More Information:
I just now Observed the issue when the Primary group for the Mobile Login User on the AD Server is switched to a different Group on the AD Server.
I don't know why MacOS implements it this way, but there seem to be 2 instances of that user in 2 different NODES in DirectoryServices. These instances have the EXACT SAME UniqueID.
One of these NODES is the /Local/Default node, which I assume is for the scenario when the Mobile Login user is not connected.
The other NODE is the /ActiveDirectory/domain node, which might be referred to for the when-connected-to AD scenario.
After switching the Primary group on the AD Server for that user, only one of the above NODE is getting updated.
The above results in the account getting 2 Instances of Primary Group when the Tool is querying via the OpenDirectory/DirectoryServices Framework.
It is unclear to me if this behavior is a Big Sur issue OR occurs on earlier MacOSes OR is by Design this way.
Post
Replies
Boosts
Views
Activity
More Information.
We are seeing identical behavior on Catalina.
There are 2 Primary Groups being reported for Mobile Login users.
Can someone please Answer if this behavior is by Design ?
Hello,
Any update regarding this ? I am running into this issue too.
Issue:
Full Disk Access setting for a Network/System Extension is getting cleared after a reboot on MacOS Sonoma.
Issue does not occur with every reboot.
Not sure if it gets cleared before/during/after the reboot yet.
Including some relevant logs.
<BEFORE/DURING REBOOT>
error 2023-10-27 16:45:19.897037 -0700 tccd codeRequirementFromStaticCode:0x13f60a890 SecStaticCodeCheckValidity() fails: -67061
error 2023-10-27 16:45:19.898763 -0700 tccd Failed to post com.apple.tcc.access.changed notification (9)
default 2023-10-27 16:45:19.900235 -0700 launchd exited due to SIGKILL | sent by tccd[164] during system shutdown
default 2023-10-27 16:45:19.900243 -0700 launchd internal event: EXITED, code = 0
<STARTINGUP/AFTER REBOOT>
error 2023-10-27 16:45:56.160784 -0700 runningboardd memorystatus_control error: MEMORYSTATUS_CMD_CONVERT_MEMLIMIT_MB(-1) returned -1 22 (Invalid argument)
error 2023-10-27 16:45:56.394864 -0700 cfprefsd Couldn't open parent path due to [2: No such file or directory]
fault 2023-10-27 16:45:56.406378 -0700 mDNSResponderHelper Couldn't read values in CFPrefsPlistSource<0x156e07600> (Domain: com.apple.security, User: kCFPreferencesAnyUser, ByHost: Yes, Container: (null), Contents Need Refresh: No): accessing these preferences requires user-preference-read or file-read-data sandbox access
error 2023-10-27 16:45:56.440578 -0700 kernel System Policy: dirhelper(252) deny(1) file-write-unlink /private/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/T/com.apple.geod/42B44A5C-6F69-441A-B4AF-F249709618EF
There are some errors from endpointsecurityd
error 2023-10-27 16:45:57.590703 -0700 endpointsecurityd File was empty: /Library/SystemExtensions/EndpointSecurity/.started_es_jobs.plist
fault 2023-10-27 16:45:58.372379 -0700 endpointsecurityd Rejected invalid Extension Point com.apple.AppleMediaServicesUI.EngagementViewExtension targeting DEPRECATED NSExtension infrastructure!
error 2023-10-27 16:45:59.482270 -0700 trustd Connection 1: received failure notification
error 2023-10-27 16:45:59.482284 -0700 trustd Connection 1: failed to connect 1:50, reason -1
error 2023-10-27 16:45:59.482285 -0700 trustd Connection 1: encountered error(1:50)
error 2023-10-27 16:45:59.482537 -0700 trustd Task <20F8D91C-D278-4001-A127-FD168B888BB6>.<1> HTTP load failed, 0/0 bytes (error code: -1009 [1:50])
.....
