Contrary to popular belief, Apple did not take down the High Sierra Internet Recovery server.
Since the beginning of 2023, macOS High Sierra Internet and local recovery broke. An investigation with OpenCore Legacy Patcher Co-Developer dhinak
Mid 2023, I started to see multiple posts about macOS 10.13 High Sierra recovery not working. We all know about the certificate expiring and date and time issues, but this issue was DIFFERENT. Near the end of 2023, I started investigating the issue. I was able to reproduce it every single time. Sure enough, Local hard drive command R and Internet Recovery are broken with the same “The Recovery Server Could Not Be Contacted” error. What does this mean and can it be fixed?
While I was able to identify the issue and reproduce it, I was not able to come up with an actual fix other than the #2 fix listed below and creating a macOS High Sierra Bootable install USB. Wonder if you only have 1 Mac and can’t create a recovery disk? You are stuck!
So I reached out to OpenCore Legacy Patcher co-author dhinakg. For those that don’t know dhinakg is an expert in all things involving Apple Software Update Server. After some time, he replied with the root issue and a perfect workaround solution! Jump to #1 for an explanation of what the problem is and # for the URL fix.
Thank You
I would like to thank dhinakg for helping me investigate this issue! You can follow him on twitter here = https://twitter.com/dhinakg
Up next? macOS Sierra Recovery install is also broken! who knows if we can also fix this issue.
My full demonstration walkthrough video on how to fix the recovery issue.
Table of contents
What is the root problem?
How to fix the issue?
Fix #1 Boot to a newer version macOS internet Recovery!
Fix #2 Create a macOS High Sierra bootable installer USB
After installing macOS Sierra, High Sierra, Mojave and Catalina you can’t continue past the iCloud terms and conditions window because they Agree button is greyed out.
UPDATED 1/10/23
Users started reporting this issue late last week.
A quick summary of the issue.
The issue is triggered after attempting to sign into iCloud at the setup assistant window after installing macOS with the following OS listed below. You will be unable to continue past the screen, because the Agree button is greyed out.
The issue affects the following macOS versions 👇
1. macOS Catalina 10.15
2. macOS Mojave 10.14
3. macOS High Sierra 10.13
4. macOS Sierra 10.12
5. OS X El Capitan 10.11
6. OS X Yosemite 10.10
7. OS X Mavericks 10.9
My quick video demonstrating the issue
Reproducing the issue.
The issue can be reproduced every time by attempting to sign into iCloud in the setup assistant window.
How to Fix the Issue
The fix is very simple, all you need to do is click the back button. Then click “Set Up Later” at the top of the Sign In with Your Apple ID window.
Click “Set Up Later” to bypass the issue.
Walk though the rest of the macOS setup assistant until you get to the desktop.
You can still sign into iCloud once you get into the OS.
The good news is that you can sign into iCloud in system preferences after the setup assistant.
What is causing the issue?
Unknown at this time. Could it be a server side issue? I will update if I find any further info.
have more than 20,000 files your upgrade could fail.
In some situations users have reported 500,000 – 2,000,000 files!!!
This is the reason why the problem could never be reproduced.
If you build a fresh system the file counts for spotlight will be very low. You might have 20-400 entries. This would allow the upgrad to finish properly.
Table of contents
Different situations. The macOS stuck progress bar issue has many different situations.
How can I check how many mdworker files my system has before an upgrade.
I have more than 20,000 files. How do I clear them out before the upgrade?
The files have been deleted! Now what?
What if you booted your failed Mac into safe mode after having the issue?
2020-006 Security Update for Mojave & High Sierra + Safari 14.0.1
Security Updates 2020-006 for macOS Mojave 10.14 (18G6042), High Sierra 10.13 (17G14042) & Safari 14.0.1 are now Available.
With the release of macOS Big Sur, Apple also released Security Updates for both macOS Mojave and High Sierra. Catalina was issued a 10.15.7 Supplemental Update to address the same security issues in 2020-006.
NOTE: Apologies for the tardiness of this article, Big Sur and Apple Silicon really took my attention away. I didn’t forget about everyone who asked me when my Security Update article would come out. I will always test the update out first so you don’t have to deal with issues.
