The Cloud Kit Key State Controller

Each key in the Cloud Kit Key State Controller is considered a “View” with a number of metadata values. Views include AutoUnlock, Engram, Health, Home, ApplePay, and Manatee views. The /usr/sbin/ckksctl binary can be used to reset keys, useful when troubleshooting sync issues. 

To start, let’s run a status:

sudo /usr/sbin/ckksctl status

To reset, run the command again, with a reset verb:

sudo /usr/sbin/ckksctl reset

Reset Connections To ApplePay and Health With ckksctl

I’ve seen a few issues now where ApplePay and Health stopped working properly on a Mac and iOS device and when you fixed one, it seemed to wreck the connection with the other. Turns out that the information on a local system is managed with the new(ish) ckksctl command. Using ckksctl is pretty straight forward. First, let’s look at what’s on the Mac, using the ckksctl command with the status verb:

/usr/sbin/ckksctl status

There will be a section for ApplePay and another for Health. Here, if the services are configured, you should see the following in that section:

CloudKit account: logged in

Now, let’s force a pull of what’s in iCloud using the fetch verb:

/usr/sbin/ckksctl fetch

A successful sync will simply exit. However, that doesn’t mean that the keys are actually working. So if the issues persist, what we’re going to do is reset what’s in the local system and then pull the information from CloudKit again and show the status:

/usr/sbin/ckksctl reset; /usr/sbin/ckksctl status

Additionally, if you feel the local system is correct and the CloudKit data is incorrect then you could do the opposite and push a fresh config from the client to CloudKit:

/usr/sbin/ckksctl reset-cloudkit; /usr/sbin/ckksctl status

This has resolved issues I’ve seen. The status is also useful to track what a client has been configured to access. Please feel free to comment if you’ve had other experiences as I’ve found practically no information on this command.

Reset Apache In OS X Server To Factory Defaults

The serveradmin command can also be used to run commands. For example, to reset the service to factory defaults, backup then delete the configuration files for each site and then run the following command: sudo serveradmin command web:command=restoreFactorySettings This is pretty timely as I’ve seen a very high rate of pretty messed up configurations from the Server 4 to Server 5 upgrades. Basically, what seems to happen is that older servers, that were running let’s say Server 2 and Server 3 and Server 4 and now Server 5 will have a little cruft. Sites with older configurations that are incompatible with the latest proxy-based config. And finding the specific problem vs the time it takes to just reset and rebuild any specific settings is rarely worth it. So, there ya’ go. If you get errors like “Websites are turned off. An administrator can turn them on using the Server application.”  when you try to view any page other than the index.html page of a custom site, then you can probably just trash the config and go from there. Enjoy.

Reset A Forgotten PIN Code On An Apple Watch

If you use Apple Pay, you’ll be forced to configure a PIN code on that shiny new Apple Watch of yours. If you forget that PIN code, you’ll likely end up on Google looking for a way to unlock it. Never fear, the Googs has come to the rescue. There are a few different options. If you selected to unlock with a phone unlock, then you need only unlock your phone. But if you did that, you wouldn’t be here… maxresdefault The next option is to log in and reset the watch manually. But again, if you could do that, you wouldn’t be here… So next, grab your charger and then press and hold the side power button on the watch. This brings up a little Power Off button (along with a Power Reserve and Lock Device button). Then do a Force Touch (press hard) on the Power Off button. It takes me five or six tries to get the button to come up, but when you do it just right, you’ll get the Erase All Content and Settings menu. Then pop the watch back on the charger and when prompted, tap Erase. You’re then able to restore a backup or set the watch up from scratch. Here’s to hoping you didn’t steal it!

Factory Reset Your Apple Watch

You loved your Apple Watch. It was awesome. But then something happened. Maybe it got glitchy. Maybe it got weird. Maybe you want to sell it and so just want to get it back to factory defaults first. Well, either way it’s easy. To reset your watch, open the Settings app. IMG_3643 Open the General app. IMG_3644 Tap Reset at the bottom of the list. IMG_3645 When prompted, tap Erase All Content and Settings on the Apple Watch. IMG_3538 Once done, unless you’re getting rid of the watch, you’ll want to pair it again. To do so, follow the instructions in this article: Or, you can restore your device by selecting a device to restore the backup from. IMG_3487

Reset the Server App in Yosemite Server

The Server 3 app that comes with Yosemite (aka Yosemite Server if you’re a Yosemite Sam fan) is great. But when you go making changes to some things, you’re just going to cause problems, sometimes something as simple as just upgrading to the latest and greatest version of Server… I know, you’ve been told that host name changes and IP changes are all kinds of OK at this point; “look, Charles, there’s a button!” Well, go ahead, click it. Don’t mind me, you might just be alright. But then again, you might not… And upgrades that use a migration wizard… Um, when it works it’s a thing of beauty. But when it doesn’t, you might be restoring some stuff from backup. But just before you do that restore, let’s try one more thing. Let’s try and rebuild some certificates and configuration settings that shouldn’t impact actual service operation. Let’s try to reset the Server app and let a fresh install of the Server see if it can fix issues.

