at least once each month. This was certainly an improvement over the weekly (or even daily) occurrences before these remedies, but was still not good enough.
I'd always been puzzled by the amount of CPU required to serve AFP. I have between 70 and 100 simultaneous users per server on a given day. The odd thing is, 5 users or 100 users both cause AFP to use tremendous amounts of CPU time.
I'd read many reports that this was an issue with how OS X handles .DS_Store files over a network. I'd read conflicting reports on why this was an issue and how to fix it. I've finally found one that works, at least for my shop.
Now, following this remedy will prevent .DS_Store files from being created on your server. That means window settings will not be preserved across sessions and some users may be annoyed. I'm running managed Open Directory clients, and these steps make that assumption. If your clients are unmanaged, you'll have to touch every workstation.
- Open Terminal and run this command from a workstation that has Workgroup Manger installed. Run this command:
defaults write com.apple.desktopservices DSDontWriteNetworkStores true
- Open Workgroup Manager. Click Groups, select a management group and then click Preferences. Click Details. Click add. Navigate to ~/Library/Preferences and select com.apple.desktopservices.
- Repeat for all management groups.
- ssh into your server. Run this command (requires root, so use sudo or login as root when you connect):
find /Volumes/PATHTODIRECTORY -name ".DS_Store" -print0 | xargs -0 rm
- Enjoy a much more stable server.
I hope this helps someone out there rest a little easier.