閱讀123 返回首頁    go iPhone_iPad_Mac_apple

cfgutil not working over ssh in Sierra

I'm managing iPads remotely over an SSH connection. Since OS X Sierra, cfgutil is working fine in the Terminal on the local machine, but when I connect over SSH and execute, for example, "cfgutil list", I get the following error:

 

cfgutil: error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.configurator.xpc.InternetService" UserInfo={NSDebugDescription=connection to service named com.apple.configurator.xpc.InternetService}

 

This seems to be either a security "feature" or a bad session context. Does anyone have an idea?

This is one workaround that helps but annoyingly requires sudo:

 

sudo /bin/launchctl asuser 0 cfgutil list

Same problem.  Not an issue with the previous version of OSX.  Also of note, works fine if I ssh as root.

 

This is a blocking issue for us.  Anyone have an answer?

It appears com.apple.configurator.xpc.InternetService crashes when cfgutil is used via SSH.


--- same error you got

carl30:~ mci$ cfgutil list

Type: iPod7,1 ECID: 0x90598xxxxxxxx UDID: 8d34cf33c68cef1e96b9xxxxxxxxxxxxxxx Location: 0x14700000 Name: xxxxxx

carl30:~ mci$ ssh mci@localhost

Last login: Thu Oct 6 22:18:56 2016

carl30:~ mci$ cfgutil list

cfgutil: error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.configurator.xpc.InternetService" UserInfo={NSDebugDescription=connection to service named com.apple.configurator.xpc.InternetService}

 

--- from /var/log/system.log

Oct 6 22:19:37 carl30 com.apple.xpc.launchd[1] (com.apple.configurator.xpc.InternetService[428]): Service exited due to signal: Illegal instruction: 4 sent by exc handler[0]

Oct 6 22:19:37 carl30 com.apple.xpc.launchd[1] (com.apple.ReportCrash[429]): Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.ReportCrash

Oct 6 22:19:43 carl30 ReportCrash[429]: Saved crash report for com.apple.configurator.xpc.InternetService[428] version 1.0 (277) to /Users/mci/Library/Logs/DiagnosticReports/com.apple.configurator.xpc.InternetSe rvice_2016-10-06-221943_carl30.crash

 

--- from the .crash dump

Exception Type: EXC_BAD_INSTRUCTION (SIGILL)

Exception Codes: 0x0000000000000001, 0x0000000000000000

Exception Note: EXC_CORPSE_NOTIFY

 

Termination Signal: Illegal instruction: 4

Termination Reason: Namespace SIGNAL, Code 0x4

Terminating Process: exc handler [0]

 

Application Specific Information:

dyld: launch, running initializers

/usr/lib/libSystem.B.dylib

Sandbox registration internal error: Incoming message euid does not match xpcd uid (502 != 0).

 

Application Specific Signatures:

Internal error: Incoming message euid does not match xpcd uid (502 != 0).

 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread

0 libsystem_secinit.dylib 0x00007fffa42001e8 _libsecinit_setup_secinitd_client + 1504

1 libsystem_secinit.dylib 0x00007fffa41ffba6 _libsecinit_initialize_once + 13

2 libdispatch.dylib 0x00007fffa3fa7128 _dispatch_client_callout + 8

3 libdispatch.dylib 0x00007fffa3fa70e5 dispatch_once_f + 38

4 libSystem.B.dylib 0x00007fffa2a4aa0c libSystem_initializer + 131

 

-- full dump: https://gist.github.com/anonymous/d33fc298a485b8e9e010dddf89b0302b

Also having this issue. I have raised a bug report to which it was closed due to another open ticket with the same issue. I have tested again today on 10.12.1 and the issue still exists.

In case someone else finds this useful, the same issue occurs when using cron to schedule tasks that involve cfgutil commands.  Running the cron jobs as root did allow for cfgutil commands to get past that error.

 

My next roadblock was that I got a "certificate for this server is invalid" error when using the cfgutil activate command as root but I believe that is unrelated to this issue.

Issue still occurring on 10.12.3 beta 2.

Hi,

any updates?

The problem still relevant in macOS Sierra 10.12.3 (16D32)

This is one workaround that helps but annoyingly requires sudo:

 

sudo /bin/launchctl asuser 0 cfgutil list

Awesome! I hit my head a few times again launchctl, but I didn't figure this one out.

Actually, now I got up to the point of supervision. When trying to prepare using sudo /bin/launchctl asuser 0 /Applications/Apple\ Configurator\ 2.app/Contents/MacOS/cfgutil, I get a new error:

 

Step 1 of 2: Downloading activation record for device [1/2] [************]  100%

cfgutil: error: Configurator couldn't verify the identity of a server, possibly due to a proxy configuration issue.

 

The certificate for this server is invalid. You might be connecting to a server that is pretending to be “albert.apple.com” which could put your confidential information at risk.

(Domain: ConfigurationUtilityKit.error Code: 710)

 

"prepare" failed on iPad (ECID: 0x1519E387B8526).

 

--- Summary ---

Operation "prepare" failed on 1 devices.

 

Seems like the launchctl thing still doesn't intialize the certificates properly...

Alright, so I can activate with ideviceactivation, that works fine.

 

But now restore-backup is failing too with the --source switch - it seems like the launchctl trick also means that Configurator cannot find the backup in ~/Library/Application\ Support/MobileSync/Backup/

 

sudo /bin/launchctl asuser 0 /Applications/Apple\ Configurator\ 2.app/Contents/MacOS/cfgutil -e 0x1519E387B8526 -C [crt] -K [key] restore-backup --password [password] --source [udid]

Restoring backup [1/1] [>................................................]  0%

cfgutil: error: The requested backup does not exist.

(Domain: com.apple.configurator.MobileDeviceKit.mobile-sync.error Code: -32)

 

"restore-backup" failed on iPad (ECID: 0x1519E387B8526).

 

--- Summary ---

Operation "restore-backup" failed on 1 devices.

I suspect all these subsequent issues you brought are unrelated to it being executed over ssh, or can you not reproduce them directly logged into the machine. Maybe they belong separately in their own thread?

No, as mentioned, these two problems are happening over SSH on Sierra and after using the launchctl trick. Both commands work perfectly well with launchctl in a normal user session on Sierra and over SSH on El Capitan.

You're right. I've just realized that any command running as `sudo /bin/launchctl asuser 0` appears to have no read/write permissions to the filesystem.

I am having a similar with trying to execute cfgutil under the Apache Webserver as a CGI-BIN executable.

最後更新:2017-08-31 10:23:42

  上一篇:go emphasize or highlight screen touches
  下一篇:go ipad air 2 reads my network printer as wi fi so...