Enable true hibernation mode in MacOS

I had meant to have this blog posted a few months back, unfortunately it got stuck on my todo list and never quite made it out, till now.

I decided to go back to a MacBook Pro a few months back, because my Surface Pro 3 was just not capable of running virtual machines. I absolutely love my MacBook Pro 15inch, it runs anything I throw at it, my only gripe is that the memory cannot be upgraded beyond 16GB. I would happily pay more to get 32GB on it.

I had been using a MacBook Pro 13 inch last year, running OS X Mavericks. One of the features I absolutely loved was hibernate to disk. In my view this is much better than sleep mode because my system state is written to disk, instead of being kept in RAM, which needs to be powered on (this is sleep mode). True hibernation (hibernate to disk) is same as the hibernate mode you get with Windows.

To my surprise, when I went to configure hibernate to disk on my new MacBook Pro, my previous steps didn’t work šŸ˜¦ Ok, I was running MacOS Sierra now, however I expected the process to be the same.

Being the person that rarely gives up (and hibernate to disk was a feature I really really wanted), I started researching on what had happened to it. I managed to find an article fromĀ AppleĀ that listed all the supported sleep modes, and oh wait a minute, what is that I see. Aha, Apple calls hibernate to disk Safe sleep, which only happens when your battery is running extremely low. Hmm, now that I know what it is called, and that it can be enabled (at this stage, only when your battery is running extremely low), I started looking for a way to enable it.

In the above article, it did list that there was aĀ Standby Mode which would put MacBooks to deep sleep (aka hibernate to disk) however that happened only after the MacBook was in sleep mode for 3 hours! I was looking for something that will enable it much sooner. Below is the part in the above article referring to deep sleep.

Standby Mode

For Mac computers that start up from an internal SSD, macOS includes a deep sleep mode known as Standby Mode.

Mac computers manufactured in 2013 or later enter standby after being in sleep mode for three hours. Earlier models enter standby after just over an hour of sleep. During standby,Ā the state of your session is saved to flash storage (SSD). Then, the power turns off to some hardware systems such as RAM and USB buses.

Standby extends how long a notebook computer can stay asleep on battery power. A notebookĀ with a fully charged battery can remain in standby for up to thirty days without being plugged in to power.

After some trial and error, I managed to find the setting that will enable my MacBook Pro to go into “deep sleep/safe sleep/hibernate to disk” when it went into sleep mode.

These settings are enabled via the command pmset which is available viaĀ Terminal Here is some help with pmsetĀ https://www.dssw.co.uk/reference/pmset.html

StartĀ Terminal (Go to Finder/Go/Utilities/Terminal or useĀ Spotlight Search and typeĀ Terminal)

To get your current power management settings runĀ pmset -g custom

If for some reason, you mess up your power management settings, you can go toĀ System Preferences/Energy Saver and click onĀ Restore Defaults to get the default power management settings back

EnergySavings_Restore

The settings that enable deep sleep/hibernate to disk is shown below

pmset_hibernatetodisk_settings

 

Use the command sudoĀ pmset -bĀ {option and value} to change any setting that you have which is different from the above values. (-b is to change settings for Battery Power, -c for AC power, -u for ups and -a for everything. I am using -b because I only want to enable hibernate to disk when I am running on battery)

For instance, if you want to changeĀ displaysleepĀ for Battery Power from 2 to 5 use the following command

sudo pmset -b displaysleep 5

To check the settings again, runĀ pmset -g custom

To test if hibernate to disk is now enabled, pressĀ Command+Option+Power together. Your MacBook should now go to sleep. Give it at least 20 seconds and then press the power button (this is how long I found it took my MacBook Pro to write the contents of RAM to disk. To be sure, you can put your ear to the keyboard, and if you still hear some sound, then it means that your MacBook is still writing to disk. Once everything has been written, it will be absolutely quiet). On waking up, you will see the Apple icon with a progress bar at the bottom. This shows that your MacBook is waking up from deep sleep.

MacOS Wake from Deep Sleep

Hope this helps others who are looking to enable true hibernation on their Macbook

Script to shutdown servers

I run a lot of Microsoft virtual machines in Azure and also locally on my MacBook Pro. These are my lab machines, which I use for testing.

