MacInTouch Amazon link...
Channels
Apple, Troubleshooting, Questions

Ric Ford

MacInTouch
Thanks, Ric. I should add that Silent Knight is an immensely useful bit of software; everyone should have this.
Also, if you didn't see it:
The unusual "software update required" dialogs are the same type as those discussed last year in the iOS 12 thread and described in a rather superficial Apple support article.

The update installs the "MobileDeviceOnDemand" package, which contains updated kernel extensions and frameworks to enable older systems to work with the latest versions of iOS. It also install a "CoreTypes" package containing updated icons for iOS devices.

If anyone wants a detailed listing of the latest package contents, drop me a note at josehill at gmx.com.
 


After installing it on a macOS 10.13 Mac running macOS Server, the built-in PHP can no longer send emails via the local host mail server.
Interesting! I had the opposite experience. I have a macOS 10.13 Server running Server.app 5.6.3 that runs a couple of PHP apps. For a couple of years it hasn't been able to send emails. I didn't much need that feature so didn't care much. But after installing this latest Security Update and rebooting (no other changes), it's now able to send emails!
 


My iMac is currently running Mojave 10.14.6, and for several days now I am being told that an update is due — the problem is that I get no information about what update this is.

I have "Automatic Updates" selected, but so far, this update isn't automatic.

I really don't want to update to macOS 10.15 for a number of reasons, and I worry that this is what Apple wants me to do. Is there a way to check what update this is?
If your Mac is owned by an organization and is managed by device management software such as JAMF Pro, it's possible that there's an update, such as Catalina, that Apple (and your computer) is telling you is technically available, but is being blocked - usually for a good reason - by your IT management staff.

Need evidence that your computer is being managed? Open System Preferences, and see if there's a Profiles preference pane. JAMF profiles are listed as device profiles, with accompanying explanatory descriptions. Other legitimate services can also insert a profile, but some malware strains have been known to use profiles to help them assert control.
 


Ric Ford

MacInTouch
Some system update notes* for what they're worth, as I work through some experiments/issues:

I reformatted the internal drive of a 2018 MacBook Pro then (as expected) had to boot with Command-R into Internet Recovery mode to reinstall macOS. I got macOS 10.13.6 but it was missing a bunch of security updates.
Finding available software
Software Update found the following new or updated software:
* macOSInstallerNotification_GM-2.0
macOS Installer Notification (2.0), 1789K [recommended]
* iTunes Device Support Update-
iTunes Device Support Update ( ), 105805K [recommended] [restart]
* CompatibilityNotificationData_10_13-1.0.5
CompatibilityNotificationData (1.0.5), 77K [recommended]
* MRTConfigData_10_14-1.50
MRTConfigData (1.50), 4100K [recommended]
* MRTConfigData_10_14-1.49
MRTConfigData (1.49), 4109K [recommended]
* Security Update 2019-006-10.13.6
Security Update 2019-006 (10.13.6), 2263855K [recommended] [restart]
* Safari13.0.3HighSierraAuto-13.0.3
Safari (13.0.3), 66116K [recommended]
* iTunesX-12.8.2
iTunes (12.8.2), 273614K [recommended]
Oddly, SilentKnight reports that EFI firmware is up to date but that the T2 security/storage chip code is not.
SilentKnight said:
Mac model MacBookPro15,2
EFI version found 220.270.99.0.0 (iBridge: 16.16.6571.0.0,0); expected 220.270.99.0.0 iBridge 17.16.11081.0.0
...
MRT 1.35 should be 1.50
(*This was the start of yet another experiment with updating from macOS Sierra to either High Sierra or Mojave. These updates have not been at all easy, nor fast, nor pleasant in my own personal experience with my own production systems. If I have enough time, I may catalog issues later.)
 


