Here we go again, the Update Keychain Password Function is broken again in 10.15.1.
The AD “Update Keychain Bug” was fixed in 10.15.0, only to be Broken again in 10.15.1.
UPDATE: 03/26/20 – The bug is fixed after installing the Catalina 10.15.4 Combo Update!
UPDATE: 02/03/20 – This bug is still not fixed in 10.15.3! Please contact Apple about this if you haven’t already.
When the issue was first reported to me, I really didn’t believe the bug could be back right after it was fixed. You have to understand my frustration here, I first reported this bug back in 10.14.4!!!
I was disappointed that Apple didn’t fix this bug before the final release of Mojave. Near the end of Mojave, Apple did confirm the issue was fixed in a Beta Build of 10.15.
For Mojave users the fix for the issue would be
Upgrade to macOS Catalina
The bug is back.
During the 10.15 Beta period, I confirmed the bug was fixed in and figured that would be the end of it.
Yesterday, I confirmed the bug is back in 10.15.1.
The Bug is Exactly the same as the 10.14.4 bug.
The 10.15.1 Update Keychain Password bug is the same exact problem as the 10.14.4 issue.
If you change your Active Directory Password off the Mac, you will see the Update Keychain Password Dialog. If you click the 2nd button to UPDATE your login keychain password, the dialog box disappears and a new keychain is created for you. The old Login Keychain is still there but is renamed!
This is what you SHOULD see happen. Once you click the Update Keychain Password button a password box shows up. From here you need to type in your OLD keychain password. Once you do this, your Login Keychain Password is synced up and you are good to go.
Workaround
The good news is, you can remove the “New” keychain and rename your previous login keychain so you can access it again. You can follow the same instructions listed in my 10.14.4 article.
I will submit an Enterprise Support ticket tomorrow morning. If you use Mobile Accounts, I would ask that you do the same to build an impact statement. Please reach out to your SE or if you are a regular user support.apple.com/
Credits
I’d like to give special thanks toMr. Macintosh reader Cesar who first reported this issue.
macOS Catalina 10.15.1 Supplemental Update (19B2106) & Forked Full Installer.
The much-awaited MacBook Pro (16-inch, 2019) was just released this morning! You can’t get it just yet, but very soon. (November 15th)
To accompany the new 16″ MacBook Pro, we have a forked Build Version of macOS Catalina 10.15.1 (19B2106) Installer.app. We also have a macOS Catalina 10.15.1 supplemental update.
The macOS Catalina 10.15.1 supplemental update improves the stability and reliability of displays and peripherals with MacBook Pro (16-inch, 2019).
Catalina 10.15.1 supplemental update notes
Supplemental Update ? (UPDATE)
I am not sure what’s going on with this update. You would think that all the new 16″ MacBook Pro’s would just ship with (19B2106). If not then what is the Supplemental update for ?
I am downloading the Supplemental Update now so I can investigate.
UPDATE!
I found the MacBook Pro (16-inch, 2019) shipping 10.15.1 Build Version.
10.15.1 (19B2093)
This means that as soon as you receive the new 16″ MacBook Pro, the 10.15.1 Supplemental Update (19B2106) will show as available.
Mojave 2019-001 Security Update Causing Data Loss if Interrupted – 2019-001 FileVault can’t login
UPDATE: 01/22/20 – This problem was reported as FIXED in the latest Mojave 10.14.6 Security Update 2019-002(18G2022) &Catalina 10.15.2 Update. The fixed T2 BridgeOS version is 17.16.12551. Apple did not list the fix in the 10.15.2 or 2019-002 Security Update notes but DID put them in the AppleSeed 10.15.2 Beta 2 Update Notes. I can’t post them here, but you can check the AppleSeed Patch Notes portal or you can contact Apple Support to confirm if you need further information.
Final Verdict – After further investigation, the problem was NOT the user’s fault. After more users reported what happened during the update I found that the update stalled out during the BridgeOS update phase. The black screen is only supposed to last 2-5 minutes. In reality, the update stopped and the Mac would be on the same black screen for up to 1 hour. The user had NO CHOICE but to shut down the Mac. By that time it was already too late.
Users are Unable to Unlock FileVault 2 if the Mojave 2019-001 Security Update is Interrupted.
This issue was first reported about one month ago on the MacAdmins Slack. It was reported that after some users installed the Mojave 10.14.6 Supplemental Update #3, they were unable unlock their Mac with the FV2 Password or PRK. The issue was not widely reported though so it was thought to be a fluke.
Mojave 2019-001 Security Update
All this changed when the Mojave 2019-001 Security Update was released. MacAdmins started to report the problem again.
I have a Mac that just finished installing the 2019-001 Security Update. I can’t get past the FileVault 2 screen with the password or Personal Recovery Key.
MacAdmin User Report
More and more MacAdmins are starting to report this devastating 2019-001 FileVault can’t login issue.