One of the issues with having many virtual machines is orderly shutting them down. It can be a pain to go through each of them and shutting them down.

To circumvent this, I wrote a small PowerShell script, which does it all for me šŸ™‚

The script requires the following

$serverlist contains the hostnames of the servers that you want to shutdown (in the order they need to be shutdown)

$server_domainname this is the domain name that the servers are part of.

servername and and server_domainname is used to figure out the server fqdn, which is then used to shutdown that server.

Run the script from a computer that can connect to the servers. Ensure you are logged on as an account that has permissions to shutdown the servers.

The script will go through the list of servers contained in $serverlistĀ and check if they are online. If they are online, then it will try to shut them down.

Do note that these servers will be forced to shutdown, so anything open on those servers will be lost, if not saved.

Once all the online servers have been shutdown, you will be asked if you want to shutdown the computer you are running the script from. You can press Enter to continue or CTRL+C to skip shutting down the computer you are logged on.

Hope this script comes in handy to others

My path to AWS Certified Solutions Architect – Associate

Almost a week and a half ago, I sat for and passed my AWS Certified Solutions Architect – Associate Ā (AWS CSAA) exam. To be quite honest, I felt the biggest sense of relief, after walking out of the exam centre, not because I had passed, but because I had finally forced myself to sit this exam.

Since posting on LinkedIn about passing my AWS CSAA exam, I have received a lot of requests from people, asking for tips on how to prepare for this exam. In addition to replying to them, I thought best to also put up a blog post, to help others that might be preparing to sit for the same exam.

I have been a Microsoft person for years, so it was quite natural for me to transition to Microsoft Azure a few years back. Microsoft Azure, to put it simply, is awesome. It empowers its users to grow their IT much faster and beyond what their local datacenter’s can accomodate, with a simple, pay-as-you-use model. This model has helped so many businesses become successful, in such a short amount of time.

I start my New Year, each year, with a list of technologies that I had been introduced to, in the year that had just finished, but did not get a chance to properly get acquainted with. This list, then condenses into my list of todos for that year. Last year, AWS made it into my list and since then I have been spending time, finding out all about it.

Exams to me are not just a certification, but a chance to find more about a technology and to re-confirm my understanding of it. That is why I try my best to learn as much as possible about the technologies being tested in an exam. What better way to learn more about AWS then to do the AWS Certified Solutions Architect – Associate exam šŸ˜‰

I got my training material fromĀ https://acloud.guruĀ Ryan Kroonenburg teaches an awesome course to get one prepared to sit for the exam. The course is not too expensive either, well within the budget of anyone.

However, a note of caution. If you are very new to AWS and think that just doing the course will be enough to pass the exam, then there is some news for you. The whole basis for the AWS exams is to test you on your hands on experience and just cramming the information and proceeding to sit for the exam will be preparing yourself for a fail. I would highly recommend doing the labs that Ryan takes you through in the course. AWS provides a free tier, which covers almost all that you will need to train for the AWS CSAA exam. You can make use of this to get lots of hands on training. Also, read the whitepapers and faqs. These provide detailed information about the AWS services. ACloud.guru also has forums where you can ask questions and also answer questions others have posted.

To recap, my tips for passing the AWS CSAA exam

  • purchase the ACloud.guru course for AWS CSAA
  • go through the videos in the ACloud.guru course at least twice and do all the labs
  • answer all the section quizzes, the Mega Quizzes and Final exam questions and do them till you get at least 90% correct
  • read the AWS whitepapers and FAQs
  • participate in the ACloud.guru forums

You will soon realise that you are confident enough to sit the exam and that is when you book it and go sit for it.

I would highly recommend not waiting too long to sit for your exam (I have learnt from my mistake). I find that if I wait for more than a month to book my exam, I normally start forgetting all that I have learnt, and have to go over the material all over again. Everyone is different, so this might not be true for you. I would suggest aiming for 1 month of training, however in the 2nd week, book your exam for a date 2 weeks away. Doing this will firstly put you in panic mode, but then you will soon realise that you don’t have much time to study, and will start studying more intensely. By the last week, if you still think you are not fully prepared, you have 72 hours to reschedule the exam. If you are going to reschedule, then don’t reschedule to a date too far in the future.