Ric Ford

MacInTouch
Some system update notes* for what they're worth, as I work through some experiments/issues: I reformatted the internal drive of a 2018 MacBook Pro then (as expected) had to boot with Command-R into Internet Recovery mode to reinstall macOS. I got macOS 10.13.6 but it was missing a bunch of security updates.
Bash:
Finding available software
Software Update found the following new or updated software:
   * macOSInstallerNotification_GM-2.0
    macOS Installer Notification (2.0), 1789K [recommended]
   * iTunes Device Support Update-
    iTunes Device Support Update ( ), 105805K [recommended] [restart]
   * CompatibilityNotificationData_10_13-1.0.5
    CompatibilityNotificationData (1.0.5), 77K [recommended]
   * MRTConfigData_10_14-1.50
    MRTConfigData (1.50), 4100K [recommended]
   * MRTConfigData_10_14-1.49
    MRTConfigData (1.49), 4109K [recommended]
   * Security Update 2019-006-10.13.6
    Security Update 2019-006 (10.13.6), 2263855K [recommended] [restart]
   * Safari13.0.3HighSierraAuto-13.0.3
    Safari (13.0.3), 66116K [recommended]
   * iTunesX-12.8.2
    iTunes (12.8.2), 273614K [recommended]
Oddly, SilentKnight reports that EFI firmware is up to date but that the T2 security/storage chip code is not.
SilentKnight said:
Mac model MacBookPro15,2
EFI version found 220.270.99.0.0 (iBridge: 16.16.6571.0.0,0); expected 220.270.99.0.0 iBridge 17.16.11081.0.0
...
MRT 1.35 should be 1.50
I then installed all available updates in the Mac App Store (encountering confusing behavior with reboots etc.) and checked again to find more confusing changes and omissions:
SilentKnight said:
EFI version found 1037.40.124.0.0 (iBridge: 17.16.11081.0.0,0); expected 220.270.99.0.0 iBridge 17.16.11081.0.0
...
Finding available software
Software Update found the following new or updated software:
* macOSInstallerNotification_GM-2.0
macOS Installer Notification (2.0), 1789K [recommended]
* CompatibilityNotificationData_10_13-1.0.5
CompatibilityNotificationData (1.0.5), 77K [recommended]
* MRTConfigData_10_14-1.50
MRTConfigData (1.50), 4100K [recommended]
* MRTConfigData_10_14-1.49
MRTConfigData (1.49), 4109K [recommended]
A restart didn't fix this, nor did updating SilentKnight to the very latest version, so I pushed the Update button in Silent Knight, which finally got this High Sierra system up to date, at least.
SilentKnight said:
Finding available software

Downloading CompatibilityNotificationData
Downloading MRTConfigData
Downloading macOS Installer Notification
Downloaded CompatibilityNotificationData
Downloading MRTConfigData
Downloaded macOS Installer Notification
Downloaded MRTConfigData
Downloaded MRTConfigData
Installing CompatibilityNotificationData, MRTConfigData, MRTConfigData, macOS Installer Notification
Done with CompatibilityNotificationData
Done with MRTConfigData
Done with MRTConfigData
Done with macOS Installer Notification
Done.

Latest updates installed:
MRT 2019-11-10 20:56:23 +0000 : 1.50
Typing "macOS Mojave" into the Mac App Store search box turns up nothing but garbage with no sign of macOS 10.14 Mojave. (What's wrong with this picture...)

But, thanks to MacInTouch community members, we have the special key:

https://apps.apple.com/us/app/macos-mojave/id1398502828?mt=12

Oh, there's the Mojave now. Let's try downloading it and seeing what happens....
 


My macOS 10.13.6 clean install is not so simple, trying to avoid APFS and having ownership conflicts after using the Migration Assistant.

I clean-installed macOS 10.13.6 to a new SSD via a bootable USB installer, which auto-converted to APFS. The terminal command to prevent APFS conversion did not work:

startosinstall --converttoapfs NO --volume /Volumes/SSD --agreetolicense

saying "error: could not find osInstallerSetup.Framework...".

I've read to start the installer from the Terminal with no parameters once to bypass that error, but that did not work. Any ideas? I used a new copy of the installer with the new security certificate.

Moving on, I let the installation proceed and created a new user account, since I did not want to restore my old user account to an unencrypted SSD. After installation, I Carbon Copy Cloned to another empty SSD, erased [the original drive] to GUID/Mac OS Extended (journaled), and cloned back. After the OS was cloned, CCC asked to clone the recovery partition and resized the volume. The result was High Sierra without APFS, and a recovery partition.

I rebooted, turned on FileVault, then used Migration Assistant to import my user account, which was successful. Now I have two user accounts with two different names. My imported User ID number changed from 501 to 502, because the new account i created first took the 501 spot.

