Category Archives: Uncategorized

Troubleshooting, debugging Apple Mail connections

For troubleshooting connectivity issues with Apple Mail and an IMAP type account:
Ensure Mail is not running. This presumes you(r account) is using SSL/TLS for security (thus port 993) as you should be.
While logged in as the user in question, use the Terminal to issue:

/Applications/Mail.app/Contents/MacOS/Mail -LogSocketErrors YES -LogActivityOnHost your.mailserver.com -LogIMAPErrors YES -LogActivityOnPort 993 &> ~/Desktop/ConnectionLog.txt

Quit Mail from within the app after a minute or less. You can watch for activity (eg: to complete) in the Activity window.

For an Exchange account (which requires and uses Microsoft’s EWS),
ensure Mail is not running, and while logged in as the user in question, use the Terminal to issue:

/Applications/Mail.app/Contents/MacOS/Mail -LogHTTPActivity YES -LogEWSAutodiscoveryActivity YES >& ~/Desktop/MailEWS.log

Use the Window menu in Mail to bring up the Activity window, and wait for connection(s) to complete. Or give it a minute.
Quit Mail from within the app, and check the log.

iOS 9 Calendar stops working, won’t sync with OS X Server-based Caldav server

As always, you accept any and all risk when making advanced changes on your (OS X) server. That said, I wanted to share the following solution that has solved the problem of my iPhone (updated to iOS 9 and then the iOS 9.0.1 patch without resolution) no longer connecting to/updating/syncing with Calendar (caldav) server hosted on OS X Server 10.9.5 (with all security udpates).

The following led me to a fix:
https://discussions.apple.com/thread/7230486

However, that’s missing the specifics you need for 10.9 server
The launchd plist for 10.9 OS X Server lives at
/Applications/Server.app/Contents/ServerRoot/private/etc/caldavd/caldavd-apple.plist
But do not edit that file.
Instead, it specified an include of:
/Library/Server/Calendar and Contacts/Config/caldavd-system.plist
which is where we need to make the change.

Stop calendar server by issuing – via the terminal,

sudo serveradmin stop calendar
cd /Library/Server/Calendar\ and\ Contacts/Config/

Make a backup of the existing file first !
sudo cp -p caldavd-system.plist caldavd-system.plist.bak

Edit caldavd-system.plist
For example,
sudo nano -w caldavd-system.plist
look for the item, <key>SSLCertificate</key>
and the line after it, <string>/etc/certificates/your.servernamae.SOMEUPPERCASEALPHANUMERICSTRING.cert.pem</string>

and leave those alone !
After the above string, add the following, with each line beginning with a tab (where you see initial whitespace):

<key>SSLMethod</key>
<string>SSLv23_METHOD</string>

<key>SSLCiphers</key>
<string>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</string>

<key>SSL_OP_NO_TLSv1_1</key>
<true/>

Save the file (ctl w in nano) to commit the changes.
Start the calendar server while keeping an eye on the associated error log (eg. in another Terminal window, tail -f /var/log/caldavd/error.log )
sudo serveradmin start calendar

At this point, on my iPhone I deleted the caldav account setup and added the account back successfully, using SSL and without any errors. Calendar events that had been created on my Mac workstation but had failed to show up on my iPhone since the iOS 9 update events all showed up.

calendarserver.push.applepush.APNProviderFactory Connection to APN server lost: [Failure instance: Traceback: : [(‘SSL routines’, ‘SSL3_READ_BYTES’, ‘ssl handshake failure’)]

The following error was being logged on OS X Server (10.9.x) with calendar server in use, in /var/log/caldavd/error.log:

“caldav  [APNProviderProtocol (TLSMemoryBIOProtocol),client] [calendarserver.push.applepush.APNProviderFactory#info] Connection to APN server lost: [Failure instance: Traceback: <class ‘OpenSSL.SSL.Error’>: [(‘SSL routines’, ‘SSL3_READ_BYTES’, ‘ssl handshake failure’)]”

Before proceeding, ensure that you have a known-good, working SSL certificate. I’m using a commercial (purchased, not self-signed) certificate.

In my case, the following steps to remedied the above error:

Verify your ssl cert setup (I’m using a commercial one).

In Server.app, click on Calendar, and under “Settings” look for Push Notifications: Enabled
Hit the Edit button.

Use the Renew button in the pop-up dialog box, even if your current push certificate isn’t expired.
Stay in that same pop-up dialog, and click the arrow beside the bottom-most (small) text in grey, “Manage your certificates.” Log into Apple’s Push Certificates Portal,
and revoke any old expired certs. Heed the warnings stated there !

