I’ve seen a few issues now where ApplePay and Health stopped working properly on a Mac and iOS device and when you fixed one, it seemed to wreck the connection with the other. Turns out that the information on a local system is managed with the new(ish) ckksctl command. Using ckksctl is pretty straight forward. First, let’s look at what’s on the Mac, using the ckksctl command with the status verb:
There will be a section for ApplePay and another for Health. Here, if the services are configured, you should see the following in that section:
CloudKit account: logged in
Now, let’s force a pull of what’s in iCloud using the fetch verb:
A successful sync will simply exit. However, that doesn’t mean that the keys are actually working. So if the issues persist, what we’re going to do is reset what’s in the local system and then pull the information from CloudKit again and show the status:
/usr/sbin/ckksctl reset; /usr/sbin/ckksctl status
Additionally, if you feel the local system is correct and the CloudKit data is incorrect then you could do the opposite and push a fresh config from the client to CloudKit:
/usr/sbin/ckksctl reset-cloudkit; /usr/sbin/ckksctl status
This has resolved issues I’ve seen. The status is also useful to track what a client has been configured to access. Please feel free to comment if you’ve had other experiences as I’ve found practically no information on this command.
krypted August 10th, 2018
Posted In: cloud, Mac OS X, Mac Security
ckksctl, reset, reset-cloudkit
Leave a Comment
The serveradmin command can also be used to run commands. For example, to reset the service to factory defaults, backup then delete the configuration files for each site and then run the following command:
sudo serveradmin command web:command=restoreFactorySettings
This is pretty timely as I’ve seen a very high rate of pretty messed up configurations from the Server 4 to Server 5 upgrades. Basically, what seems to happen is that older servers, that were running let’s say Server 2 and Server 3 and Server 4 and now Server 5 will have a little cruft. Sites with older configurations that are incompatible with the latest proxy-based config. And finding the specific problem vs the time it takes to just reset and rebuild any specific settings is rarely worth it. So, there ya’ go. If you get errors like “Websites are turned off. An administrator can turn them on using the Server application.” when you try to view any page other than the index.html page of a custom site, then you can probably just trash the config and go from there.
krypted May 7th, 2016
Posted In: Mac OS X Server
Apache, factory defaults, OS X Server, proxy errors, reset, reset configurations
If you use Apple Pay, you’ll be forced to configure a PIN code on that shiny new Apple Watch of yours. If you forget that PIN code, you’ll likely end up on Google looking for a way to unlock it. Never fear, the Googs has come to the rescue. There are a few different options. If you selected to unlock with a phone unlock, then you need only unlock your phone. But if you did that, you wouldn’t be here…
The next option is to log in and reset the watch manually. But again, if you could do that, you wouldn’t be here… So next, grab your charger and then press and hold the side power button on the watch. This brings up a little Power Off button (along with a Power Reserve and Lock Device button). Then do a Force Touch (press hard) on the Power Off button. It takes me five or six tries to get the button to come up, but when you do it just right, you’ll get the Erase All Content and Settings menu. Then pop the watch back on the charger and when prompted, tap Erase.
You’re then able to restore a backup or set the watch up from scratch. Here’s to hoping you didn’t steal it!
krypted May 19th, 2015
Posted In: Apple Watch
apple watch, lost password, lost pin code, reset
You loved your Apple Watch. It was awesome. But then something happened. Maybe it got glitchy. Maybe it got weird. Maybe you want to sell it and so just want to get it back to factory defaults first. Well, either way it’s easy. To reset your watch, open the Settings app.
Open the General app.
Tap Reset at the bottom of the list.
When prompted, tap Erase All Content and Settings on the Apple Watch.
Once done, unless you’re getting rid of the watch, you’ll want to pair it again. To do so, follow the instructions in this article: http://krypted.com/apple-watch/set-up-your-new-apple-watch
. Or, you can restore your device by selecting a device to restore the backup from.
krypted May 12th, 2015
Posted In: Apple Watch
apple watch, Device, factory restore, reset, restore, restore from iCloud backup
The Server 3 app that comes with Yosemite (aka Yosemite Server if you’re a Yosemite Sam fan) is great. But when you go making changes to some things, you’re just going to cause problems, sometimes something as simple as just upgrading to the latest and greatest version of Server… I know, you’ve been told that host name changes and IP changes are all kinds of OK at this point; “look, Charles, there’s a button!” Well, go ahead, click it. Don’t mind me, you might just be alright. But then again, you might not… And upgrades that use a migration wizard… Um, when it works it’s a thing of beauty. But when it doesn’t, you might be restoring some stuff from backup. But just before you do that restore, let’s try one more thing. Let’s try and rebuild some certificates and configuration settings that shouldn’t impact actual service operation. Let’s try to reset the Server app and let a fresh install of the Server see if it can fix issues.