All my standard mp4/h.264 movies now play fine, where some played and some didn't before with "An unknown error occurred (1718449215)". As I suspected, there was something bad with my old OS installation. But, ownership for most of my things is tied to the new user 501, not my main imported user, now 502, and [the option] to change that is grayed out.

As a renumbering experiment, I logged into my main 502 account, I changed the new account from 501 to 503 with Advanced Options under Users & Groups and rebooted into that account. This message would never go away: "macOS needs to repair your Library to run applications."
So much for Apple making this simple.

Unless someone has a tip for fixing the installation command or has another suggestion I'm debating:
- Reinstall macOS 10.13.6 over my existing installation to maybe fix issues, then clone to the new SSD.​
- Erase and reinstall to the new SSD, and import my user account without creating an additional account.​

I guess I won't worry about FileVault being initially disabled.... Any advice with this mess is appreciated.
 


Ric Ford

MacInTouch
... Oh, there's the Mojave now. Let's try downloading it and seeing what happens....
Well, the Mojave installer worked (once I located it behind the Mac App Store invisibility screen), leaving the 2018 MacBook with:
Model Identifier: MacBookPro15,2
Boot ROM Version: 1037.40.124.0.0 (iBridge: 17.16.11081.0.0,0)
System Version: macOS 10.14.6 (18G103)
And SilentKnight says:
EFI version found 1037.40.124.0.0 (iBridge: 17.16.11081.0.0,0); expected 220.270.99.0.0 iBridge 17.16.11081.0.0
... MRT 1.48 should be 1.50

Finding available software
Software Update found the following new or updated software:
* MRTConfigData_10_14-1.50
MRTConfigData (1.50), 4100K [recommended]
* CompatibilityNotificationData_10_14-1.0.6
CompatibilityNotificationData (1.0.6), 77K [recommended]
* MRTConfigData_10_14-1.49
MRTConfigData (1.49), 4109K [recommended]
* Security Update 2019-001-10.14.6
Security Update 2019-001 (10.14.6), 1511754K [recommended] [restart]
* Safari13.0.3MojaveAuto-13.0.3
Safari (13.0.3), 67268K [recommended]
Confusingly, Mac App Store doesn't list those needed updates but does show updates for Configurator 2, Pages, Numbers, iMovie and Keynote.

System Preferences doesn't show any of the missing updates, but it's pushing to install macOS Catalina...

... Oh, I see now: hidden behind a little "More info..." link below the macOS Catalina push are other updates: Security Update 2019-001 10.14.6 and Safari 13.0.3. So, I guess Safari's part of the "system" and not an "app", but Configurator 2 is an "app" and not part of the "system."

I think I'll use SilentKnight's "Install all updates" button. (I don't think it'll cram Catalina onto this Mac.)
 


Ric Ford

MacInTouch
... Any advice with this mess is appreciated.
I think the simplest approach would be this:
  1. Format external SSD to APFS encrypted.
  2. Clean-install High Sierra on the external, encrypted SSD.
  3. Boot off the external SSD (and check that it's still encrypted).
  4. Run Migration Assistant to import your original system to the encrypted external APFS drive.
  5. If all looks OK, then reformat the internal drive to HFS+ encrypted.
  6. Clone the APFS system to the encrypted HFS+ volume (using Carbon Copy Cloner).
  7. Verify you can boot (Set Startup) to the HFS+ encrypted volume and that all looks good.
  8. (Consider using the encrypted APFS external as a backup clone via Carbon Copy Cloner.)
 


Ric Ford

MacInTouch
I think I'll use SilentKnight's "Install all updates" button.
While this worked, it involved more confusing behaviors and hoops... but eventually, it seems that I got to an up-to-date macOS Mojave system:
SilentKnight said:
✅ System Integrity Protection status: enabled.
✅ XProtect assessments enabled
✅ FileVault is On.
macOS Version 10.14.6 (Build 18G1012)
Latest updates installed:
MRT 2019-11-10 23:40:16 +0000 : 1.50
Mac model MacBookPro15,2
EFI version found 1037.40.124.0.0 (iBridge: 17.16.11081.0.0,0); expected 220.270.99.0.0 iBridge 17.16.11081.0.0
✅ EFI firmware appears up to date.
✅ XProtect 2107 should be 2107
✅ Gatekeeper 181 should be 181
✅ MRT 1.50 should be 1.50
✅ TCC 17.0 should be 17.0
✅ KEXT 14.5.1 should be 14.5.1
✅ Software Update Tool

Finding available software
No new software available.
But... as others have noted, you can't say "no" to Apple and its incessant harassment: System Preferences flags "1 update" and pops a red alert badge over Software Update when you open System Preferences.