Back in the Server app, click on the very top item in the left-hand colum, your server name (eg: server) and UN-check the last check-box for “Enable Apple push notifications.”
Wait a full 30 seconds.
Check (click on, enable) that same box to enable Apple push notifications.

Check your log (tail -f /var/log/caldavd/error.log) and the errors should now be gone.

Office 2016 for Mac, and local storage of email

Office 2016 for the Mac – as you may or may not know by the time you read this – is currently available, via an Office365 subscription. See https://products.office.com/en-us/mac/microsoft-office-for-mac?pid=m

With Office 2011 for Mac, your Outlook files were stored within your Documents folder, in the folder “Office 2011 Identities” inside of the “Microsoft User Data” (~/Documents/Microsoft User Data/Office 2011 Identities).

This has changed as of Office 2016. Local storage for Outlook 2016 is to be found within the (user’s) Library folder, in the “Group Containers” folder:
~/Username/Library/Group Containers/XXXXXXXXXX.Office/Outlook/Outlook\ 15\ Profiles/Main\ Profile/Data

(where “XXXXXXXXX” is a 10-digit alpha-numeric string).

pf & logging in 10.8 and 10.9

The pf firewall (see http://www.openbsd.org/faq/pf ) is an excellent tool and there are many reasons I prefer it to ipfw (which was the native/built-in option supplied in versions of Mac OS X prior to 10.7 . Not to be confused with the Application Firewall (see http://support.apple.com/en-us/HT201642).

The problem with pf in OS X is that logging is problematic – pretty much broken.
In an effort to remedy this situation, I went searching and found Charles Edge’s post here to be particularly helpful:
http://krypted.com/mac-os-x/a-cheat-sheet-for-using-pf-in-os-x-lion-and-up/

and just as much, the following post that he refers to:
http://ikawnoclast.com/security/mac-os-x-pf-firewall-avoiding-known-bad-guys/

The Emerging Threats ETOpen ruleset is a great discovery.

Now then: In order to achieve reliable logging for pf, I suggest using launchd with a LaunchDaemon plist as shown:

pflog plist

 

 

 

 

pflog.plist

The script that is called (by the above plist) is simply:
#!/bin/sh
/sbin/ifconfig pflog0 create
/usr/sbin/tcpdump -lnettti pflog0 | /usr/bin/logger -t pf -p local2.info

The flags/options chosen for tcpump are the ones I found to result in the most useful information being logged, for my needs. Read the manpage and adjust as desired.

Also note that adding a firewall entry for pf via pfctl, doesn’t appear to work. I suggest creating your own tables, configuring /etc/pf.conf appropriately (to refer to your custom tables, please DO leave any and all existing entries untouched) and then manually editing your custom table(s) (with due caution !), then using
sudo pfctl -f /etc/pf.conf

to invoke your changes.

0x00000002 error when attempting to add a provisioned printer for a PC bound to the domain

An example scenario is that  only one or two PCs can’t add a server-provisioned  – be it via GPO/Group Policy Preferences or some scripted method – and on the client, the “Connect to Printer” dialog says, “no driver found.”

When you try to manually add the shared printer, the error message contains the code “0x00000002”

Odds are good that your server is a 64-bit OS, and so is the printer driver you used.
Locate and download the 32-bit version of the driver for your 32-bit version of Windows 7, and use that when adding the printer.

Windows XP, are you still using it ?

As you should know, Microsoft will no longer be supporting Windows XP as of this month (April 2014), in that the last patch they provide will be April 8th. *

There are a great number of reasons not to ignore this issue, whether XP is still in use in at home or in a business environment. Please see http://www.pcpro.co.uk/features/386077/windows-xp-microsoft-s-ticking-time-bomb

“(Computers still running Windows XP) will be vulnerable to hackers once XP stops receiving security updates, with Microsoft warning earlier this year that hackers could use patches issued for Windows 7 or Windows 8 to scout for XP exploits.”

If you don’t already have a migration plan in place and well underway, you absolutely should ! (Picture a billboard-sized flashing neon sign and sirens for appropriate emphasis).

Here are some great tips if you are forced to eke out a few more days from your XP systems:

http://nakedsecurity.sophos.com/2014/04/01/42-days-to-go-for-xp-8-tips-if-you-arent-going-to-make-it/

Note the last item, “Get on with your personal or organisational efforts to get rid of XP.”

