Install FileMaker Server 16 on a Mac with macOS Server.app v5

The installer for FileMaker Server 16 refuses to install on a Mac if Apache is running. It doesn’t check what ports Apache has grabbed, just the fact that Apache is running is enough for the installer to bail out.

If you have Server.app running on your Mac, even if all web services are turned off or disabled, you will still have Apache running.

This situation is laughable. Apple’s subsidiary, FileMaker Pro, is making software that with a few tweaks could co-exist perfectly with macOS Server.app and it’s Apache reverse proxy, but they don’t.

A quick hack to at least get you through the installer is to run the following command in the Terminal before running the installer, and then killing it when your’e done.

while sleep 5; do sudo killall -9 httpd; done

Just make sure you don’t then enable FileMaker Server’s web services, or if you do that you don’t use a port that Server.app uses (namely 80 and 443 and a few others) and you should be good to go.

https://community.filemaker.com/thread/156699

Configuring macOS Server.app v5 to bind to a particular IP Address

It’s long been a painful thing for me that macOS Server.app not only binds to all IP addresses on a system, but takes port 80 and 443, even if all web-related services are off. It’s also a major annoyance that while Apple have published methods for having your app sit behind Apache as a reverse proxy in Server.app, no one uses this functionality, not even Apple’s own subsidiary FileMaker Pro.

Actually, it’s even worse than this, the latest version of FileMaker Pro absolutely refuses to install on a Mac with Server.app installed – claiming that the installer can’t even run when Apache is running. On a Mac with Server.app installed, you can not completely shut down Apache using anything in the GUI, it’s simply impossible to do so.

Now that I’ve got that rant out of the way, John over on the Rumpus blog has written up a post describing how to get Server.app to bind to a particular IP. This is helpful if you want something else, such as Kerio Connect, to be able to use port 80 and 443 on a different IP on the same machine

http://www.maxum.com/Rumpus/Blog/OSXServer5Conflicts.html

The basics, reproduced here in case the link ever goes down, are:

In /Library/Server/Web/Config/apache2/httpd_server_app.conf find the line that looks like this:

#Listen 12.34.56.78:80
Remove the comment and set the IP address to the address that you have assigned to Apache. For example, if the address you have assigned to Apache is “192.168.1.100”, you would change the line to:

Listen 192.168.1.100:80
Save the change, close the file, and then open the file:

/Library/Server/Web/Config/Proxy/apache_serviceproxy.conf
In this config file, you will find “listen” configuration settings for several ports, including 80, 443, 8008, 8800, 8443 and 8843. Alter them so that instead of an asterisk, the Apache address is specified. To set OS X Server’s proxy service to bind only to the example address “192.168.1.100”, the “listen” config section would look like this:

listen 192.168.1.100:80
listen 192.168.1.100:443
listen 192.168.1.100:8008
listen 192.168.1.100:8800
listen 192.168.1.100:8443
listen 192.168.1.100:8843

Enable Retina / HiDPI modes for a Mac mini plugged into a 4K HDTV

This one is pretty short and simple once you get down to it.

I recently set up a client’s boardroom with a really sweet 75″ Sony 4K Android TV, a Logitech Group video conferencing webcam, a Mac mini and a Sonos Playbar. Everything was really sweet, except that the Mac mini refused to treat the TV as a Retina or HiDPI screen.

The result of this was that the Mac mini would use the TV at it’s native resolution – it saw the TV as a monitor running at 3840 x 2160. What I wanted it to do was treat it as a 1920 x 1080 display, but in Retina mode, so UI elements would be a reasonable size from across the room but text and graphical elements would still be sharp.

I was able to enable HiDPI modes by first running the following command in Terminal:

sudo defaults write /Library/Preferences/com.apple.windowserver.plist DisplayResolutionEnabled -bool true

Once this had been applied, I rebooted and logged in again. Then, when I went into my Displays preferences, instead of selecting Resolution: Best for built-in display, I held down the Option key and clicked on Scaled.

Scrolling down to the bottom of the list revealed the HiDPI modes – I selected 1920 x 1080 (HiDPI) and voila! I was running in Retina mode and could comfortably use the Mac mini from across the other side of the room.

Keyword Searches for Email Discovery in Kerio Connect mailserver

I recently had a client with a huge amount of email stored in Kerio Connect and they needed to perform discovery against some mailboxes with a lot of email in them. It was desirable to retain the folder structure, however the emails were spread across a large number of folders across 3-4 different user accounts.

I resorted to searching and gathering the raw .eml files from the Connect mail store. The limitation of this is that it’s a raw text search, I’m not doing any Base 64 decoding nor am I decoding any file formats in attachments, so it’s really only searching the headers and body of the email, not any attachments.

First, I created a text file with a list of the keywords – one per line. Then, I used this as a list of search terms for grep and passed the filenames that matched to rsync to copy them to another folder, retaining the existing folder structure.

21 GB of results later, someone who isn’t me now has their work cut out for them to go through the emails.

The command I came up with to to this is (all on one line)

grep -i -I -Z -r -l -f /Users/admin/Desktop/grep-patterns.txt /Volumes/Data/kerio/mailserver/store/mail/example.com/user.name/ | xargs -I{} rsync -Rv {} /Volumes/Data/Email\ Discovery/201707/

If you’ve got a better way to do this, please let me know! I’m aware that you can run searches in the Kerio Connect Client (aka webmail) however this doesn’t provide any way to export the emails as .eml files nor does it handle large amounts of results very well (the list of emails are paginated). You can also search in Mail.app or Outlook however again, this is a manual process and exporting the emails and retaining the folder structure is difficult. Exchange (and, by extension, Office 365) has legal discovery and litigation hold features, but all of this email is in Kerio Connect.

