Apple’s process for fixing a dead Touch Bar

If you troubleshooting a Touch Bar that has stopped working on an Late 2016 MacBook Pro, where the Touch Bar is completely black, try these steps to restore functionality:

  1. Create a new local user account (to use temporarily for steps 2-4)
  2. Reset the NVRAM
  3. Log in as the new user
  4. Log out then log in using the primary account
  5. Assuming the Touch Bar is working, delete the user account you created in step 1

I’m not quite sure why creating the new account and logging in with it after a NVRAM reset is necessary, but this process is what Apple support is walking people through who are experiencing this problem… and many people have reported it works.

Microsoft’s Mac installer repository

While reading a Microsoft article stating that support/updates for Mac Office 2011 will end October 10th 2017, Microsoft noted that the Office 2011 installer would be available on “content delivery network (CDN)” until that date.

I had not heard of this CDN before, and the link provided in the Microsoft article takes you to, which appears to be a repository of Microsoft’s Mac installers, including installers for volume licenses and individual apps like Skype for Business 2016.  I will definitely be using the CDN in the future!

Moneydance can’t print with Mac OS 10.12.4

Mac OS 10.12.4 breaks the ability to print from Moneydance.  The developer is aware of the problem, and is working on a fix.  This problem doesn’t occur with previous versions of Mac OS 10.12.

Avoid Apple Remote Desktop (ARD) 3.9 updates

UPDATE: Apple posted ARD 3.9.2 updaters in late March, which claim to have addressed most of the problems detailed in this post (specifically the keychain and offline issues).  Be warned though, there are a variety of stability issues that have been reported with ARD 3.9.2.

Apple released Apple Remote Desktop (ARD) 3.9 Client and Admin updaters on 2/21/17.  Based on the high number posts to different user forums reporting problems with these updates, I would advise not updating to ARD 3.9 until Apple released a subsequent update.

The bulk of the problems being reported about ARD 3.9 fall into one of these two categories:

  1. Can’t connect to Mac workstations after updating to ARD 3.9 Admin
    • Apple changed the behavior with ARD 3.9 Admin, where by default it can only connect to Mac workstations running ARD 3.9 Client. Apple also added a new preference setting in ARD 3.9 Admin, under the Security tab, for “Allow communication with older clients”.  This must be enabled to connect to Macs running older ARD 3.x Clients.
    • Even with updated ARD 3.9 Clients, or when the “Allow communication with older clients” setting is enabled, ARD 3.9 Admin may report ARD Clients as Offline or Access Denied. In some cases these Clients can be controlled or observed, but can’t be managed (i.e. send Unix commands or install packages).
    • There are a lot of workaround that have been posted on how to deal with this Offline/Access Denied issue, including creating a new local admin account on the Mac workstation then removing the client in ARD Admin and adding it back in with those credentials, but all of the workarounds are time consuming and don’t yield consistent results.
  2. Mac workstations display a password prompt: ARDAgent wants to use the “PrivateKeyStore-[#]” keychain
    • This happens on some Macs updated to ARD 3.9 Client, and occurs when ARD 3.9 Admin attempts to control or observe the Mac.
    • This prompt won’t accept any local password.
    • In most cases there is no way to dismiss this password prompt other than rebooting the Mac workstation or pushing out the ARD kickstart command via SSH.
    • Some people have reported that pressing the Cancel butting repeatedly will dismiss this password prompt, but others have reported that the prompt will eventually come back.

Other posted problems with ARD 3.9 include slow network scans, slow connection times, and slow redraw when controlling or observing.  Also of note: The ARD 3.9 Client and Admin updates require Mac OS 10.10 or later.

Prepare Multiple USB Drives for a Bootable Windows Installation

The All Covered Advanced Technology Solutions team writes scripts to help our engineers speed up repetitive tasks using automation, in this case I am improving upon a script written by Johan Arwidmark to prepare multiple USB drives for Windows installation.

Many thanks to Johan Arwidmark over at Deployment Research for creating the basic script to handle this process! All credit goes to Johan for his original script used here.

You can use this tool to create a bootable USB drive from any Windows installation media for Windows 8.1/Server 2012 and forward.

Improvements to the existing script

I chose to improve upon this basic script to make it more functional for the masses. Here’s what I’ve added:

  • Source location picker, so you can easily select the source location for the ISO contents
  • Drive label option, to set a label for the USB drive(s) you’re preparing
  • Administrative check to make sure you’re running the script as administrator, if you are not the script will exit
  • Check for connected USB drives, if the script doesn’t find any the script will exit

Getting Started

To get started, you’ll need some USB drives. In my case, I needed to format about 100 USB drives for imaging. I decided to follow Johans lead and grabbed this Anker 13 Port USB Hub. I also opted to use these Lexar 64 GB USB Drives. I recommend using a desktop computer with a good USB 3.0 controller. What does good mean? I don’t know, but something more powerful than what’s in a Lenovo W541 laptop! My controller became exhausted of all available power at 8 USB drives connected, which slowed my process slightly.

