We encountered a 10.9.5 Mac where the user's desktop icons were not displaying. They showed up in their Desktop folder but not on the desktop itself. Attempting to add a file/folder resulted in it being placed into the Desktop folder but not on the desktop.
The simple fix was to go to View/Clean Up and then all the icons appeared.
Sunday, November 8, 2015
Tuesday, October 13, 2015
Unable to SSH into a remote Mac: ssh_exchange_identification: Connection closed by remote host
When attempting to SSH into a remote Mac running 10.10.5, Terminal returned the following error:
ssh_exchange_identification; Connection closed by remote host
On the target machine we checked the Console log and found that during each SSH login attempt an error would appear in the log:
sshd: fatal: /var/empty must be owned by root and not group or world-writable.
We changed the ownership on the /var/empty folder:
sudo chown -R root:staff /var/empty
And we were then able to SSH to the remote computer.
ssh_exchange_identification; Connection closed by remote host
On the target machine we checked the Console log and found that during each SSH login attempt an error would appear in the log:
sshd: fatal: /var/empty must be owned by root and not group or world-writable.
We changed the ownership on the /var/empty folder:
sudo chown -R root:staff /var/empty
And we were then able to SSH to the remote computer.
Monday, August 10, 2015
Yosemite Macs - Progress Bar Stops at 50% During Boot
This is a well-known problem at it has been discussed elsewhere. However, I wanted to put the fix on our KB to avoid having to search for it in the future.
Symptom: Upon starting up, Yosemite Macs freeze and the progress bar stops at 50%. This seems to be an issue with FileVault2 encrypted Macs that are bound to AD.
Fix: If the Mac is encrypted you must first decrypt it. If it is not encrypted, skip down to "Restart the problem computer in Single User Mode" below.
For encrypted Macs:
- Target boot the problem machine to a working Mac
- You will be prompted for the FileVault password in order to mount/access the problem machine. Make sure you have this or you are pretty much screwed
- After the target computer mounts, open Disk Utility
- Select the target computers Macintosh HD
- Go to File/Turn Off Encryption (I have also seen a report that you can select "Unlock Macintosh HD")
- The HDD will start to decrypt. This normally takes around 45 minutes depending on the size of the drive. You must keep the power connected to the target computer or the decrypting process will pause
- There is no progress bar so the only way to know that the decryption has finished is to exit/launch Disk Utility and see if the disk still shows "Encrypted"
Note: When I did this I only waited about 15 minutes and then unmounted the target drive. This seemed OK and later I checked and the decrypting process had simply paused and continued. The main thing is that you kick-off the decrypt or unlock the drive.
- After the drive has decrypted, eject it
Restart in Single User Mode
- Restart the problem computer in Single User Mode (Command-S after the startup chimes)
- At the command prompt type the following:
bash-3.2# mount -uw /
bash-3.2# /usr/bin/nano /etc/rc.server
bash-3.2# /usr/bin/nano /etc/rc.server
The nano editor will open; enter the following lines:
#!/bin/sh
/bin/echo BootCacheKludge Beta 1.0 - Chris Hotte 2015 - No rights/blame reserved. /usr/sbin/BootCacheControl jettison
Click on ctrl-x and save the file with the default name.
Look at this thread
on JAMFNation for the post by Chris Hotte that describes the fix.
After you have done the above, restart the Mac and it should boot
normally.
We created a .pkg that contains the script and we push it out to all
our Yosemite Macs prior to encrypting them.
Sunday, July 19, 2015
Setting Apple Software Update (SUS) to get updates from Apple
Use the following command to force your Mac to use Apple for software updates:
sudo defaults delete /Library/Preferences/com.apple.SoftwareUpdate CatalogURL
Here is the article from Apple Support:
https://support.apple.com/en-us/HT202030
Monday, July 6, 2015
Remotely Disconnect A Session From the Command Line: Windows Server
- Go to the Command prompt
- Type "qwinsta" for a list of logged in users
- Locate the "ID" for the account you want to disconnect
- Type "rwinsta [ID number]"
- Run "qwinsta" again to ensure that the user was disconnected
Tuesday, May 12, 2015
Preview and Adobe CC Applications Crashing on Launch: OS 10.10 Yosemite
We received a report from an office that 9 out of 10 brand-new MBPs with default Apple Yosemite builds were experiencing crashes when attempting to open documents in Preview. Additionally, after installing Adobe CC 2014 none of the Creative Suite apps would launch.
Looking at the console log we found that Quicklook was crashing and re-spawning several times a second:
Expanding the line item we saw that Quicklook was unable to set its current working directory:
It turns out that a symlink to /private/tmp was missing. We navigated to the root directory and recreated it using the following command:
sudo ln -fs /private/tmp /tmp
After a restart we saw that Quickview crashes had stopped and we were able to open both Preview and Adobe CC applications.
Looking at the console log we found that Quicklook was crashing and re-spawning several times a second:
Expanding the line item we saw that Quicklook was unable to set its current working directory:
It turns out that a symlink to /private/tmp was missing. We navigated to the root directory and recreated it using the following command:
sudo ln -fs /private/tmp /tmp
After a restart we saw that Quickview crashes had stopped and we were able to open both Preview and Adobe CC applications.