I wish you all the best for the exam.

MfaSettings.xml updates not taking effect

Last week, I was at a client site, extending their Microsoft Identity Manager (MIM) 2016 Self Service Password Reset Solution so that it could use Azure MultiFactor Authentication (MFA). This is an elegant solution since instead of using Questions and Answers to authenticate yourself when trying to reset your password, you can use One Time Passwords (OTP), sent as a security code via a text message to your registered mobile device.

I followed the steps as outlined inĀ https://github.com/Microsoft/MIMDocs/blob/master/MIMDocs/DeployUse/working-with-self-service-password-reset.mdĀ to enable Azure MFA, and everything went smoothly.

I then proceeded to testing the solution.

Using the Password Registration Portal, I registered my mobile number against my test user account.

I then opened the Password Reset Portal, entered my test user username and proceeded to wait for the text message from Microsoft Azure with the security code, so that I could enter it in the next screen.

MIM_Verify_MobilePhoneVerification

I waited and waited (for at least 5 min), unfortunately the text message didn’t arrive šŸ˜¦

Ok, troubleshooting time.

On my Microsoft Identity Manager 2016 Service Server, I opened the Windows EventLogs viewer and then expanded the section forĀ Forefront Identity Manager event logs. Aha, I was on the right track as I saw a lot of errors reported.

MIMServiceServer_EventLogs

I went through the event log entries and found one which looked abit odd. The error essentially said that the certificate path contained illegal characters.

MIMServiceServer_Error_CertificatePath

I couldn’t make much sense of this error, so I opened theĀ MfaSettings.xml file to check, and I quickly realised my mistake. I had included the certificate file path within quotes!

I quickly removed theĀ unnecessaryĀ ” “ , saved theĀ MfaSettings.xml file and restarted my testing process.

I went through the password reset process again, and yet again, I didn’t receive any text message from Microsoft Azure with the security code šŸ˜¦

I re-checked the eventlogs and noticed the sameĀ Exception: Illegal characters in path for the Certificate File Path error. Thinking that I might have forgotten to save the previous modification to the MfaSettings.xmlĀ file, I opened the file to confirm. The quotes were no where to be seen! Alas, the plot thickens my dear Watson!

I couldn’t find any explanation for this behaviour. Then, thinking that maybe the MIM serverĀ was having issues accessing the long filepath for the Certificate file, I moved the certificate file to a folder that was closer to the root of the C:\ drive, updated theĀ MfaSettings.xml file appropriately and repeated my testing.

Again, no text message šŸ˜¦

Checking the event logs, I noticed the same dreadedĀ Exception: Illegal characters in path for the Certificate File Path error again.

However, looking closer at the error, I realised that the file path was reported as C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\MfaCerts\cert_key.p12, which wasn’t correct since I had moved the certificate file to another folder and updated the MfaSettings.xml file accordingly!

Suddenly I had that light bulb moment šŸ˜‰ Updates to theĀ MfaSettings.xml file were not being read by the MIM Server! This could only mean that it wasn’tĀ monitoring this file for any changes, quite the opposite to what I had initially assumed!

To force MIM to re-read the MfaSettings.xml file, I restarted theĀ Forefront Identity Manager Service service and went through my password reset testing process again.

Eureka! This time around, I received the text message from Microsoft Azure with the security code! Checking the Event logs, I couldn’t find any new occurrences of theĀ Exception: Illegal characters in path for the Certificate File Path error. Hurray!

I completed the password reset process and confirmed that the password for my test account had indeed been changed.

I hope this post helps others.

BTW, below is a sample of theĀ MFASettings.xml file (for security reasons, the keys have been scrambled, however as seen below, none of the values need quotes)

<?xml version=”1.0″ encoding=”utf-8″ ?>
<SubscriberKeys>
<LICENSE_KEY>1A3FED2C1BZA</LICENSE_KEY>
<GROUP_KEY>a1b234c567890e123456gh1234567eij</GROUP_KEY>
<CERT_PASSWORD>1ABDCDEF1GHDAVWA</CERT_PASSWORD>
<CertFilePath>C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\MfaCert\cert_key.p12</CertFilePath>
<Username>john.doe</Username>
<DefaultCountryCode>61</DefaultCountryCode>
</SubscriberKeys>

 

Re-execute the UserData script in an AWS Windows Instance

Bootstrapping is an awesome way of customising your instances in AWS (similar capability exists in Azure).

