Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment,  Xsan

MDSChannelPeerCreate and Shared Volumes

These two errors:

com.apple.AppleFileServer[8123] MDSChannelPeerCreate: (os/kern) invalid argument
MDSChannelPeerRef MDSChannelPeerCreate(CFAllocatorRef, CFDictionaryRef): (os/kern) invalid argument

I see them frequently when we’re using dynamic or shared storage (e.g. Xsan or removable media) to share volumes between multiple computers and then share those shared volumes to clients through a network sharing protocol (e.g. afp or smb). They usually mean that the system doesn’t have enough permissions to do those MDSChannelPeerCreate processes. Therefore, we need to open those permissions up a little and then let the file sharing services restart. I usually do it this way:

serveradmin stop afp
serveradmin stop smb
chown -R root:staff /Volumes/VOLUMENAME/.fseventsd
chmod -R 770 /Volumes/VOLUMENAME/.fseventsd
chown -R root:staff /Volumes/VOLUMENAME/.Spotlight-V100
chmod -R 770 /Volumes/VOLUMENAME/.Spotlight-V100
chown -R root:staff /Volumes/VOLUMENAME/.dbfseventsd
chmod -R 770 /Volumes/VOLUMENAME/.dbfseventsd
serveradmin start afp
serveradmin start smb

You can do any of the other hidden directories if that doesn’t correct the errors as well, but those are the main ones that should impact MDS. MDS is the metadata search processes, which power Spotlight. If you see these processes running at a high load then you’re likely in the process of indexing. If you see these as errors in the logs then you might not have permissions to objects. Those permissions could be to the files that are attempting to be indexed or they could be to the locations where that indexed data or other requirements are stored. While I’ve used root and staff above, take note that there’s a _spotlight user that can be used as part of an ACL. The ACE for the _spotlight user is usually enabled by default, so in the event that you get these MDS errors, it’s usually due to the fact that we, as naturally suspicious systems administrators took some permissions away somewhere or got overly cautious with our permissions. I do it all the time…