Oh, We Can't Do That!

About two months ago I got an email from my supervisor asking, "Do you know Mac and how to fix issues?

I responded that I was no expert by any means, but I did know my way around the OS. I asked what was up.

She responded, "Nothing right now but I may ping you at some point."

Because, you know, this is a government agency and we are hip deep in need to know bullshit—for even the littlest things.

A week later I got an invite for a meeting titled, "Mac Computers and Exchange" at the headquarters of our famous magazine.

Turns out there's been a years-long problem with the Macs crapping out and losing connection to the Exchange server, forcing calls to the Service Desk for password resets multiple times a day. (How exactly they were speaking to the exchange server through Outlook without being bound to the domain was something I never got a clear answer for, but I was pretty sure all the problems would disappear if the machines were actually on the domain.

The guy from the network group claimed it was a pain to add the machines to the domain. I knew this was bullshit from having worked at DISH, where there were literally hundreds of Macs on the domain—all of which worked flawlessly.

I did my own outside research on binding Macs to Active Directory and realized it wasn't nearly as much trouble as the network guy had indicated—especially since he said they were already set up for it on the back end. I convinced the magazine folks to lend me one of their machines so I could do some troubleshooting.

Back at my office, after wiping and doing a clean install of the OS, I easily bound it to our domain. I hadn't yet gotten the links to our MS Office installer, so I set up Apple Mail to connect to the Exchange Server. Rock steady. After logging in initially, it never prompted for my credentials again.

The general consensus among the Mac Troubleshooting team was that several applications (Adobe CS and Outlook among them) were having issues getting past our anal-retentive firewall. Even though it was set up in networking with the correct name and port, getting to certain locations—easily accessible on a Windows machine—was impossible.

After speaking with the magazine's webmaster, I got a list of websites that needed to be whitelisted in order to get past the firewall to connect to Adobe services. I was also told that several certificates needed to be copied from my Windows machine.

I added the sites and the certificates, and I was able to connect Adobe Creative Cloud and download applications and fonts. I could also get to most websites—on Chrome at least. (Safari refused—and is continuing to refuse—to connect to anything outside the firewall.)

Even while logged into Adobe, Apple Mail and the connection to the Exchange server remained steady. I felt like I was making progress. I'd been documenting everything in mails to the group and getting positive feedback from the magazine folks.

A few days later I was finally able to install MS Office. Sure enough, once I started using Outlook all hell broke loose. Not doing anything on the machine, Outlook would kick me out, prompt for credentials and then lock my account.

I asked the magazine's webmaster (who had become the group's de facto contact person) if they'd ever considered just using the native Apple apps for mail and calendar. "I don't remember the exact reason because it was several years ago, but we were told by network security we couldn't do that."

WTF.

Apparently unlike anyone else on this fucking team, I actually went to the Google and did some research on the Outlook issue. I discovered the credential-prompting problem was at one point fairly common and had been addressed by a subsequent Office update. Imagine that.

Of course, the only problem in our locked-down environment was getting the Office update because—of course—the automatic downloader in Office was being blocked by the fucking firewall.

More research led me to the direct download link from Microsoft, and once it was downloaded and installed, the prompting issue—for the most part—disappeared.

After the update, for the rest of the day I remained connected without so much as a hiccup.I left everything logged in that evening, but returned to work the next day to discover that at some point Outlook had logged me out and was once again prompting for my credentials. Discouraged, I stepped away from it for a while and went back to my other duties (i.e. wasting time on the internet).

Apple released the 10.13.4 OS update late last week, and at this point I felt I had nothing to lose by upgrading the machine. Outlook still wasn't working 100% and the worst case scenario would be that the update would break something horrifically and  I'd have to wipe and reinstall everything again. I could live with if the update actually did something to alleviate this issue.

So last Friday I downloaded the "combo update" package for 10.13.4 (because the App Store is also blocked by our firewall) and upgraded the machine.

I stayed logged into both our domain, Adobe CC, and our Exchange Server through Outlook over the weekend. Except for one unrelated incident this morning that caused everyone to be bounced, the connection has been rock steady.

All's well and good, right?

Well, not so fast. When you work for a government agency, you can't just  go fixing things, y'know. Prior to our last meeting, just getting as far as I had prior to the upgrades was met with a flurry of "Oh well, we can't do thats" from the network guy. The magazine people were fine with binding to the domain. They'd have access to network resources without having to jump through hoops, and if the Outlook/firewall issue was solved, this solution could be implemented for other Mac-using (or wanna-be-Mac-using) departments in the organization (such as Video and Creative, who have their own set of issues).

For shits and giggles—since this was not specifically part of my purview)  I loaded our Citrix client on this loaner machine, and was able to access my Citrix desktop and use all the same Windows tools I do through Citrix on my Windows laptop.

In a way this was frustrating because It makes me want a Mac at work. The UI is so much more elegant than Windows. The machine boots up and connects in a heartbeat, and it's just a much more pleasant user experience. Since I was told I'm now the backup Mac support guy for the magazine a good case could be made for it, right?

Yeah, well, that's not going to happen and eventually I'm going to have to return the loaner.

Last week I was working with one of the guys in Creative who—who, along with the other members of the team—is struggling with the Adobe Suite on an admittedly decent Dell workstation. Recently they've been complaining about how it takes forever to do anything and have asked for quotes on more powerful machines (10 core processors, SSDs, 32GB RAM). They got a quote of around $4K for the monsters and of course, there was much hand-wringing.

While I was trying to get this particular user's CC apps to update to the latest version (they refused, because the latest version of Windows 10 is not installed on the machine) I told him that they really should be using Macs. "Duh!" was his response.

I related the research I'd been doing for the magazine, and suggested that for the amount of money they were going to lay out for new Windows machines, if the problems fully integrating Macs into our environment could be solved, that taxpayer-provided funding would be better spent on buying Apple gear.

I told him I'd run the idea past his supervisor.

I met with her yesterday, and she said she'd spoken to purchasing about this and got nothing but pushback. It was obvious they had little to no knowledge of the work that we'd been doing over at the magazine and was still quoting the company line,  "Macs don't work in our environment."

Well no, they don't—if it's going to be business as usual and my suggestion that the machines be put on the domain continues to be ignored.

At this point I'm frustrated because they want solutions—but yet it seems they don't. The entrenched bureaucracy in Networking and Network Security are dismissing my recommendations and more than anything else I'm getting the attitude from them that I don't know what I'm doing, and furthermore why should they listen to a contract employee anyway? I'm almost to the point of asking my supervisor why I even need to be on this team if all my suggestions are shot down. What's the point?

If nothing else, this exercise has made me realize I really want to work somewhere that I can support Macs.