To enable bootstrapping, while configuring the launch instance, inĀ Step 3: Configure Instance Details scroll down to the bottom and then expandĀ Advanced Details.

You will notice aĀ User data text box. This is where you can provide your bootstrap script. The script will be run when your instance is first launched.

AWS_BootstrapScript

I went ahead and entered my script in the text box and proceeded to complete my instance configuration. Once my instance was running, I initiated a Remote Desktop connection to it, to confirm that my script had run. Unfortunately, I couldn’t see any customisations (which meant my script didn’t run)

Thinking that the instance had not been able to access the user data, I opened up Internet Explorer and then browsed to the following url (this is an internal url that can be used to access the user-data)

http://169.254.169.254/latest/user-data/

I was able to successfully access the user-data, which meant that there were no issues with that. Ā However when checking the content, I noticed a typo! Aha, that was the reason why my customisations didn’t happen.

Unfortunately, according to AWS, user-data is only executed during launch (for those that would like to read, hereĀ is the official AWS documentation). To get the fixed bootstrap script to run, I would have to terminate my instance and launch a new one with the corrected script (I tried re-booting my windows instance after correcting my typo, however it didn’t run).

I wasn’t very happy on terminating my current instance and then launching a new one, since for those that might not be aware, AWS EC2 compute charges are rounded up to the next hour. Which means that if I terminated my current instance and launched a new one, I would be charged for 2 x 1hour sessions instead of just 1 x 1 hour!

So I set about trying to find another solution. And guess what, I did find it šŸ™‚

Reading through the volumes of documentation on AWS, I found that when Windows InstancesĀ are provisioned, the service that does the customisations using user-data is calledĀ EC2Config. This service runs the initial startup tasks when the instance is first started and then disables them. HOWEVER, there is a way to re-enable the startup tasks later on šŸ™‚ Here is the document that gives more information onĀ EC2Config.

The Amazon Windows AMIs include a utility called EC2ConfigService Settings. This allows you to configureĀ EC2Config to execute the user-data on next service startup. The utility can be found under All Programs (or you can search for it).

AWS_EC2ConfigSettings_AllApps

AWS_EC2ConfigSettings_Search

Once Open, underĀ GeneralĀ you will see the following option

Enable UserData execution for next service start (automatically enabled at Sysprep) eg. or <powershell></powershell>

AWS_EC2ConfigSettings

Tick this option and then pressĀ OK. Then restart your Windows Instance.

After your Windows Instance restarts, EC2Config will execute the userData (bootstrap script) and then it will automatically remove the tick from the above option so that the userData is not executed on subsequent restarts (or service starts)

There you go. A simple way to re-run your bootstrap scripts on an AWS Windows Instance without having to terminate the current instance and launching a new one.

There are other options available in the EC2ConfigService Settings that you can explore as well šŸ™‚

 

High Battery Drain on Macbook Pro

I recently moved back to a Macbook Pro, and couldn’t be happier. Don’t get me wrong, for what I was using my Microsoft Surface 3 Pro, it did it brilliantly. It is extremely portable and very fast, an amazing device. Unfortunately it is not built to run virtual machines as it grinds to a stop (I know I know, the newer versions of these fantastic machines CAN handle virtual machines, but mine wasn’t that high spec’d).

Previous to my Surface 3 Pro, I was using a Macbook Pro 13 inch (non-retina) and it served me well. However, my current Macbook is a Mabook Pro 15 inch (retina) and with dual Graphics card. It is amazing. With 16GB of RAM, and an i7 processor, it handles anything I throw at it. And the graphics is breath taking, a 4K resolution on a laptop!

However, one of my gripes from day one has been the high battery drain I had been experiencing. Comparing battery life with my colleagues, I found out that while their Macbook Pros would last for at least 5 hours with 100% charge, mine would die in under 3 hours! This either meant that I had been shuffled a defective device by lady luck, or there was some setting I was unaware of. I decided to use the latter of the possible causes and started my investigations.

macOS Sierra (and previous versions) have a native “task manager” called Activity Monitor. This is an amazing utility, as it not only tells you about your CPU and Memory usage, but also shows the impact each application has on your battery.