You can read more about the 10.15.7 Supplemental update below.
VMware Fusion Player 12 is now free for personal use on the Mac!
Last month VMware announced VMware Fusion 12. The new version includes macOS Big Sur support for host and guest. VMware also announced that the Mac version is now FREE ($149 Normal Price) for personal use! Previously the Free VMware player was only available on Windows. You can use it to test macOS, Windows 10, or Linux. If you’ve always wanted to set up a macOS VM, now is the time. It’s never been easier to build a test VM, so let’s get started!
https://www.youtube.com/watch?v=qlEZYphfrwY
How To Register, Download, Install & Configure VMware Fusion Player 12 – Mr. Macintosh Video.
Create a New VMware Account.
VMware notes that the free version is available for the following situations.
Fusion Player offers a Personal Use License, available for free with a valid MyVMware account. Home users, Open Source contributors, students, and anyone else can use Fusion Player Free for Non-Commercial activity.
VMware.com
If you are one of those, head over to the registration site.
This link also has a download area to get the the 600MB .dmg installer.
Install VMware Fusion Player 12
Open the .dmg and install Fusion Player 12. NOTE: VMware Fusion 12 requires macOS Catalina or newer. Once complete, open the application and you will be prompted to enter in the license key.
When you first start VMWare Fusion you will get a Select Install Method Screen. In the past you needed to run through a bunch of steps to create a macOS Install .ISO file. Not anymore, you can just drag and drop the full Install macOS Install.app (or Windows iso or Linux .iso) over to this window to begin!
VMware Fusion Player 12 – Select Install Method
The next screen will let you select macOS installer.app file. You will normally only see the one that you just dragged over. In my case, I have already installed 10.14, 10.15 and 11.0. Click Continue.
VMware Fusion Player 12 – Select Install image
You will now see a final finish screen, before you start to configure the VM.
Finish of the VM setup wizard.
The next screen will tell you that VMware Fusion Player is creating installation media.
VMware Fusion Player 12 – Creating Installation Media
You will get a warning about running this VM machine with side channel mitigations enable. It says that side channel mitigations provide enhanced security but lower performance. You can change the settings when the VM is not running in the Advanced panel of the VM.
VMware Fusion Player 12 – You are running this virtual machine with side channel mitigations enabled.
The new macOS VM is booting to the installer! Once booted, it will be just like you booted into the recovery partition. All you need to do is select Install macOS to begin.
VMware Fusion Player 12 – Booting to the macOS Installer.
30 Minutes or so later you will be at the Setup Assistant Screen.
Congratulations! You’ve just built your first macOS virtual Machine!
Snapshots
One of the best features about having a macOS virtual machine is snapshots. You can build out a fresh OS and then take a snapshot before you make any changes to the system. Did the test not work? No big deal! Instead of reinstalling the OS to test again, just revert back to a previous snapshot! It’s literally that simple. You can access snapshots from the Virtual Machine menu bar item.
Snapshots!
Boot your macOS VM to Recovery Mode
Quick Way – sudo nvram "recovery-boot-mode=unused" && sudo reboot
If you need to boot the VM to macOS Recovery mode, all you need to do is edit the .vmx file located in /Users/youruserfolder/Virtual Machines/vmnamehere
Right on the file and then select “Show Package Contents”. Inside will be your vmnamehere.vmx file. Right click on that file and edit it with your favorite text editor. Add this line at the very end of the file and click save.
macosguest.forceRecoveryModeInstall = "TRUE"
Start up the VM an you will now be in recovey mode.
To boot back to macOS, open that same file and delete the line that you just added above and click save.
The final step is to delete the .nvram file in that same directory.
NOTE: 10/07/20
I am having trouble booting to recovery with Big Sur Beta, I’m going to run a few more tests. This works fine on 10.14 and 10.15.
UPDATE 9/26/20 – Some users have reported major problems after installing the update!
Today, Apple released macOS Security Update 2020-005 for High Sierra and Mojave. The 2020-005 security update will most likely will be the end of the line for macOS High Sierra. After macOS Big Sur is released, Apple will no longer support High Sierra.
Below you will find Build Versions, Download Links, Update Sizes and previous Security Update Links.
What’s New in the macOS 2020-005 Security Updates – Mr. Macintosh Video.
The 2020-005 Update fixes & reverts the 2020-003 changes made to the –ignore flag. After installing the update, you can now ignore major upgrades again.
UPDATE 9/24/20 – The 2020-004 update was said to fix this but it actually did not work properly. If you had a UAMDM (User Approved Mobile Device Management) Enrolled Mac the --ignore option did NOT work. The 2020-005 update fixed this and now works properly. Big hat tip to @pcrandom for doing a ton of testing. He was able to confirm that this issue was fixed.
After installing 2020-004 on 10.14 & 10.13 you can once again block major upgrades (Catalina). I mentioned this change in my Catalina 10.15.6 Patch Notes Article.
NOTE: This change is ONLY for UAMDM (User Approved Mobile Device Management) and Supervised Macs. If your Mac is not Supervised or part of an UAMDM you will not be able to ignore major updates.
In macOS Big Sur softwareupdate --ignore is deprecated and no longer works. You will only be able to block minor and major updates for 90 days using MDM.Please file feedback NOW, if you need the ability to block minor & major updates in macOS Big Sur!Thanks for the clarification @mboylan!
How do I keep track of all the macOS Build Versions?
I document all of the macOS Build Versions like the latest Mojave 2020-005 High Sierra 2020-005 along with most Apple Applications, XProtect, Gatekeeper and MRT updates in one database. You can check out the link below.
Downgrade Big Sur T2 BridgeOS Beta to a Production Catalina version of BridgeOS.
Using Apple Configurator, you can now downgrade T2 BridgeOS Beta to a Production version of BridgeOS.
Downgrading the version of your T2 BridgeOS has never been possible. Developers and customers could only get a NEWER version of BridgeOS when updating or upgrading macOS. The ability to downgrade BridgeOS on a T2 Mac was simply not possible. This new change to Apple Configurator 2 most likely happened between version 2.12 – 2.12.1.
My quick 4 min video on how to boot your into DFU mode + restore / revive BridgeOS.
Deep Dive explanation on how to boot your Mac into DFU Mode + How to Reinstall BridgeOS with Apple Configurator 2 – Mr. Macintosh YouTube live demo.
Table of Contents
1. Why would you want to downgrade from a beta version of BridgeOS?
2. Can you Downgrade to a Lower Production version of BridgeOS?
3. Problems Running Catalina with a Big Sur Beta BridgeOS Version.
4. Closer look at BridgeOS versioning
5. The Big Sur installer is now using DeviceIDs compatibility checks.
6. BridgeOSUpdateCustomer updater
7. How to Downgrade a Beta Version of BridgeOS to a Production Version.
8. The Revive Option (for science)
9. Final Notes
1. Why would you want to downgrade from a beta version of BridgeOS?
Let’s say that you installed Big Sur Beta 6, and are now having a ton of problems. You probably want to downgrade to Catalina so you can work again. The only problem is, you are still on Big Sur Beta 6 BridgeOS version 18.16.12370. Keep in mind, your Mac SHOULD still work fine with this version. An example of this is if you have Catalina 10.15.6 installed on your Mac, your BridgeOS version is 17.16.16610. Let’s say that you need to test something on version 10.15.3. After installing Catalina 10.15.3, your BridgeOS version will NOT be downgraded to the period correct version of 17.16.13050. It will run just fine on the 10.15.6 version of 17.16.16610 BridgeOS. The same is the case if you have a Big Sur Beta version of BridgeOS and you downgrade to Catalina.
2. Can you Downgrade to a Lower Production version of BridgeOS?
If you are running macOS Beta, then you can use Apple Configurator 2 to downgrade your T2 BridgeOS to a final or production version of BridgeOS.
What about if you are running a production version of macOS? You can downgrade BridgeOS with Apple Configurator 2, but only for 1 week after a new macOS software update. Apple will unsign the previous version of BridgeOS along with previous iOS updates.
3. Problems Running Catalina with a Big Sur Beta BridgeOS Version.
Let’s say after you downgraded from Big Sur Beta to Catalina 10.15.6, you are now having problems. You might start to see weird issues or crashes? Normally you would have to wait until the next beta or the production version of Big Sur to get a stable version of BridgeOS on your Mac.
Looking at the xml file, I need to find my 2019 16″ MacBook Pro. Regular Model Identifiers or BoardIDs are not used here. You need to find the iBridge ProductID. Below is a snippet of the above .xml file. Below the version of BridgeOS = 17P6610
5. The Big Sur installer is now using DeviceIDs compatibility checks.
A change to the macOS Installer Beta was noticed by @grahampugh. He noticed that the new Big Sur installer now looks at the Mac DeviceID for T2 Systems and BoardID for older 2017 and below Macs.
6. BridgeOSUpdateCustomer updater
Now that we have the DeviceID, how do we know which version of BridgeOS is compatible for this model? The xml file gives us a clue BuildVersion 17P6610. I am used to keeping track of the BridgeOS Boot Rom version which is listed like this 17.16.16065.
The BuildVersion/BuildNumber is located inside the BridgeOSUpdateCustomer > BridgeOSUpdateCustomer.pkg > BuildManifest.plist.
BuildIdentities
ApBoardID 0x3E ApChipID 0x8012 ApSecurityDomain 0x01 Info
Apple Configurator 2 offers two options to Reinstall/Downgrade BridgeOS. Only the Restore option will help you downgrade and stay on the Catalina specific version.
Restore = ERASES YOUR HARD DRIVE + Downgrade BridgeOS
If you want to downgrade to macOS Catalina and a Catalina version of BridgeOS, the fastest way is to use the Restore option. Once the restore is complete, you will be on a the Catalina Production Version of BridgeOS and will have empty hard drive. You can now use Internet Recovery to reinstall macOS Catalina.
What happens if you chose the Revive option?
8. The Revive Option (for science)
As noted above, you have no real reason to use this option. But for science, what would happen? If you are on Big Sur Beta want to downgrade T2 BridgeOS Beta using the Revive option, you will leave your Mac in a non bootable state. This is because you are now running a BridgeOS version that is OLDER than the required Big Sur Beta BridgeOS. The good news is, your T2 Mac is smart enough to repair itself! As soon as the revive option finishes, your Mac will boot to a flashing folder alert or the Internet Recovery boot menu. If it boots to the flashing folder, just boot to Command Option R or Command R and you will get the menu below.
Internet Recovery Boot Menu
Connect to the internet and let it continue. You will be brought to a message that says,
You will get this message as soon as you are booted to the Internet Recovery environment.
A software update is required to use this startup disk.
Click Update and your mac will download the correct build of Big Sur Beta BridgeOS.
On this screen your Mac is updating Bridge OS to a Big Sur compatible BridgeOS.
Once complete, the Mac will boot back to Big Sur. The only way to avoid this would be to boot the Mac to Target Disk Mode so you could erase the drive and reinstall Catalina. That’s why if you want to have BridgeOS and Catalina on the same version the Apple Configurator RESTORE option is the way to go. Just make sure to backup everything before you start as all data will be lost.
9. Final Notes
It should be pretty rare that you should ever need to downgrade BridgeOS from a Beta version. Keep in mind this will ONLY work for beta versions. As I noted above you can’t downgrade from a 10.15.6 version of BridgeOS to say a 10.15.3 version. With that said I would love to be able to downgrade to a previous version. If it’s your job to test OS Updates, once you update one test T2 Mac it’s done. It will not perform the BridgeOS update again until the next update. I really like that Apple let’s us downgrade from a beta version of BridgeOS, the more ways for customers to fix their devices the better! A big hat tip goes out to Mr. Macintosh reader thomas089 for first testing this and commenting in my main article!
Security Update 2020-004 released for Mojave and High Sierra + Safari 13.1.2
Security Updates 2020-004 for macOS Mojave 10.14 (18G6020) & High Sierra 10.13 (17G14019) are now Available.
Today, Apple released macOS Mojave Security Update 2020-004 and High Sierra Security Update 2020-004. Below you will find Build Versions, Download Links, Update Sizes and previous Security Update Links. MacOS Sierra is no longer supported by Apple for Security Updates.
Apple listened to us! The 2020-004 Update reverts the 2020-003 changes made to the –ignore flag. After installing the update, you can now ignore major upgrades again.
After installing 2020-004 on 10.14 & 10.13 you can once again block major upgrades (Catalina). I mentioned this change in my Catalina 10.15.6 Patch Notes Article.
NOTE: This change is ONLY for UAMDM (User Approved Mobile Device Management) and Supervised Macs. If your Mac is not Supervised or part of an UAMDM you will not be able to ignore major updates.
In macOS Big Sur softwareupdate --ignore is deprecated and no longer works. You will only be able to block minor and major updates for 90 days using MDM.Please file feedback NOW, if you need the ability to block minor & major updates in macOS Big Sur!Thanks for the clarification @mboylan!
How do I keep track of all the macOS Build Versions?
I document all of the macOS Build Versions like the latest Mojave 2020-004 High Sierra 2020-004 along with most Apple Applications, XProtect, Gatekeeper and MRT updates in one database. You can check out the link below.
Big changes coming to softwareupage –ignore command after installing the 2020-003 update.
The Catalina 10.15.5 Update & 2020-003 Security Updates remove the software update –ignore ability for Major Updates. The –ignore flag for Minor Updates is now deprecated.
UPDATE 7/16/20 – Apple just released Catalina 10.15.6 and Security Updates 2020-004. Apple listened to us and reverted the changes made in 10.15.5 and 2020-003 (with a caveat). After installing 10.15.6 or the 2020-004 updates, you can once again use softwareupdate --ignore to block minor and major updates. As long as the Mac is enrolled in Apple School Manager, Apple Business Manager or a User Approved MDM.
Managing macOS in Enterprise or Education is a tough job no matter how you look at it. One of the toughest things that we have to deal with is 3rd party software. On top of that macOS updates & upgrades can cause additional problems. If you are a regular reader of this blog, you know what I’m talking about. 3rd party software is mission critical, and needs to run without issues. We need the ability to test new macOS Software Updates and Upgrades. Any of which could break that critical software, and cause major problems. A few points >
If we find a problem with 3rd party after installing an update, we would need to reach out the vendor. The fix might take longer than 90 days.
A macOS Update causes a big problem, so bad that we immediately need to block it. Sometimes it takes 2-5 months for Apple implement the fix to the next point release update.
Your Mac needs to be Supervised / Enrolled in an MDM, or you won’t be able to hide the Major Update (10.15.4+) update.
7. How can we ignore Updates and Upgrades in the future? (10.15.4+)
8. System Preferences Icon Red Dot Notification (How To get rid of it)
9. Don’t like this change? What can you do?
1. UPDATES!
UPDATE 6/9/20 – 10.15.6 Beta 2 (19G46c) was released today. The softwareupdate --ignore flag was changed to include some changes that we asked for! Be sure to check the AppleSeed Beta notes for all the details. I am still checking to see if the change will make it to Mojave 10.14.
UPDATE5/28/20 – I ran a quick test on a 10.14.6 (2020-002) Mojave Mac. First I used the command softwareupdate --ignore "macOS Catalina" to ignore the macOS Catalina Upgrade. The Upgrade disappeared from System Preferences > Software Update. I then installed a configuration profile that used the restrictions payload that deferred updates for 90 days. I installed the 2020-003 security update. Catalina showed up in System Preferences > Software Update. This can only mean one of two things…
1. A Mojave Mac with 2020-003 installed can now understand the new MDM Profile “Major Update” deferral. The Upgrade shows up because we are more than 90 days away from when Catalina was released.
2. We are taking this sentence literally “Starting with macOS 10.15.4, major releases of macOS can be deferred for up to 90 days using MDM.” Meaning the change was not backported to 10.14 and we will be unable to ignore 10.16 on Mojave.
I have reached out to Apple for clarification on this.
2. 10.15.5 & 2020-003 Update Changes.
Lets jump right in and look at the new changes.
Before I do, I need to do a quick shout out to @bp Balmes Pavlov
Balmes first called this out on April 16th, and really took a deep dive into this upcoming change.