[self.extensionContext conformsToProtocol:auxHostProtocol.protocol] - /AppleInternal/Library/BuildRoots/11aa8fb2-5f4b-11ee-bc7f-926038f30c31/Library/Caches/com.apple.xbs/Sources/ExtensionFoundation/ExtensionFoundation/Source/NSExtension/NSExtensionSupport/EXExtensionContextImplementation.m:283: Class NEFilterPacketExtensionProviderContext does not conform to aux host protocol:
......
error 2023-10-27 16:46:02.717195 -0700 VTDecoderXPCService send_message_with_reply_sync(): XPC_ERROR_CONNECTION_INVALID for message 0x600002db0180
error 2023-10-27 16:46:02.717195 -0700 VTDecoderXPCService TCCAccessRequest_block_invoke: Connection invalid
Regards,
Vikram.S.Warraich
Regarding my previous comment...
Issue was observed on MacOS 14.1 .
Issue occurs when FullDiskAccess is provided via the SystemPreferences->Privacy&Security->FullDiskAccess setting.
AFAIK, Issue does not occur when FullDiskAccess is provided via MDM.
The Full Disk Setting items in SystemPrefs get unchecked/disabled automagically after some reboots when the issue occurs.
Thanks.
@eskimo ,
Thanks for your reply.
If it helps, I was able to observe the issue yesterday without requiring to REBOOT. The relevant FullDiskAccess Item for SystemExtension in SystemPreferences got unchecked while being logged in after after 4-5 hours. This is on 14.2 Beta 23C5030f.
Also, I don't have access to FB13084552 . Could you please share any information about its relevancy to the issue I described ?
Regards,
Vikram.S.Warraich
@eskimo ,
What is the best way to view the description of FB13084552 or FB13194377. When I try to look either of them up in the FeedbackAssistant, there are no search results. I might not have access to view them possibly ?
@eskimo , I was able to repro the issue yesterday and inspect the logs. Sharing the possible ways below.
1). One way that It occurs for me is if I modify the system time to a future date via SystemPreferences and reboot. Issue occurs on next login.
2). Another way it occurred was if I set the FDA setting in System Preferences and then quit the tccd process owned by the logged-in user, and rebooted.
3). There are other possibilities too as my colleague can repro it without having to run steps 1 or 2.
Attaching some relevant Log snippets from around when the issue occurs.
SysDiagnosisLogSnippets.txt
Please confirm if If above repro steps are known issues and covered by FB13084552 or FB13194377 ? Else, I can create a ticket for those scenarios.
Regards.
Thanks @eskimo .
Created FB13342978.
@eskimo , Is there a way to request raising the priority of this issue ? There hasn't been any movement on the ticket FB13342978 yet. We are getting more reports of our customers running into this issue.
@eskimo , Thanks a lot. Issue seems fixed in MacOS 14.2 build 23C63.
Thanks @eskimo.
Any documentation regarding MacOS Finder/FS's Space-Saver feature or how it is implemented ?
Greetings,
It turns out that feature-info I was looking for is about an APFS feature called Copy-On-Write-Clones . I was able to view documentation on it so I am good for now.
For Finder copy-operations, with destination being the same volume, APFS seems to be creating the new file with different meta-data but the file shares the same data-content as the original. During my tests, I found that copying a 1GB file on the same volume via Finder did not decrease the available space on the Volume by 1GB.
What was cool was that if I appended to the new File, then the disk-available-space gets decreased by only the bytes that were appened to the new File. So, the Sharing of data-content/blocks continues even post the edit.
I ran some more tests with Finder and /bin/cp command.
1). As expected, the same Finder copy operation on HFS+ volumes has a different behavior than Finder copies on APFS.
2). However when comparing Finder-based-copy operation with cp-command copy operation on MacOS-APFS, the behavior strangely differs when it comes to CopyOnWriteClones. Not sure why, but /bin/cp command is generating new files without sharing the Data blocks of original and the space-saving is not occurrinig; Finder based copies on the other hand are exibiting the space-saving behavior.
Thanks,
Vikram.S.Warraich.
Seems that the /bin/cp command has an arg for accomplishing something similar to the Finder based copy.
cp -c : copy files using clonefile(2)
Also, The f_fsid related observations/content in my first comment on this post is not correct. Thanks @eskimo for correcting me regarding that st_ino and f_fsid are not related.