What's this update you need to install and won't be left alone about? You guessed it: macOS Catalina....

I haven't downloaded nor had macOS Catalina anywhere near any of my Macs (nor any I support), but SilentKnight's report:
EFI version found 1037.40.124.0.0; expected 220.270.99.0.0
suggests that Apple managed to sneak Catalina firmware onto this computer via a silent pre-Catalina software update....
 


So, thanks to MacInTouch and Tony Aguila, I went to the Apple upgrade page
and downloaded a new installer today. It had been totally invisible from the App Store on several computers, despite previous “purchases” and many searches.
However, the 6GB installer I downloaded to get the new certificates was, to quote Apple, “damaged and can’t be used”.

Yes, Apple are still allowing you to download their own out-of-date software and then telling you their own software is damaged. Shameful. Once I reset the date on my computer to 2018, it all worked fine.
P.S. Reset the date ASAP, or you will run into other problems (broken Wi-Fi network in my case).
I have run into exactly the same problem several times recently with a known, tested, and working good Mojave installer and also trying other Mojave installers still in the Applications folders on client computers, so I assumed Apple is trying to force-march every computer that can run Catalina to do so by blocking the installation of Mojave with a fraudulent "error message". I'll try it again on one of my frustrated client's computers using the date reset work around. Thank you, Douglas.
 


I mentioned above, but when I ran in to the same Issue (non-working newly downloaded Mojave installer), a reboot solved the issue. Alternatively, removing a file from the installer package also worked. Other options to try for those who may not be able to change the date for some reason.
 



Ric Ford

MacInTouch
This thread alone containing macOS downloads, tools, and techniques is well-worth our continued support to the MacInTouch website. Thanks to all contributors, my monetary support is being posted today and I hope other readers will recognize the value and do the same.
Thank you, Howard (I was just about to email you the same), and thanks also to all the other supporters who have, against the odds, managed to keep this website going all this time!

Others who might wish to help with critical support can find all the details here:


And please be sure to take full advantage of our MacInTouch Amazon link for all the sale prices and other Amazon benefits during this shopping season!
 


Ric Ford

MacInTouch
... I haven't downloaded nor had macOS Catalina anywhere near any of my Macs (nor any I support), but SilentKnight's report ... suggests that Apple managed to sneak Catalina firmware onto this computer via a silent pre-Catalina software update.
I verified this with Howard Oakley (SilentKnight creator), who provided the details – the silent Catalina firmware affects hit all T2-based Macs when installing the last Mojave and High Sierra Security Updates.
Eclectic Light Co. said:
What changed in Mojave 10.14.6 Security Update 2019-001?
... Included with this update, but not mentioned anywhere, are firmware
updates for all models with T2 chips, which in this case brings their
firmware version numbers into alignment with those of T2 Macs which have
been upgraded to 10.15.1.

However, models which lack the T2 chip don’t
have any firmware updates on this occasion, which leaves them 1-3
versions behind the same model which has been upgraded to Catalina.
 


I just set up a VMware Fusion High Sierra virtual machine on a 2018 Mac Mini running Catalina. The installation worked after I reset the date to November 2017, but, during the installation, Mail failed to connect to a Gmail account, and my Firefox extensions were disabled. So, before resetting the date, it's wise to quit applications that might be affected. Podcasts seemed to be unaffected, possibly because it had already updated subscriptions for the day.
 


I'm going blind following Ric's adventures in macOS upgrades!

Seriously, I had a 2011 Mac Mini that I wanted to give to a nephew. I replaced the stock hard disk drive with a 500GB Crucial SSD and booted into Internet Recovery. It wanted to install OS X Lion, but failed. (Note: I'm realizing its 16 GB RAM prevented this – apparently I should have pulled a DIMM?).

I should have ripped out the SSD, put it in a dock and installed that way. But, no. I even tried Thunderbolt Target Disk Mode for the 2011 Mac Mini, but Mojave wouldn't recognize it. I didn't give up. I made a High Sierra installer (highest macOS permitted) with Apple's instructions on its downloads site. (Again, I had the fortune of another Mac that was on Mojave to get High Sierra from. I left my OS X 10.11 - macOS 10.15 USB installers at work... sigh). Note: Make bootable SSD, install, then finish -- time is of the essence!