Now, I want to be clear, this is the last resort before restoration. I’ve had a lot of luck with services remaining functional and preserving settings when I do this, but don’t expect that. Basically, we’re going to do what we looked at doing back in ’09 with AppleSetupDone but one designed just for servers, so the file is in the same place (/var/db) and called .ServerSetupDone. To remove it, close Server app and run the following command:

sudo rm /var/db/.ServerSetupDone

Once removed, open the Server app again and then let the Server app run as though it’s new. Cruft, begone!

Resolving Corrupt journal.db Files in Kerio

Sometimes it seems like sqlite just isn’t equipped for some tasks. Sometimes it seems like some developers aren’t. Sometimes it ends up being a mystery as to what is really going on behind the scenes. Like watching CNN on a television right next to Fox News at the gym. Both can’t be reality. But what is real, is that journabl.db files get corrupt in Kerio all the time. And the logs often say something about SQLITE_CORRUPT &/or “database disk image is malformed”. To correct, first stop the Kerio server, then nuke the .journal.db file. Assuming the mail store is /usr/local/kerio/mailserver/store/mail on a Mac (swap /usr/local with /opt if using Linux) then the command to do so would be: rm /usr/local/kerio/mailserver/store/mail/.journal.db Then start up Kerio and the .journal.db file will automatically rebuild and the errors about some malformed whatnot should be out of those logs.

Saved Application States in Lion

Every new feature comes with its own troubleshooting as most will, if only eventually, have problems. Lion comes with a cool new feature where the state of each application is saved and when the application is re-opened the windows are just as you left them when closed, even in the same positions on the screen. This can be pretty useful with something like Terminal, where I often don’t restart the app for long periods of time because I want to see my recent history across multiple sudo’d users. When you open Terminal, the previous commands are grey, but there. But I’ve run into a few instances where an application crashed and continued to do so upon restart. The way I was able to remedy this was to trash that application’s Saved Application State directory, kept in ~/Library/Saved Application State. Each application should have an entry in here using the typical property list format naming convention (e.g. com.krypted.myapp.savedState). Trash that folder with the app closed and it will open fresh and clean. To do so (continuing on with the com.krypted.myapp.savedstate example): rm -Rf ~/Saved Application State/com.krypted.myapp.savedstate Finally, it’s worth noting that some applications store certain aspects of saved states in their default domain. So if you’re clicking on a tab in a System Preference pane, keep in mind that to reset some things you might need to locate the correct plist file and nuke the settings within the plist.

Finding iOS Device PINs

Each time you sync an iOS based device, a backup is made (unless you disable the option). These are stored in ~/Library/Application Support/MobileSync/Backup. Here you will find a number of folders, each beginning with the UDID of the iPhone, iPad or iPod Touch that has been backed up. The contents of these folders can be used to restore a device in the event that the device falls outside your control. Within the folders are a bunch of files with alphanumeric names that look garbled, even though some can be viewed using a standard text or property list editor (while others are binary). But there are also a bunch of other files in here. These can be parsed using a script, such as this one (which parses the database files), or you can use a GUI tool to put Humpty Dumpty back together again, such as iPhone Backup Extractor. When you open iPhone Backup Extractor, click on the Read Backups button and you will be shown a list that should correspond (albeit using prettier names) to the entries in the Backup directory. Select the one that you would like to extract and then click on Choose. From here, click on iOS Files and then click on Extract. You will then be asked where to extract the file to. Choose a location. Once extracted you can find out a lot of information about the apps you use and how they interact with your data. Most useful applications are going to cache your data (that’s what makes most of them useful) so don’t be surprised to see data such as conversations, contacts and even passwords in raw text or sqlite databases that you might not have thought so easily accessed (even without your phone). Keep in mind, the iTunes backup is considered secure to your iOS based device and if a user profile shouldn’t be considered secure then there is an Encrypt iPhone backup option available in iTunes that makes this whole process a moot point… Anyway, back to finding that pincode… Next, browse into the extracted iOS Files and then into the Library/Preferences directory. Here you will find a file called with a SBParentalControlsPin key. I extracted my files on my test device to my desktop, so I can see this with a quick defaults command: defaults read /Users/seldon/Desktop/iOS Files/Library/Preferences/ SBParentalControlsPIN If a iPhone backup has been encrypted then it can be decrypted only if you know the correct password to decrypt. Once you have the passcode, you can safely manage the device again. There are also a lot of other things that you can enjoy playing around with if you’re interested to see what kind of data is stored where, either in the operating system or for each application (eg – is why I can never seem to remember my wifes phone number). While much of the data for an iOS based device is stored in property lists, some is also stored in a sqlite database (typically in .sqlitedb files). You can interact with these via the sqlite3 command, built into Mac OS X or using a tool such as if you’re not into SELECT commands in sqlite3. Overall, there is a lot of information that can be learned playing around with this stuff. If you haven’t given it a shot yet, I’d recommend it. However, again, don’t be alarmed about any of the security impacts of this stuff, just encrypt the backups and it’s not an issue.