Now, I want to be clear, this is the last resort before restoration. I’ve had a lot of luck with services remaining functional and preserving settings when I do this, but don’t expect that. Basically, we’re going to do what we looked at doing back in ’09 with AppleSetupDone but one designed just for servers, so the file is in the same place (/var/db) and called .ServerSetupDone. To remove it, close Server app and run the following command:
sudo rm /var/db/.ServerSetupDone
Once removed, open the Server app again and then let the Server app run as though it’s new. Cruft, begone!
krypted October 17th, 2014
Posted In: Mac OS X Server, Mass Deployment
factory reset, reset, server app hung, server.app, uninstall server
To properly go under the hood and hack around on a Samsung Chromebook 2, you’ll need to put it into developer mode. Whether using crosh or installing Chromium or other operating systems or just doing some pretty cool stuff, you’ll need to throw the thing into developer mode. Because you have so much control you should leave developer mode off when you’re not hacking around for security purposes.
Note: Before you switch back and forth, know that user accounts will be reset each time you switch.
Now, to enter developer mode, we’ll first go into recovery mode, using the Escape (ESC) and Refresh (F3) buttons on the keyboard when you press the Power button. When the Recovery screen comes up, use Ctrl-D to switch to developer mode and then when prompted, confirm and the device will reboot into developer mode (or dev-mode for the geeky). When you see the boot screen, wait 30 seconds to boot or just hit Control-D.
To switch back to normal mode from developer mode use the crossystem command followed by disable_dev_request and set that to one and then reboot. To make this a shell one-liner:
crossystem disable_dev_request=1; reboot
And that’s it. Happy hackin’!
krypted October 2nd, 2014
Posted In: cloud, Ubuntu, Uncategorized, Unix
account data, chromebook 2, crosh, crossystem, developer mode, disable_dev_request, reboot, reset, samsung chromebook, users
Sometimes it seems like sqlite just isn’t equipped for some tasks. Sometimes it seems like some developers aren’t. Sometimes it ends up being a mystery as to what is really going on behind the scenes. Like watching CNN on a television right next to Fox News at the gym. Both can’t be reality. But what is real, is that journabl.db files get corrupt in Kerio all the time. And the logs often say something about SQLITE_CORRUPT &/or “database disk image is malformed”. To correct, first stop the Kerio server, then nuke the .journal.db file. Assuming the mail store is /usr/local/kerio/mailserver/store/mail on a Mac (swap /usr/local with /opt if using Linux) then the command to do so would be:
Then start up Kerio and the .journal.db file will automatically rebuild and the errors about some malformed whatnot should be out of those logs.
krypted August 16th, 2013
Posted In: Kerio, Mac OS X, Mac OS X Server
.journal.db, delete journal, error SQLITE_CORRUPT: database disk image is malformed, journal, Kerio, MAC, Mac OS X Server, reset, SQLiteDbWriteCache.h: [Mail Path]/[Domain]/[Username]/.journal.db: runVacuum - SQLite error: code 11
Every new feature comes with its own troubleshooting as most will, if only eventually, have problems. Lion comes with a cool new feature where the state of each application is saved and when the application is re-opened the windows are just as you left them when closed, even in the same positions on the screen. This can be pretty useful with something like Terminal, where I often don’t restart the app for long periods of time because I want to see my recent history across multiple sudo’d users. When you open Terminal, the previous commands are grey, but there.