I did find that there is a mod out there to trick the Catalina installer to go on this 2011 Mac, but I don't want to give this to someone in an "unsupported" state.

I also am giving a great-nephew a Core i5 Dell I bought as surplus. Put in a discarded 4GB GPU and refurb 500GB SSD, along with some cobbled DIMMs (for 32GB RAM). Putting Windows 10 on this was way easier! I used Rufus to make a bootable drive, and I had a Windows 10 installer upgrade that connected to Microsoft, got the latest Windows 10 Home (as it used the Windows 7 Home key that was on the Dell). Done.

It took 40 minutes, as I had to format, select partition, download installer, let Windows do updates, and then final boot to create my user as admin and finalize Dell Bios and updates with Dell Command|Update. (I'm a good uncle.)
 


...But... as others have noted, you can't say "no" to Apple and its incessant harassment: System Preferences flags "1 update" and pops a red alert badge over Software Update when you open System Preferences...
This drove me to add the following to a "Login Items" AppleScript I have used for years for some basic house-keeping:
AppleScript:
do shell script "defaults write com.apple.systempreferences AttentionPrefBundleIDs 0;killall Dock"
(Obviously this could easily just be a shell script at startup.)

It seems to keep the dreaded "Red Dot" suppressed.
 



Ric Ford

MacInTouch
TidBits reports that interrupting Security Update 2019-001 installation on a Mac with a T1 or T2 security chip can cause a variety of issues, from lockups at boot to crashes after login.
Here’s more about this major data-loss issue:
Mr. Macintosh said:
Mojave 2019-001 Security Update Causing Data Loss if Interrupted
This issue was first reported about one month ago on the MacAdmins Slack. It was reported that after some users installed the Mojave 10.14.6 Supplemental Update #3, they were unable unlock their Mac with the FV2 Password or PRK. The issue was not widely reported though so it was thought to be a fluke.

All this changed when the Mojave 2019-001 Security Update was released. MacAdmins started to report the problem again.
I have a Mac that just finished installing the 2019-001 Security Update. I can’t get past the FileVault 2 screen with the password or Personal Recovery Key.
MacAdmin User Report
More and more MacAdmins are starting to report this devastating 2019-001 FileVault can’t login issue.
...
This issue affects the following macOS Updates.
  • (18G1012) Mojave Security Update Released on 10/29/19
  • (17G9016) High Sierra Security Update 2016-006 – 10/29/19
  • (18G103) Mojave Supplemental Update #3 – 9/26/19
...
Currently no known workaround is available. We have tried multiple things.
  • Mounting the disk in the Recovery Terminal
  • Mounting the disk in Disk utility
  • Target Disk Mode
...
The black screen BridgeOS update process has been around since 2018. Something must have changed in the 2010-001 Security Update. If you have this issue please report it to Apple ASAP.
#dataloss #t2 #firmware #securityupdate #applequality #bridgeos #security
 


Apple recently offered refreshed installer files of several operating systems due to the certificate issue.
I followed the instructions from this support page:
I downloaded all new installer files and tried to create bootable USB-sticks. This worked with all versions except macOS Sierra (10.12). I downloaded the Sierra installer several times, but the installer is defective. I could not update an existing installation nor could I create a bootable media.
Anybody else?
 



Apple recently offered refreshed installer files of several operating systems due to the certificate issue.
I followed the instructions from this support page:
I downloaded all new installer files and tried to create bootable USB-sticks. This worked with all versions except macOS Sierra (10.12). I downloaded the Sierra installer several times, but the installer is defective. I could not update an existing installation nor could I create a bootable media.
Anybody else?
I realize this isn't directly applicable to your Sierra difficulties, but it might help. Maybe try this macOS Sierra Patcher app to get a Sierra installer download.... I was able to download a full 6.05GB installer for Mojave using Dosdude1's "macOS Mojave Patcher" using the option from the Tools menu. When I saved it into my Applications folder then tried to run it, I got a message that it was damaged and unusable (forget the exact wording). When I downloaded it to my desktop, it fired right up and was ready to run. I used that copy and "DiskMaker X 8 for macOS Mojave" to create a bootable USB drive installer, which also booted up and was ready to run the installer. (After all that, I went to install it on my Mac Mini and realized it is a 2011 model that only supports up to High Sierra, so I have not yet run through a full install of Mojave, but it appears it should work fine.)
 