Be sure to connect the USB hub or drives to a USB 3.0 port on the system, or you’ll have rather dismal performance during the preparation of the drive(s).

In addition, I found that due to the intense load on the USB hub when formatting more than one batch of USB drives I had to cool mine with a desk-fan in order to keep the USB hub from becoming unstable during the process. In my case I believe it was overheating and as a result disconnecting and re-connecting from the system.

Do Not use this process if you have any other USB mass storage devices connected to the machine from which you are running this script. This will risk wiping any USB drives connected. You will be provided the opportunity to review the list of drives to be formatted and choose to proceed to the next step before formatting any drives.

Executing the script

Plug in your USB drives to your computer. Or, alternatively, the USB hub if you’re using one and follow these steps:

  1. Download and execute this script from an administrative PowerShell window
  2. Select the folder or drive which contains the contents of the ISO image you want to useSteps 1 and 2
  3. Select a Label for the drive(s)Step-3
  4. Validate the list provided to make sure only USB drives you want to format are connected and continue (Press Enter)Step-4
  5. Wait for the process to complete.Step-5

When complete, the script will attempt to eject the USB drives for safe removal. Note: Sometimes this process can fail just click retry and it should eventually properly eject the media.

The Code

This code can also be downloaded here on GitHub.


Johnathan Milgie

Suppressing the WSUS Configuration Wizard when installing and configuring with PowerShell

The All Covered Advanced Technology Solutions team writes scripts to help our engineers speed up repetitive tasks using automation, in this case I am writing a script to install and configure a new Windows Server Update Services (WSUS) server.

Many thanks to Boe Prox over at The Scripting Guys for sharing how to install and configure WSUS using the UpdateServices PowerShell module (Installing WSUS on Windows Server 2012).  A thank you also goes out to Trevor Jones for his article on Installing and Configuring WSUS with Powershell.

I found two issues with The Scripting Guys code and did not find any answers or solutions in the community.  I continued to troubleshoot these issues and found solutions for both.

Issue # 1 – All Office and Windows Products are enabled

I wanted to only enable select Microsoft Office and Windows products, although the parent categories “Office” and “Windows” were also selected which was not desired, this was the case if you used Product Title or the Product ID.  Here’s the commands that I tried to use to enable select Office products, Silverlight, and only Windows Server 2012 R2:

Or using the Product Id:

Then review what Products are enabled and you’ll see “Office” and “Windows”:


After enabling the desired products, disable the parent categories “Office” and “Windows” using their Product IDs.

Then review what Products are enabled and you will no longer see “Office” and “Windows”.

Issue # 2 – WSUS Configuration Wizard appears when opening the WSUS Management Console

After a PowerShell script completes a successful WSUS installation and configuration when you open the Windows Server Update Services Management Console you are still presented with the Windows Server Update Services Configuration Wizard which would be best to hide.  The wizard prompts you to configure your WSUS server which was already done using the PowerShell script.


Change the WSUS Configuration property OobeInitialized in $wsus.GetConfiguration() from $false to $true.

Mike Driest

Sierra secd bug linked to iCloud Keychain.

While traveling this week (MacTech 2016 Conference) I found that my Mid 2014 MacBook Pro Retina’s battery life was down to less than 2 hours, and the fans were running all the time.  A quick look at the Activity Monitor revealed that a process named secd was using up over 90% of the CPU.

Force quitting secd resulted in it respawning, continuing to hog the CPU.  I rebooted and the problem persisted. Next I reviewed the system.log and run fs_usage through the Terminal, and found odd references to keychain.  In the past I would have run Keychain First Aid in the Keychain Access utility, but that feature was removed by Apple in Mac OS 10.11.2, and my Mac was running 10.12.1.

So next I googled to see what secd was all about, and found a couple of hits describing my same problem.  The workaround posted was to turn on Keychain in the iCloud system preference pane.  I was skeptical this would help, as my Mac wasn’t even logged into iCloud, but sure enough I logged in and turned on Keychain, and the secd process stopped consuming all my CPU.

Upon further research this seems to be a bug effecting many people.  I’m sure it happened on my Mac after upgrading to Sierra, but I didn’t notice it at first because normally I run plugged into power and it’s common for my fans to be on because I run VMware Fusion and Adobe CC apps frequently.  I also found you don’t actually have to turn on Keychain in iCloud complete, you just have to check it then uncheck it.

Here’s a growing Apple discussion thread on the subject.

Avoid Sierra’s Optimized Storage for iCloud Drive

One of the new features in macOS 10.12 Sierra is called Optimized Storage for iCloud Drive, a.k.a. iCloud Desktop and Documents.  When enabled this feature automatically moves files stored on your Mac into iCloud to save space on your drive.

I highly recommend that this feature NOT be used at this time.  In my opinion it is largely a marketing tactic by Apple to get users to pay for more iCloud storage (you only get 5GB free), plus it can lead to user frustration and even data loss.

