Skype for Business with macOS Catalina

Today I was troubleshooting issues with a brand new MacBook Air that had the latest version of macOS Catalina on it. The user had installed Skype for Business but the microphone would never work. In the instructions that Microsoft provides, it says that you need to enable it in the Privacy & Security settings, however the Skype for Business Application never shows up under the Microphone settings. This went down a few rabbit holes, but what it appears is that Microsoft has not updated the Skype for Business app to update the TCC database. So what I ended up having to do was the following:

  1. First you need to give the Terminal app full disk access, if you don’t do this, then the rest of the actions will fail. To do this, while you are in the Security and Privacy Preference Panel, find the “Full Disk Access” on the left side, once found click the lock icon to unlock if it isn’t unlocked already and then select the check box next to the Terminal application. It may give you a popup about needing to quit the terminal app because it is open, go ahead and quit the application.
  2. Next, open a new terminal app, it is under Applications -> Utilities -> Terminal
  3. In the Terminal app, we are going to run 2 commands, the first command is going to backup the file we will be changing with the second command. So the first command we need to run is:
sudo cp ~/Library/Application\ Support/com.apple.TCC/TCC.db ~/Desktop/

4. Then we are going to run the following command which will insert a new row in to the TCC.db file (this should all be on one line):

sudo sqlite3 ~/Library/Application\ Support/com.apple.TCC/TCC.db "insert into access VALUES('kTCCServiceMicrophone','com.microsoft.SkypeForBusiness',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1541440109) ;"

5. Now go back to the Privacy & Security Preference Panel and click the Microphone, the Skype for Business app should show up there, as well has have a check mark next to it, if it doesn’t have the check mark, click it.

6. Then we need to remove the full disk access from Terminal, so scroll back to the Full Disk Access and uncheck the Terminal application. It will give you a popup about it running, go ahead and click the quit now.

7. Now you can either start Skype for Business, or stop and re-open it and the Microphone should work on voice calls now.

Weird Mac Problem

Has any one else seen this problem? Using a MacPro with Snow Leopard 10.6.1 on it, and it seems like everytime I go to shutdown the Mac (using Finder and holding Alt and clicking on shutdown) it shuts down, but then a second later it starts back up. (almost as if it was doing a reboot instead of a shutdown. When the login screen shows up, I click the shutdown and it shuts down and doesn’t restart. Any suggestions?

Sun Ray 5 Early Access part 2

I finally got time again to start playing with Sun Ray 5 Early Access software. Now my current setup probably should not be used for any type of test more than simple single/dual user testing. But I did not want to test the software on the current working server. So I decided to install it in a VMWare image on my Mac Pro. The Mac Pro is more than suited to handle it and had plenty of free memory/processor/storage to use so there was no contention (I gave the VM 4 processors and 8 gig of ram)..

The kicker was getting VMWare Fusion to actually allocate the network cards the way I needed them. I gave the VM 2 nics (the Mac Pro has 2), however the only options that VMWare Fusion let you do is NAT, Host-Only, and Bridged. None of which will work if I want a private network for the Sun Ray’s. To fix this you will need to go and edit some files that VMWare Fusion uses. What I had to do was the following:

1. Open up the Terminal app
2. Edit the file /Library/Application Support/VMware Fusion/boot.sh

sudo vi /Library/Application\ Support/VMware\ Fusion/boot.sh

3. Comment out the following line:

"$LIBDIR/vmnet-bridge" -d /var/run/vmnet-bridge-vmnet0.pid vmnet0 ''

And then add 2 lines directly below that line, which tells vmware to bind the en0 physical device to the vmnet0 virtual device, same for en1 to vmnet2. Note you can not use vmnet1 or vmnet8 as those are for NAT and Host-only connections.