Who, What, When, Where & Why Index
1. Affected Mac Hardware = T2 Machines
2. Affected macOS Build Versions UPDATE!
3. FileVault 2 Encrypted Machines Only. UPDATE!
4. Evidence? Reports of a Black Screen Followed by User Power Off
(18G1012) Mojave Security Update Released on 10/29/19
(17G9016) High Sierra Security Update 2019-006 – 10/29/19
(17G9016) High Sierra Security Update 2019-005 – 9/26/19
3. FileVault 2 Encrypted Machines Only. UPDATE!*
UPDATE! – We now have two separate reports of this happening when the Mac is NOT FV2 Encrypted.
If your Mac is unencrypted you should be fine.
* I have not seen any reports as of 11/09/19, that include a T2 Mac that was not encrypted.
4. Evidence? Reports of a Black Screen Followed by User Power Off
After the reports started to roll in, we started to investigate. One of the common threads is that users reported a problem with the update during the install.
Black Screen – Users reported that the Mac looked like it powered down. They would try to power it back on, interrupting the install process.
Black Screen with Apple Logo & Progress Bar Stuck – While the Update was installing, some users have reported that the update hung or stalled out. This was followed by a power down.
5. Can’t login with FV2 Password or PRK?
After the user powered down the Mac, they reported the following.
Can’t login past FileVault 2 with my Password.
Can’t boot the Mac up with the PRK.
In this situation the Mac is unable to boot up at all. The only thing that the user can do is boot to the Recovery Partition or Internet Recovery.
After booting to the Recovery Partition we tried to first mount the disk.
This did NOT work!
You can confirm the issue by typing in diskutil ap list
Volume disk4s1
| ---------------------------------------------------
| APFS Volume Disk (Role): disk4s1 (No specific role)
| Name: Macintosh HD (Case-insensitive)
| Mount Point: Not Mounted
| Capacity Consumed: 171872342016 B (171.9 GB)
| Encrypted: ERROR -69808
We would expect that the Encrypted status line should be:
FileVault: Yes (Unlocked)
or
FileVault: Yes (locked)
Note the Encrypted line. It should say LOCKED or UNLOCKED. Instead you get ERROR -69808
xartutil CLI Binary
You can also use the xartutil binary to check for the Encryption Keys.
xartutil --list
You should see 2 entries listed = This is a normal output
Total Session Count: 2
If you see
xartutil: ERROR: No supported link to the SEP Present = Not a T2 Mac
If you see
Total session count: 0 = The Encryption Keys are Lost.
7. Workarounds?
Currently no known workaround is available.
We have tried multiple things.
Mounting the disk in the Recovery Terminal
Mounting the disk in Disk utility
Target Disk Mode
8. Should I block this update?
After Reviewing Multiple Reports, the issue only looks to have affected a small number of users. One MacAdmin said out of 150 machines, the issue only affected 2 of them.
I tested this issue out on a 2018 MacBook Pro.
Powered Off during the first Black Screen.
Powered Off during the second Black Screen
Powered Off during the first Security Update Progress Bar
Powered Off during the second Security Update Progress Bar
The BridgeOS Update and the 2019-001 Security Update installed successfully!
If you move forward with the update you can ask users not to interrupt the install process.
9. Will Apple fix this issue?
The black screen BridgeOS update process has been around since 2018. Something must have changed in the 2019-001 Security Update.
If you have this issue please report it to Apple ASAP.
What’s New in macOS Catalina 10.15.2 Beta 1 (19C32e)
Today Apple released macOS Catalina 10.15.2 Beta 1 (19C32e) to Developers.
10.15.2 Beta1 is now live, so let’s dig in and see what changes Apple added to this new build version.
This article is meant to save you time going through the notes to find what is new and what is still leftover from the last beta. When Apple releases the next Beta patch notes, the previous patch notes are overwritten and taken down.
Summary of 10.15.1 Beta 3 Patch Notes
1 New Feature
Report your bugs NOW!
Now that macOS Catalina 10.15 is live you still will want to get any bugs that you find into Apple now. After the production release of the OS bugs can take longer to fix. The 10.14.4 “Update Keychain” bug is a perfect example.
Keep in mind, I can only publish public data. If you are an AppleSeed for IT member you can access additional 10.15 Catalina Beta Patch Notes in the AppleSeed Portal. AppleSeed information is protected by Apple’s NDA.
Some fixes are not going to be listed. Many issues are from #MacAdmins who have filed FeedBack Requests and Enterprise Support tickets. Most of these issues are resolved but are never publicly noted.
Overview
The macOS 10.15.2 SDK provides support for developing apps for Macs running macOS Catalina 10.15.2. The SDK comes bundled with Xcode 11.2 available from the Mac App Store. For information on the compatibility requirements for Xcode 11.2, see Xcode 11.2 Release Notes.
New Features in 10.15.2 Beta #1
Networking – Certain top-level domains (TLDs) such as .dev and .app are now in the Foundation URLSession and NSURLConnection HTTP Strict Transport Security (HSTS) preload list. An app which uses URLSession to visit a matching URL will always navigate to the URL as https://, and never as cleartext http://. See the HTTP Strict Transport Security (HSTS) Specification for more information about HSTS. (56247242)