Please contact us at the Core Solution Group if you need help with planning and migrating away from Windows XP, including backup of your data, computer hardware upgrades or replacement, and analysis of any software you rely on – be it versions & compatibility with Windows 7 or 8, or alternatives to outdated programs that won’t run on a newer version of Windows.

*For a not-insignificant cost, some organizations may opt for Microsoft’s Custom Support, which costs $200 per year per PC, and covers only patches ranked as “critical.”
http://www.pcworld.com/article/2047768/microsoft-will-still-patch-windows-xp-for-a-select-group.html

Java in the web-browser: Disable Java if you haven’t yet

Please see

http://nakedsecurity.sophos.com/2013/02/16/facebook-admits-network-breached/

http://nakedsecurity.sophos.com/2013/02/04/another-java-update-oracle-brings-patch-tuesday-forward-to-close-in-the-wild-hole/
and
http://www.cnn.com/2013/02/15/tech/social-media/facebook-attack/

The moral of the story is: Disable Java for your browser, you probably (really) don’t need it.
For your computer at work – of course – please check with your admin(s) before attempting any changes.

If you’re running Mac OS X 10.7 or newer and keep up to date, disabling Java in your browser was probably taken care of for  you.
Additionally, you can ensure Java is disabled in Safari, by navigating (while in Safari) to the Preferences menu,  Security tab.
In Chrome, type: chrome:plugins and check that Java is disabled.

In Firefox go to Tools > Addons > Plugins

If you’re running Windows, please be sure to follow these instructions:
http://www.java.com/en/download/help/disable_browser.xml

Internet Explorer Zero-Day: Don’t use IE as your browser

There’s a really VERY serious exploit for Internet Explorer. IE versions 7 to 9 in Windows XP through Win 7 are vulnerable. If you haven’t updated in a while, you really need to. Please have/make a backup, and update.

See http://nakedsecurity.sophos.com/2012/09/17/new-ie-zero-day-exploit-poison-ivy/
and
https://krebsonsecurity.com/2012/09/exploit-released-for-zero-day-in-internet-explorer/ for more info.

The only time you should really use IE is for Windows Update(s).

Some tips for troubleshooting Apple’s Mail.app

PLEASE NOTE: The following is being provided for informational purposes ONLY and should not be attempted if unless you are already familiar and comfortable with working in the Terminal. In no way is this meant to be a comprehensive method (not at all) for troubleshooting Mail.app.

When you get a spinning cursor (also known as the “spinning cursor of death” or the “spinning pinwheel of death” (SPOD) or “spinning beach-ball of death” (SBOD), this typically indicates that some task or event (internal to, for the application) is not completing – and the application (Mail) is waiting and so are you. Apple states the following about the spinning cursor: “The spinning wait cursor… is displayed automatically by the window server when an application can’t handle all of the events it receives. In general, if an app does not respond for about 2 to 4 seconds, the spinning wait cursor appears.” See http://developer.apple.com

In 10.4 and 10.5 you can use the Terminal to get the process id of Mail and then watch what files it’s accessing. As of OS X 10.5, fs_usage probably won’t give the expected result(s), and so for 10.5 and later, it’s better to use dtrace tools such as rwsnoop and opensnoop.

To look for specific mail message that might be causing the problem, try the following, using the Terminal (Applications/Utilties)

(The initial “sudo” is just to escalate privileges early, so as to avoid a delay between launching Mail and authenticating afterward and missing the output. This assumes the user (account) in question has administrative privileges).

sudo echo ''; open -a /Applications/Mail.app; sudo opensnoop | grep mbox

To see more of what Mail is accessing, try (all one one line):

sudo echo ''; open -a /Applications/Mail.app; sudo opensnoop | grep -v mds | grep -v grep | grep $(ps aux | grep [M]ail | grep -v bundle | awk '{ print $2 }')

In both cases, press ctl (control) and: c simultaneously in the Terminal to cancel the operation. Mail will still continue to run, quit it normally as desired.

Please *DO NOT DELETE ANYTHING* at all, especially while Mail is running. If necessary, force-quit Mail (see “Force Quit” in the Apple menu). However it’s best not to force-quit an application until you’re quite certain that it’s hung.

Please do not touch anything outside of the user’s Library/Mail directory, unless the problem turns out to be a 3rd-party bundle, which you should see listed as being in /Users//Library/Mail/Bundles/

Whatever you do, please make sure you have a full, known-good backup (of your Home folder at the very least in this case).

Rather than attempting to state what you might do with what you find, if you’re not sure then please contact us at the Core Solution Group to arrange to bring your Apple computer to us, or if that’s not an option we can arrange a remote support session (it’s easy to set up).