Firefox for Mac gets stuck on installing your updates…

Firefox for Mac can get stuck in an update loop if you have been using an older version and it’s downloaded a new version to install, but before it gets to install it, you manually update to a new version.

The symptom is that it gets stuck with a dialog box saying “Firefox is installing your updates and will start in a few moments”

You can force-quit the updater app, but whenever you launch Firefox, it comes up again.

Deleting everything related to Firefox or Mozilla in the ~/Library/Application Support folder doesn’t fix this, nor does deleting preferences.

What you actually need to do is go into ~/Library/Caches and delete the Mozilla and the Firefox folders (you may not need to delete both of them, but I didn’t try just one).

Then relaunch Firefox and it should start up as normal.

Set access permissions on Resource Calendars in Office 365

I’ve set up another client on Office 365 recently and they have a couple of resource calendars – one for the Boardroom and one for the Meeting Room.

What they wanted to do that was a bit different was to have both of these calendars visible in the Apple Calendar app (or what used to be called iCal). If you add people to the resource calendar as a Delegate in Office 365, then you can view the calendar in Calendar app, but everyone gets read/write permissions, which is prone to human error and not what we wanted.

We need to have users added to the resource calendar with Reviewer level or higher permissions in order to be able to add the calendar as a delegate calendar in Calendar app. I tried adding people to the calendars at various points in the Office 365 portal and the Exchange portal, but to no avail.

What I needed to do was break out the trusty PC and tell Office 365 exactly what to do with PowerShell.

First, I logged into Office 365 as the tenant’s admin account and had a look at the existing permissions:

Get-MailboxFolderPermission -Identity boardroom:\Calendar

This gave me a list of who had what permissions:

FolderName   User         AccessRights
----------   ----         ------------
Calendar     Default      {LimitedDetails}
Calendar     Anonymous    {None}
Calendar     Kai Howells  {Editor}
Calendar     Someone Else {Editor}

As you can see, the Default user has LimitedDetails – this equates to being able to see free/busy and event titles but nothing more (I think).

I could then change the default permissions to Reviewer (see free/busy and see full event details) and also set someone (me in this example) to be the Owner so they could edit the permissions via Outlook in the future if required.

Set-MailboxFolderPermission -Identity boardroom:\Calendar -User Default -AccessRights Reviewer

Set-MailboxFolderPermission -Identity boardroom:\Calendar -User khowells -AccessRights Owner

After checking the permissions with Get-MailboxFolderPermissions, I could see it had updated:

FolderName   User         AccessRights
----------   ----         ------------
Calendar     Default      {Reviewer}
Calendar     Anonymous    {None}
Calendar     Kai Howells  {Owner}
Calendar     Someone Else {Editor}

Now that this has been done, I’m going to try adding the resource calendars back into Calendar app as a delegated calendar and it should show up with Read Only access.

Apple’s new MacBook Pro – cheaper in Australia than the USA?

We’ve hit an unusual point with pricing on Apple’s latest equipment that was announced at WWDC on 5th June (6th June Australian time).

Looking at the price on the top-spec MacBook Pro 15″ as an example, it is significantly cheaper to purchase this laptop in Australia than in the USA.

In the USA, the laptop is $2,799 USD without tax. Including NYC’s 8.875% tax this bumps it up to $3,047 USD.

In Australian spondoolas the same laptop us $4,099 AUD including GST.
Taking off the GST gives us approximately $3,725 AUD.
Converted to USD (via Westpac’s FX rates this morning) gives us $2,655 USD.

Disk-Arbitrator – Mount disks read-only on macOS

Disk Arbitrator is a Mac OS X forensic utility designed to help the user ensure correct forensic procedures are followed during imaging of a disk device. Disk Arbitrator is essentially a user interface to the Disk Arbitration framework, which enables a program to participate in the management of block storage devices, including the automatic mounting of file systems. When enabled, Disk Arbitrator will block the mounting of file systems to avoid mounting as read-write and violating the integrity of the evidence.

It is important to note that Disk Arbitrator is not a software write blocker—it does not change the state of currently attached devices nor does it affect newly attached devices to force a device to be read-only. The user still must be careful to not accidentally write to a disk with a command such as “dd”. Owing to this fact, a hardware or software write-blocker may still be desirable for the most sound procedure. Disk Arbitrator compliments a write-blocker with additional useful features and eliminates the typical forensic recommendation to “disable disk arbitration.”

https://github.com/aburgh/Disk-Arbitrator

Possible fix for no video in Skype for Mac

I don’t use Skype very often, but when I went to use it recently, it couldn’t see my FaceTime HD camera.

I’d go into Skype > Preferences and in Audio/Video and although the preferences said it was using the FaceTime HD Camera, the video was black, and my contact at the other end of the call couldn’t see me.

To fix this, I went into Activity Monitor and searched for a process called VDCAssistant. I quit this process (and it respawned straight away) and immediately, Skype could then access my camera.

I’m not sure what caused it to stop working in the first place, but at least the fix was quite easy.

Quick fix for Apple Remote Desktop 3.9 and asking for Keychain Password

After upgrading the Apple Remote Desktop client on a number of machines, and using the new 3.9 version of the Remote Desktop app, some machines have started repeatedly displaying a dialog box (on the client machine, not on the controlling machine) saying ard agent wants to use the “PrivateKeyStore-501” keychain and prompting for a password. As there is no password for this keychain, there is no way to enter the correct password and hit OK. Your only other option is to keep hitting Cancel repeatedly – yet it keeps coming back.

Rebooting the affected machine will fix this, but that’s not so easy when it’s a server.

Dropping into Terminal instead and using kickstart to Restart the ARD Agent and helper seems to fix the issue as well.

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent