Two mdm errors and how to resolve them

First one is kind of shaky, the second one is definite.  I will update this post and make note of it if my information changes.  Last month I was receiving “the configuration for your iPad could not be downloaded from [my client’s server] NSURLErrorDomain -999.”  I found all kinds of solutions online relating to management suites, but I’m not even going to mention them because they were irrelevant to the solution in my case.  The only difference in my setup between functioning and non-functioning was the devices I was deploying started coming with iOS 11 instead of iOS 10.

This particular setup is just preparing the devices with Configurator 2, no DEP, then going through the iOS initial configuration of which the major steps are joining the wifi network, accepting enrollment, and logging in with the user’s account.  On initial setup of this system around the middle of 2017 I was receiving errors about SCEP enrollment, which was not being used.  That was fixed by enabling all the setup steps instead of trying to customize them.  (Also, see “4/17/18 note,” below.)

The change I made which fixed this problem was editing the enrollment url from:

https://serverfqdn/devicemanagement/api/device/dep_mdm_enroll

to

https://serverfqdn/devicemanagement/api/device/auto_join_ota_service

 

This month on trying to deploy another device I started receiving a new error, “the configuration for your iPad could not be downloaded from [my client’s server] “Invalid Profile.” To fix this open Configurator 2 -> Preferences -> Servers -> + -> [enter a name like mdm Jan 2018] -> [for “host name or url” use only the fqdn and no path info so it autodiscovers the full path, i.e. https://fqdn/]. This will fetch the most current cert/info via built-in autoconfig.

After receiving the “Invalid Profile” message I needed to manually erase the device to begin again, but after erasing and re-preparing it the steps went back to working perfectly.

1/25/18 note: My employee was testing this, it failed even with a newly autodiscovered server entry.  However prior to use instead of being brand new (in my case) he used Configurator 2 to erase it.  Using the built-in “Erase All Content and Settings” did allow the process to proceed.  Next new iPad I get I’ll try erasing it prior to preparing it using Configurator 2 and leaving the existing server entry in place.  If that works I’ll update this post.

4/17/18 note: SCEP errors can also occur if port 80 is not open to the profile manager server.

If I’ve made an error or helped you out, I’d love to hear about it. Please email me at mdm@ this domain name (without the www.) Thanks!

The Lion City II – Majulah

I’m completely taken by this song.  It is not often I listen to the same song twice, nevermind on repeat on my car, phone, and home system.

The video?  Oh, it’s pretty.  Mindblowing too, if you try to figure out how you get a perfectly smooth time lapse over a period of months (years in some cases) where the source camera is clearly moving.

These artists are masters of their crafts.

Fascinating – “denying death its sting”

I helped eight people end their lives. By the time you read this, I’ll have ended mine

I realize this is a controversial topic but it’s hard to argue with this kind of sentiment: “The poet Susan Musgrave, who knew Al well, wrote of his final months: ‘Al looked at death the same way he has always looked at life—right between the eyes.'”

I’ve saved this for about half a year to share, I think it’s too good of a story not to.

Deleting Time Machine .inProgress backups

[Disclaimer: there are some very powerful commands mentioned casually here.  BE CAREFUL, I assume no liability for you recursively deleting or removing all permissions from your data.  Or for that matter, anything else as a result of a lack of caution or expertise!]

This was an interesting one.  Had a machine that kept having issues during Time Machine (TM) backups.  It completed the first backup successfully and then stalled on one of the next few backups.  In this particular case it’s multiple terabytes over a fairly slow connection so the first backup takes days.

Then it sits “preparing” for as long as you’d care to watch it.  First time this happened I monitored TM activity using Console.app and a backupd search string, nothing was really happening.  So then I stopped TM and tried to cleanup the .inProgress folder so TM could start over.  I was trying to force its recovery after (not completely covered) basic methods didn’t work.

This .inProgress folder completely refused to be deleted.  Nothing worked: started with rm -R and when it complained thought it was the usual system immutable flag.  That the file was locked.  Tried chflags -R nouchg and had no luck.  Tried some advanced variations of that, still nothing.

(Side note: this is my second round with this exact issue, the first time through I made sure the data was backed up elsewhere and formatted the drive, just for the sake of time efficiency.  Since the issue is back I have to address it head on.)

“ls -lahe” revealed files with ACLs set to deny access to everyone.  So I used chmod -RN to recursively remove all permissions.  I kept getting “chmod: Failed to clear ACL on file” and “Operation not permitted” despite being root.

So.  Hmmm.  I can’t remove ACLs prohibiting deletion on files which also have system immutable flags set, meaning I can’t change ACLs via any method.  I should mention that yes, I did check directory structure integrity way earlier in the process.  Taking a step back I realized this was a TM-created issue, so maybe tmutil can come to the rescue again.