The changes are here now, so let’s take a look at the 10.15.5 patch notes.
10.15.5 Softwareupdate –ignore changes
“Major Releases of macOS are no longer hidden when using the softwareupdate command with the –ignore flag”.
Updates are considered 10.15.4 > 10.15.5.
Major Releases or Upgrades are considered 10.14 > 10.15.
Notice how at the bottom of the note it says, “This change also affects macOS Mojave and macOS High Sierra after installing Security Update 2020-003”.
3. Right now, this only affects macOS Mojave
The direct impact of this update is to macOS Mojave. If you are running 10.14.6 and have the 2020-002 Security update installed, you can block macOS Catalina with softwareupdate --ignore "macOS Catalina"
After running the above command, macOS Catalina will not show up in System Preferences > Software Update.
This is what the Software Update Pane will look like in 10.14.6 before installing 2020-003.
Looks great! This is after running softwareupdate –ignore “macOS Catalina” on 2020-002
After installing 2020-003, this is what the Software Update pane will look like.
10.15.5 2020-003 softwareupdate –ignore. this is what Software Update looks like after 2020-003.
This leaves macOS 10.14.6 with very few options if you want to block users from upgrading to macOS Catalina.
Turn Off Automatic Updates (manually deploy updates)
Hide/Block the Software Update Preference Pane
Software Restrictions on “Install macOS Catalina.app”
4. What about High Sierra 10.13?
The 10.15.5 patch notes specifically mention High Sierra. For Software Updates, 10.13 still uses the App Store Preference Pane. When you click on it, you go right to the App store updates tab. macOS Catalina is NOT listed anywhere in the “updates” Section.
High Sierra and Sierra used notification banners.
10.13 and 10.14 macOSInstallerNotification_GM notification dialog.
If you wanted to block the banners on High Sierra and Sierra, you would run the following command.
You will now run into another problem after installing the 2020-003 Update.
Ignoring software updates is deprecated.
The ability to ignore individual updates will be removed in a future release of macOS
Reading that deprecation note, it looks like we will not only lose the ability to use the --ignore for Major updates (Right Now on 10.15.5 & 10.14) but also point updates in the future (10.16).
5. Blocking the 2020-003 Security Update
If you would like to block the 2020-003 Security update, run the following command below.
Please let Apple know NOW, not later (10.16 is coming in one month!).
Apple Enterprise Ticket
Apple FeedBack Assistant
If you have an Apple SE assigned to your company, talk to them.
AppleSeed for IT: macOS Deployment & Management Survey (this survey is available for AppleSeed for IT participants and can only be taken in the FeedBack Assistant.app)
MacOS Security Updates for Mojave 10.14, High Sierra 10.13 and Safari released!
Security Updates 2020-003 for macOS 10.14 Mojave (18G5033) & 10.13 High Sierra (17G13033) are now Available.
Today, Apple released macOS Mojave Security Update 2020-003 and High Sierra Security Update 2020-003. This update also includes a fix for the Intel GPU Freezing Issue! Below you will find Build Versions, Download Links, Update Sizes and previous Security Update Links. MacOS Sierra is no longer supported by Apple for Security Updates.
UPDATE 6/02/20 – Apple has re-released the 2020-003 Security Update! The new update has a fix for CVE-2020-9859, a Kernel Exploit. “An application may be able to execute arbitrary code with kernel privilege“
WARNING!!! – If you use softwareupdate –ignore to block macOS Catalina.
If you use softwareupdate --ignore "macOS Catalina to ignore Catalina, you will need a different plan. I mentioned this in my Catalina 10.15.5 Update Article.
After installing the 2020-003 Security update on Mojave, you will no longer be able to ignore macOS Catalina from showing up in System Preferences > Software Update.
UPDATE: 5/27/20 – I just wrote an article explaining this a little better below.
How do I keep track of all the macOS Build Versions?
I document all of the macOS Build Versions like the latest Mojave 2020-003 High Sierra 2020-003 along with most Apple Applications, XProtect, Gatekeeper and MRT updates in one database. You can check out the link below.