While completely optional, if you are signed into iCloud at some point Sierra will politely prompt you to “Enable iCloud Desktop and Documents” with a description of “Store all your files from your Desktop and Documents folder in iCloud Drive.  When storage is low only recently opened files are stored on this Mac.  When you have enough storage all of your files will be stored on this Mac”.

You can also manually enable iCloud Desktop and Documents by clicking on the Apple, then going to About this Mac->Storage->Store in iCloud.

Behind the scenes this feature creates symbolic links in your home folder, moving the actual contents of the Desktop and Documents folder to hidden locations, and supposedly files are only removed from the Mac when the drive is filling up.  This sounds good in theory if you are paying for plenty of iCloud storage, however there a growing number of complaints in the Apple discussion boards about recently created files being removed locally even when there is plenty of free space, making them unavailable unless the Mac has an internet connection.

Creative apps like InDesign and Illustrator also do not get along with this feature, as it causes broken links with placed files because data in the Desktop and Documents folders is actually located elsewhere.  Apple has posted an article on this issue stating that “pro apps” may have problems with Optimized Storage for iCloud Drive, and to avoid this your project files should be saved someplace other than Desktop or Documents.

But that’s not the worst of it.  The biggest problem I see with Sierra’s Optimized Storage for iCloud Drive is what happens if you decide to turn it off.  First you are warned “If you continue, documents on your Desktop and in your Documents folder will be visible in iCloud Drive only”.  Next you will be left with completely blank Desktop and Documents folders, even if a copy of the local data existed in the hidden locations prior to turning the feature off.  Also it’s been reported that if you enable then disable this feature before giving iCloud time to completely sync everything (or if you don’t have enough space available in iCloud to complete the initial sync), this behavior can cause data loss.

11/1/16 UPDATE: One of the Macs in my lab was running macOS 10.12, with iCloud signed in, but the Store in iCloud feature disabled.  I updated it to 10.12.1, rebooted, and upon reboot after logging in it came up with a setup assistant “All your files in iCloud” splash screen, with an check boxed CHECKED next to “Store files from Documents and Desktop in iCloud Drive”.  Average users that have become accustomed to clicking Continue whenever prompted by Apple will turn this feature on!  Be warned!!

My advice on upgrading Macs to Sierra

macOS 10.12 Sierra has been out for a month now, and most Mac users have likely been prompted at least a couple of times to “Upgrade to macOS Sierra.  Get Siri and a whole lot more on your Mac”.

In the past, as Apple released their yearly Mac operating system upgrade, I frequently made a soapbox speech that included points like: Upgrading Macs from one version of the OS to another is not something I’d recommend in a production environment without a compelling reason or solid upgrade plan, historically I don’t generally consider an OS stable until Apple has released the .3 or .4 update, and being an early adopter comes with the risk of downtime.

While I still agree with all of those points, I understand times are changing, and Apple is assuming most people will blindly upgrade if prompted a few times… just like on their iPhone and iPads when prompted they need to update.  It’s just the nature of the beast.

I do however have two important tips for those that elect to upgrade to Sierra:

  • Make sure that every single application is patched to the latest version before upgrading, and while doing so also verify each application version is compatible with Sierra. If in doubt check and for compatibility reports.  Upgrading the OS, and then dealing with applications not working because they are unpatched or incompatible, is a common mistake leading to hours/days worth of frustration.
  • Make sure you have a full backup of the Mac saved to an external drive prior to upgrading (either with Time Machine or more preferably Carbon Copy Cloner). Upgrading the OS is a one-way path if you don’t have a backup, and those that experience major problems often wish they could just go back to the way things were. Having a full backup makes that possible.

Historically those that upgrade their Macs themselves often have problems with printers and scanners not working, incompatible apps, Time Machine stops working, and Apple Mail issues.  Sierra is no different.  Mail in particular seems problematic for many upgrading including: hangs when upgrading the mail database, missing attachments and signatures, and mailboxes not imported properly.

Sierra compatibility notes

The majority of current apps that support macOS 10.12 Sierra require an update for capability, and a few mainstream Mac apps still haven’t been updated and have known issues including:

If the developer doesn’t claim compatibility with Sierra, then it’s pretty much use-at-your-own-risk when it comes to older Mac apps.  Some apps may work fine, others may have bugs, and a few just won’t launch at all.  It’s amazing how much a free Mac operating system upgrade ends up costing companies that haven’t upgraded their apps in a while.

Here’s a few older Mac apps I’ve run across that I can confirm will not work with Sierra at all:

  • Extensis Suitcase Fusion 6 and older (upgrade to Suitcase Fusion 7 or Teamsync)
  • Parallels Desktop 9 and older (upgrade to Parallels 12)
  • Quicken Essentials (upgrade to Quicken 2016)
« Older posts

© 2017 ATS Blog

Theme by Anders NorenUp ↑