Thursday, March 12, 2015
Items can't be copied to a Mac because there is not enough free space, even when disk information shows plenty of free space
When attempting to copy 50GB of data onto a Mac Air that was reporting 210GB of space available the copy failed on an error "not enough free space available".
The root cause was Time Machine backups utilizing the local drive. Even though the person never used Time Machine it was still enabled and apparently backing up to the local HDD. Turning off Time Machine freed up the space and we were able to copy the data successfully.
Looking under System Information/System Report/Storage we saw the backups taking up a massive amount of space; only 4kb was left available.
You can also disable Time Machine from the command line:
sudo tmutil disablelocal
The root cause was Time Machine backups utilizing the local drive. Even though the person never used Time Machine it was still enabled and apparently backing up to the local HDD. Turning off Time Machine freed up the space and we were able to copy the data successfully.
Looking under System Information/System Report/Storage we saw the backups taking up a massive amount of space; only 4kb was left available.
You can also disable Time Machine from the command line:
sudo tmutil disablelocal
Wednesday, March 11, 2015
Windows clients unable to connect to secure wi-fi
Our corporate network has a global wi-fi solution that uses Cisco access points, PEEP and AD authentication. Users can walk into any office in the world and use their AD credentials to authenticate to wi-fi. It's a nice little set up.
We also use Symantec Endpoint Protection (SEP) for anti-virus; this will become relevant in a moment.
Some users were reporting that their Windows 7 laptops were unable to connect to our corporate WiFi. Clicking on "connect" did nothing but pop-up a window saying "Unable to connect."
After digging through the logs we found that the user's credentials were not being passed to the access points. We attempted to set-up the connection manually and found that the Microsoft Protected EAP (PEEP) option was missing from the "Choose a network authentication method:"
It turns out that SEP was modifying Registry keys and telling Windows the default location of the SymRasMan.dll was C:\Program Files\ Symantec\Symantec Endpoint Protection \ instead of the correct %SystemRoot%\System32\rastls.dll.
The fix we used to resolve the issue is detailed in this MS KB article.
Note: the article specifically refers to this problem occurring on computers that have had SEP removed. However, as far as we were aware the computers that had the issue never had SEP removed, only installed.
We also use Symantec Endpoint Protection (SEP) for anti-virus; this will become relevant in a moment.
Some users were reporting that their Windows 7 laptops were unable to connect to our corporate WiFi. Clicking on "connect" did nothing but pop-up a window saying "Unable to connect."
After digging through the logs we found that the user's credentials were not being passed to the access points. We attempted to set-up the connection manually and found that the Microsoft Protected EAP (PEEP) option was missing from the "Choose a network authentication method:"
It turns out that SEP was modifying Registry keys and telling Windows the default location of the SymRasMan.dll was C:\Program Files\ Symantec\Symantec Endpoint Protection \ instead of the correct %SystemRoot%\System32\rastls.dll.
The fix we used to resolve the issue is detailed in this MS KB article.
Note: the article specifically refers to this problem occurring on computers that have had SEP removed. However, as far as we were aware the computers that had the issue never had SEP removed, only installed.
Ports required for Apple Push Notification Service
We encountered a problem where Macs managed by Casper were unable to communicate with the JSS for Mobile Device Management (MDM). The solution was to allow the following ports access to Apple's 17.0.0.0/8 range (complete owned by Apple):
- TCP port 5223 (used by devices to communicate to the APNs servers)
- TCP port 2195 (used to send notifications to the APNs)
- TCP port 2196 (used by the APNs feedback service)
- TCP Port 443 (used as a fallback on Wi-fi only, when devices are unable to communicate to APNs on port 5223)
After migrating a Mac user's profile, Dropbox fails to open: keeps asking for permissions
After migrating a user's profile and changing ownership on their home folder the user was unable to log into Dropbox after logging in. The users received an error:
"Dropbox needs to change permissions for the Folder: ~/Users/.dropbox Type in your password to allow this."
Typing in the user name and password did nothing. The user was then presented with another window that said, "Couldn't start Dropbox. This is usually because of a permissions error. Storing your home folder on a network share can also cause an error."
The solution that worked for us was to remove the hidden "./dropbox" folder from the root of the user's home folder. You can do this from terminal by typing:
sudo mv ~/.dropbox ~/.Trash
Or you can do it from the GUI if you turn off hidden folders.
I have also heard that you should delete the DropboxHelperTools folder although that wasn't required in our situation.
sudo mv ~/DropboxHelperTools ~/.Trash
"Dropbox needs to change permissions for the Folder: ~/Users/.dropbox Type in your password to allow this."
Typing in the user name and password did nothing. The user was then presented with another window that said, "Couldn't start Dropbox. This is usually because of a permissions error. Storing your home folder on a network share can also cause an error."
The solution that worked for us was to remove the hidden "./dropbox" folder from the root of the user's home folder. You can do this from terminal by typing:
sudo mv ~/.dropbox ~/.Trash
Or you can do it from the GUI if you turn off hidden folders.
I have also heard that you should delete the DropboxHelperTools folder although that wasn't required in our situation.
sudo mv ~/DropboxHelperTools ~/.Trash
Subscribe to:
Posts (Atom)