But I’ve run into a few instances where an application crashed and continued to do so upon restart. The way I was able to remedy this was to trash that application’s Saved Application State directory, kept in ~/Library/Saved Application State. Each application should have an entry in here using the typical property list format naming convention (e.g. com.krypted.myapp.savedState). Trash that folder with the app closed and it will open fresh and clean. To do so (continuing on with the com.krypted.myapp.savedstate example):
rm -Rf ~/Saved Application State/com.krypted.myapp.savedstate
Finally, it’s worth noting that some applications store certain aspects of saved states in their default domain. So if you’re clicking on a tab in a System Preference pane, keep in mind that to reset some things you might need to locate the correct plist file and nuke the settings within the plist.
krypted July 21st, 2011
Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment
application crashes repeatedly, defaults domain, Lion, reset, saved application state, troubleshooting
Each time you sync an iOS based device, a backup is made (unless you disable the option). These are stored in ~/Library/Application Support/MobileSync/Backup. Here you will find a number of folders, each beginning with the UDID of the iPhone, iPad or iPod Touch that has been backed up. The contents of these folders can be used to restore a device in the event that the device falls outside your control. Within the folders are a bunch of files with alphanumeric names that look garbled, even though some can be viewed using a standard text or property list editor (while others are binary). But there are also a bunch of other files in here. These can be parsed using a script, such as this one
(which parses the database files), or you can use a GUI tool to put Humpty Dumpty back together again, such as iPhone Backup Extractor
When you open iPhone Backup Extractor, click on the Read Backups button and you will be shown a list that should correspond (albeit using prettier names) to the entries in the Backup directory. Select the one that you would like to extract and then click on Choose. From here, click on iOS Files and then click on Extract. You will then be asked where to extract the file to. Choose a location.
Once extracted you can find out a lot of information about the apps you use and how they interact with your data. Most useful applications are going to cache your data (that’s what makes most of them useful) so don’t be surprised to see data such as conversations, contacts and even passwords in raw text or sqlite databases that you might not have thought so easily accessed (even without your phone). Keep in mind, the iTunes backup is considered secure to your iOS based device and if a user profile shouldn’t be considered secure then there is an Encrypt iPhone backup option available in iTunes that makes this whole process a moot point…
Anyway, back to finding that pincode… Next, browse into the extracted iOS Files and then into the Library/Preferences directory. Here you will find a file called com.apple.springboard.plist with a SBParentalControlsPin key. I extracted my files on my test device to my desktop, so I can see this with a quick defaults command:
defaults read /Users/seldon/Desktop/iOS Files/Library/Preferences/com.apple.springboard SBParentalControlsPIN
If a iPhone backup has been encrypted then it can be decrypted only if you know the correct password to decrypt. Once you have the passcode, you can safely manage the device again. There are also a lot of other things that you can enjoy playing around with if you’re interested to see what kind of data is stored where, either in the operating system or for each application (eg – com.apple.mobilephone.speeddial.plist is why I can never seem to remember my wifes phone number).
While much of the data for an iOS based device is stored in property lists, some is also stored in a sqlite database (typically in .sqlitedb files). You can interact with these via the sqlite3 command, built into Mac OS X or using a tool such as http://sourceforge.net/projects/sqlitebrowser
if you’re not into SELECT commands in sqlite3. Overall, there is a lot of information that can be learned playing around with this stuff. If you haven’t given it a shot yet, I’d recommend it. However, again, don’t be alarmed about any of the security impacts of this stuff, just encrypt the backups and it’s not an issue.
krypted April 10th, 2011
Posted In: iPhone, Mac Security
defaults, disable, forgot password for iPhone, iPad, iPhone, ipod, ipod touch, passcode, pin, reset, sbparentalcontrolspin, sqlite, sqlite3
The ics file type. Apple isn’t the only one that builds applications that use it any longer and there have been a couple of instances where users install a 3rd party app only to find that their default calendar is no longer iCal. How to fix? Not a hard one. Simply locate a .ics file (there are typically plenty of these in ~/Library/Mail Downloads) and then do a Get Info on the .ics file (Get Info = command-i while clicked on the file).
Once you have the Get Info box for the file up, click on the Open With field and select iCal. Then click on Change All. That should do the trick. If anyone knows how to do this programmatically let me know. I have an Automator workflow done for it but would much rather use a script… Building such a script has proven frustrating and so in a mass deploy environment we’ve been looking at distributing an Automator workflow saved as an Application with a known location for an ics file to use for the task. However, I’m not much of a fan of using UI events in deployments…
krypted January 29th, 2010
Posted In: Mac OS X, Mac Security
calendar, default application, ics, MAC, reset