"$LIBDIR/vmnet-bridge" -d /var/run/vmnet-bridge-vmnet0.pid vmnet0 en0
"$LIBDIR/vmnet-bridge" -d /var/run/vmnet-bridge-vmnet2.pid vmnet2 en1

Once done, do the following:

sudo /Library/Application\ Support/VMware\ Fusion/boot.sh --restart

Now go in to your Mac System Preferences and configure the second network card for a private subnet (i.e. 192.168.128.0/24, and set the IP to be something like 192.168.128.254).

Now make sure that your VM is NOT started and is in a powered off state. Go in to the VM and under the settings for that VM add another network adapter, make sure it is selected as “Connected” it doesn’t matter what the device is configured to as we will change it later to an option that is not shown in that list.

Now you need to change the .VMX file so that it can use the new network device. So go in to the directory where you have your VM’s at and then cd in to the machine.vmwarevm directory (For example mine is called SolarisDev.vmwarevm)

Once in there you will need to edit the vmx file, mine is called SolarisDev.vmx. The first thing we are going to change is the ethernet0.connectionType property. Right now it could be any of the ones listed (host-only,bridged, nat). But we are going to change this to “custom”:

ethernet0.connectionType="custom"

Next find the entry for ethernet0.vnet, if it doesn’t exist create it and make it look like the line below. If it does exist and doesn’t match that below, make it match that:

ethernet0.vnet = "vmnet0"

Now we need to do the same for the ethernet1 entries. The only difference to what is above is vmnet0 changes to vmnet2. Once the changes are made you can save the file and start up your Solaris VM. Now what ever network is on your en0 connection on your Mac should be what is connected to the e1000g0 network on the Solaris side. I used the e1000g0 as the “public” side of the Sun Ray server. The e1000g1 interface will be what ever is connected on the en1 connection on the Mac side. I used this adapter for the private Sun Ray Lan.

You should be able to finish following the instructions on the Sun Ray wiki now and get everything configured.

To test the soft client, I set up LAN Connections on the Sun Ray Server:

/opt/SUNWut/sbin/utadm -L on

I then installed the soft client in another VM on the same machine that only had access to the public network. You then can tell the soft client what the IP of the Sun Ray server is and it will connect. Pretty darn cool that the soft client works with minimal config.

This can probably be done on a MacBook Pro as well, if you use the wireless connection as the public side and the wired as the private side. Nice way to do a little demo in one computer.

For reference here is what my network section of the .vmx file looks like :

ethernet0.addressType = "generated"
ethernet0.connectionType = "custom"
ethernet0.generatedAddress = "00:0c:29:f8:29:3b"
ethernet0.generatedAddressOffset = "0"
ethernet0.linkStatePropagation.enable = "TRUE"
ethernet0.pciSlotNumber = "32"
ethernet0.present = "TRUE"
ethernet0.virtualDev = "e1000"
ethernet0.vnet = "vmnet0"
ethernet0.wakeOnPcktRcv = "FALSE"
ethernet1.addressType = "generated"
ethernet1.connectionType = "custom"
ethernet1.generatedAddress = "00:0c:29:f8:29:45"
ethernet1.generatedAddressOffset = "10"
ethernet1.linkStatePropagation.enable = "TRUE"
ethernet1.pciSlotNumber = "35"
ethernet1.present = "TRUE"
ethernet1.virtualDev = "e1000"
ethernet1.vnet = "vmnet2"
ethernet1.wakeOnPcktRcv = "FALSE"

References:
Sun Ray Software 4.2 Wiki: http://wikis.sun.com/display/SRSS4dot2/Home

More nambu security issues

So as if it weren’t bad enough that every message you send is logged with your username and password in the system.log… They decided to log the userid and password in clear text in the sqllite database that it stores information in. Funny all you have to do is a:

strings ~/Application Support/Nambu/Nambu.db

and the second line will contain your userid and password. They keep saying that it is because they are in beta, and when they move to production, it will go to the encrypted keychain, yadda yadda yadda. But these little things should have been done from the begining… Just wondering why people do stupid security stuff like this…