Ric Ford

MacInTouch
Confusion continues with Apple updates (and I now wonder if the stealth Catalina firmware updates secreted in pre-Catalina security updates happen to disable FireWire booting, as with Catalina):
Mr. Macintosh said:
2019 16" MacBook Pro Catalina 10.15.1 Supplemental Update (19B2106)
To accompany the new 16″ MacBook Pro, we have a forked Build Version of macOS Catalina 10.15.1 (19B2106) Installer.app. We also have a macOS Catalina 10.15.1 supplemental update.
The macOS Catalina 10.15.1 supplemental update improves the stability and reliability of displays and peripherals with MacBook Pro (16-inch, 2019).
–Catalina 10.15.1 supplemental update notes
I am not sure what’s going on with this update. You would think that all the new 16″ MacBook Pros would just ship with (19B2106). If not then what is the Supplemental update for?

I found the shipping 16″ 10.15.1 BuildVersion Number 10.15.1 (19B2093)
This means that as soon as you receive the new 16″ MacBook Pro, the 10.15.1 Supplemental Update (19B2106) will show as available.

Model Name
The model name for the new is MacBookPro16,1

Product ID

macOS Catalina 10.15.1 Supplemental Update = 061-32959
MacOS Catalina 10.15.1 Full Forked Installer.app = 061-45871

BridgeOS Update

This update brings BridgeOS up to 17.16.11600

Update Size

10.15.1 Full Installer.app (19B2106) = 8.65gb
macOS Catalina 10.15.1 Supplemental Update = 8.16gb

This does not really make any sense. Again the Supplemental Update is 8.16gb!!!! only about 500mb smaller than the full install!
 


For those of you needing to make a macOS 10.12 Sierra installer, I have found a way to do it.

While using VMware Fusion to install macOS 10.12, I noticed a message saying "Creating Install Media" Inside my folder where I keep all my VMs, is where Fusion stores its files. While Fusion was installing, I right-clicked on the VM, chose "Show Package Contents", and inside was a disk image which was named
Temporary Installation Source Disk.dmg

I waited until the initial install steps were finished, and when the VM rebooted and was back online, it gave me the "n minutes for installation." I copied the Temporary Installation Source Disk.dmg and pasted it to my desktop.

VMware Fusion cleans up after itself, so the temporary dmg seems to disappear after Fusion is done with it.

I then used balenaEtcher to copy the DMG to a USB drive. (I tried to use Disk Utility, but it refused to do a restore on this image.)

Once that was done, I rebooted my 2015 MacBook 15" with the flash drive in it, and it booted and came up with the language chooser menu. I've tested the USB, and it installed macOS 10.12 fine on an external hard drive.

If you don't own Fusion, they do have a 30-day trial, so you can grab that and use it to pull off this trick. That said, it is a large amount of work in order to get a USB installer, but it saves a huge amount of frustration trying to get Sierra's createmediainstaller tool to work.
 


For those of you needing to make a macOS 10.12 Sierra installer, I have found a way to do it.

While using VMware Fusion to install macOS 10.12, I noticed a message saying "Creating Install Media" Inside my folder where I keep all my VMs, is where Fusion stores its files. While Fusion was installing, I right-clicked on the VM, chose "Show Package Contents", and inside was a disk image which was named
Temporary Installation Source Disk.dmg
I believe Fusion is using Bash script "VMware Fusion.app/Contents/Library/Create Mavericks Installer.tool" to create the install media. A user could do the same series of commands.

But isn't that what the various utilities for creating install media are doing?
 


I think the simplest approach would be this:
  1. Format external SSD to APFS encrypted.
  2. Clean-install High Sierra on the external, encrypted SSD.
  3. Boot off the external SSD (and check that it's still encrypted).
  4. Run Migration Assistant to import your original system to the encrypted external APFS drive.
  5. If all looks OK, then reformat the internal drive to HFS+ encrypted.
  6. Clone the APFS system to the encrypted HFS+ volume (using Carbon Copy Cloner).
  7. Verify you can boot (Set Startup) to the HFS+ encrypted volume and that all looks good.
  8. (Consider using the encrypted APFS external as a backup clone via Carbon Copy Cloner.)
Thanks for your advice Ric. I've tried some different things with new sets of problems, I need help with, please. Reinstalling the full macOS 10.13.6 and the latest Security Update over my existing OS didn't fix anything.