Sure enough: Use tmutil listbackups just for verifications and then use tmutil delete snapshot_path [use actual path here sans brackets, e.g. /Volumes/ExternalBackup6TB/Backups.backupdb/ComputerName/2016-09-12-000400.inProgress/]

This returned the error “snapshot_path: No such file or directory (error 2)” AND YET in a separate session escalated appropriately “fs_usage | grep tmutil” showed the truth, that tmutil was furiously cleaning up all those untouchable files.  I later verified that the .inProgress folder had actually been removed.

Problem solved!  Hope this helps someone.  I love to hear when it does (tmutil@ this domain name) but if you’re too busy, no worries!

Tabs March 2016

Well the time has come to clean up tabs.  If I bookmark them I’ll never see them again, so I might as well share them.


 

http://flowingdata.com/2015/12/15/a-day-in-the-life-of-americans/
So again I looked at microdata from the American Time Use Survey from 2014, which asked thousands of people what they did during a 24-hour period. I used the data to simulate a single day for 1,000 Americans representative of the population — to the minute.

More specifically, I tabulated transition probabilities for one activity to the other, such as from work to traveling, for every minute of the day. That provided 1,440 transition matrices, which let me model a day as a time-varying Markov chain. The simulations below come from this model, and it’s kind of mesmerizing.


 

Take a second look at these.  Amazing.

Rob Gonsalves


Man quits job after visiting Burning Man, spends 10 yea


 

Sure, skip around especially the intro, but if you’re into speed these boats are something else.  Never seen it from this perspective before!


 

Full of interesting tidbits:

https://www.reddit.com/r/AskReddit/comments/406d65/what_is_something_someone_said_that_changed_your/


Love this story, especially details like the black gloves.


Milky Way tracking.

View post on imgur.com


 

Duuuuude.


Does this…. work?


I dunno about best in the world, but this kitchen does have some pretty killer features that aren’t obvious at first:

http://www.contemporist.com/2015/12/01/7-reasons-why-this-kitchen-was-named-best-in-the-world/


Reddit title was “Smearing time like butter.” Not even going to try to improve that.  Takes a little while to get really into it.

 

Reddit – This time not as a dirty word

This summer I found an article that finally describes what reddit can be in terms many people can understand. I’ve been nervous about sharing that I even like reddit because of all the common negative associations people have about it (some of them in the intro to this article:)

http://www.slate.com/articles/double_x/doublex/2015/07/reddit_as_feminist_utopia_what_the_front_page_of_the_internet_looks_like.single.html

Long story short, reddit is what you make of it. Do not visit the main page and assume that’s all there is, because it’s mostly trash. The linked author made her reddit a feminist (&reading!) utopia. Mine is a mix of so many areas, here’s a sampling.
https://www.reddit.com/r/yesyesyesno/
https://www.reddit.com/r/nonononoyes/
https://www.reddit.com/r/LaserCleaningPorn/
https://www.reddit.com/r/cableporn/
https://www.reddit.com/r/BuyItForLife/
https://www.reddit.com/r/BBQ/
https://www.reddit.com/r/sysadmin/
https://www.reddit.com/r/TalesFromRetail/
https://www.reddit.com/r/TrueReddit/
https://www.reddit.com/r/AskEngineers/
https://www.reddit.com/r/askscience/
https://www.reddit.com/r/changemyview

Unless you get all fancy-pants you’ve got to make an account to start customizing, but A) they never spam you, B) it doesn’t cost anything and, C) there’s really very little information to sell (they don’t do that either afaik.) There’s no obligation to post links or even comment.

My only lingering doubt in sharing this information is that having new information that’s customized to you is quite addicting. Not like Facebook where you’re the product and they decide what you should see, you get to decide – and have a say, if voting floats your boat.

Firefox Profiles

So you might know that /Applications/Firefox.app/Contents/MacOS/firefox-bin --ProfileManager will launch Firefox’s profile manager. Ran into a bit of a surprise when I couldn’t get the profile manager to open, even by deleting profiles/prefs and caches (using Maintenance.app) plus doing other normal fixes.

Despite Terminal reporting “Error: Access was denied while trying to open files in your profile directory.” the actual problem was the Caches directory in ~/Library/Caches – instead of the client’s short username, root owned the Caches folder. Really surprised this guy wasn’t having more issues.

Thought I’d post this here in case someone else runs into what seems to be a profile folder problem but can’t fix it through the usual Firefox-specific methods. In case that doesn’t tell you all you need to know, check this link for more details, specifically the part surrounding the command you’ll use to fix it which I’ll quote here in case it helps:
sudo chown -R `id -un`:`id -gn` ~/Library/Caches
Please note I haven’t tested that on Yosemite 10.10.5 but the code doesn’t look tricky so it should work fine. It’s just a basic chown command with a couple nested commands that insert your specific username and groupname into the main command. Email me at firefoxprofiles at this domain name if you have questions!

A place for random thoughts.