After viewing the applications under theĀ Energy tab for a few minutes, I didn’t notice anything out of the ordinary, however there was something peculiar happening with the Graphics Card. TheĀ High Performance Graphics card was always in use. From what I had previously read, the high performance graphics card on Macbook Pro’s is extremely power hungry, which could explain my high battery drain.

ActivityMonitor_Energy_GraphicsCard

Using Dr. Google I found some articles, which stated that if Automatic graphics switching is disabled underĀ Energy Saver inĀ System Preferences, macOS will use the high performance Graphics Card 100% of the time. I quickly checked my settings and the Automatic graphics switching wasĀ unticked!

SystemPreferences_EnergySaver

SystemPreferences_EnergySaver_AutomaticGraphicsCard

I placed a tick besideĀ Automatic graphics switching and then went back to theĀ Activity Monitor utility. This time it showed theĀ Graphics Card asĀ Integrated šŸ™‚

ActivityMonitor_Energy_Graphics_Integrated

I then proceeded to run my Macbook on battery, keeping an eye on the battery. This time around, the battery didn’t drain as quickly, and the fan noise that I had previously been experiencing (due to the High Performance Graphics card being used) wasn’t present anymore.

I hope this helps others who might be experiencing similar issues with their battery usage. Do note that this is a possible solution for all Macbook Pro’s that have dual Graphics Card but not applicable to those that have only one.

Error rebuilding MIMWAL – File MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.dll not found

A few days ago, I was going through the steps for compiling MIMWAL, as listed atĀ http://ithinkthereforeidam.com/installing-the-mimwal/Ā and came across an interesting problem.

After I had rebuilt my Visual Studio package, I went to run Sign.cmdĀ and kept getting the followingĀ error message

MicrosoftServicesIdentityManagementWorkflowActivityLibraryNotFound

Error: File “MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.dll” Not Found. You need to compile WAL solution first! Make sure you use REBUILD Solution menu. Aborting script execution…

This was quite bizarre as I had not deviated from the steps listed in the above mentioned article. It was time to put on my Sherlock hat and find the culprit behind this error!

I opened theĀ SolutionOutput folder and compared the contents to what was shown in the article and found something interesting. The dll mentioned in the error was indeed missing!

AlsoĀ the fileĀ MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.pdb was missing.

This meant that there must have been an error when rebuilding the package in Visual Studio. I alt+tabbed to my Visual Studio screen and in the output pane, saw something interesting. It showed that there had been some issues while copying Ā MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.dllĀ to theĀ SourceOutputĀ folder.

VisualStudioOutputPane_Error

The error

WorkflowActivityLibrary -> C:\MIMWAL-2.16.1028.0\src\WorkflowActivityLibrary\bin\Release\MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.dll
1> Does C:\MIMWAL-2.16.1028.0\src\SolutionOutput specify a file name
1> or directory name on the target
1> (F = file, D = directory)? ?

seemed to indicate that when Visual Studio was trying to copy the two missing files, it hadn’t been able to determine if the destination folder Ā SourceOutput was a directory or a file. This resulted in Visual Studio skipping the copy of these files. Doing some investigation, I found that the MIMWAL source package didn’t contain aĀ .\src\SourceOutput folder. This explained why Visual Studio was showing the above warnings.

Based on my findings, I found two solutions that helped resolve the issue

Solution 1

Rebuild the Visual Studio Package again. On the second try, since theĀ SourceOutput directory now exists, the files will be successfully copied.

Solution 2

Before rebuilding the MIMWAL package, create a subfolder calledĀ SourceOutput inside the srcĀ folder

My preference is for Solution 2 as it means that I won’t get any errors.

After successfully rebuilding the MIMWAL package, I ranĀ sign.cmd and this time around – Success! I got the expected result.

VisualStudioOutputPane_Success

Signcmd_Successful

I hope this blog helps anyone else who might be having issues with compiling MIMWAL and runningĀ sign.cmd