I clean-installed to a new SSD and imported my user folder as the only user (501). After importing, it said, "Could not create username", but when I continued, there was my username, and it appeared to be fine without close examination. Could something be missing or bad? On my earlier attempt, the same user folder imported fine as a second user, so I don't think it's damaged, and I wanted to avoid the ownership conflicts I experienced before doing it that way.

Going to the FileVault system preference, it says "Some users are not able to unlock the disk". I formatted and encrypted the disk before installation, and my imported user account appears to access the disk fine after typing in the FileVault encryption password, so I'm not sure how real that error is.

As I read here, using the command:
sudo sysadminctl -secureTokenStatus username
I verified that my imported admin account and all other accounts say "Secure token is disabled". Presumably that is what is causing the unlock disk error, even though the disk appears to unlock fine.

Trying the command
sudo sysadminctl -secureTokenOn username
says “Operation is not permitted without secure token unlock.”

How do I enable the token? Trying this suggestion did not work:
I was able to create a new user with a valid token by running the setup wizard again. To do that, run this command in Terminal: sudo rm /var/db/.AppleSetupDone, and then reboot.
Also, creating a new user in System Preferences and logging into that user did not have the token enabled.

It makes me wonder if I should do a clean install and manual migration of all my data, but I've had [luck] with Apple's Mail working when I've done that before, so I probably missed a folder. Can someone please help?
 


Ric Ford

MacInTouch
Thanks for your advice Ric. I've tried some different things with new sets of problems, I need help with, please...
First of all, did you choose "Case-sensitive" when formatting? If so, that's likely to be a problem, and I recommend formatting non-case-sensitive.

If that's not the problem, you've probably just run afoul of the new, invisible hurdles Apple has created in APFS, which are absurdly confusing. However, you're not the first person to encounter them, and here's some information I dug up previously about the whole ridiculous mess:
#securetoken #filevault #apfs #migration #sysadminctl
 


If that's not the problem, you've probably just run afoul of the new, invisible hurdles Apple has created in APFS, which are absurdly confusing. However, you're not the first person to encounter them, and here's some information I dug up previously about the whole ridiculous mess:
Ric is smart, but we already knew that. Thanks, Ric, for the links and suggestions! Reading the Carbon Copy Cloner link, it sounded like all I had to do to make my installation work is throw all security considerations out the window and not encrypt my destination SSD. I formatted as APFS unencrypted, macOS 10.13.6 installed fine, and my user account imported on my Mac Pro 2010. No failures, "it just works", as Apple would say! I haven't tried Carbon Copy Cloning it to a different [HFS+] SSD yet, but I suspect that will work as long as both SSDs are unencrypted.

Unfortunately, part of the reason for this clean install was to bypass that QuickTime mp4/m4v error I talked about before. My earlier failed installation attempts would play these mp4s fine with my imported account. This successful setup, which I just did, now generates the same errors. Argh!
Use of the requested Audio Unit(s) [Wikipedia] require lowering the security settings for “QuickTime Player”. Are you sure you want to proceed?
If I choose "Cancel", it says "Cannot create file."
If I choose "Lower security settings", then it says "An unknown error occurred (1718449215)" and gives that error with every subsequent attempt.

Some mp4's play in QuickTime Player 10.4 and iTunes, and some mp4's don't play. It's random. They all play fine in VLC and QuickTime Player 7.

If I create a new user account, these standard mp4/h.264 files all play fine in QuickTime Player 10.4 and iTunes.

Clearly, these videos that have always worked before the last security update are not the problem. There must be a cache or preference file that needs to be deleted and recreated. Does anyone have any ideas?

Deleting "com.apple.QuickTime.plist" doesn't help. In the past, I've tried Cocktail to clear all the caches, but I haven't tried Onyx (assuming both are still compatible amidst all the High Sierra security updates). Searching for answers, I find a lot of people with my same question going back to macOS Sierra, but no clear answer.

My only other idea is to use some unknown program to watch what file might be created when it says "Cannot create file." I can't remember what program will watch and graph such changes. Thanks, everyone.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts