I recently purchased a MacBook Pro. I was eagerly expecting a seamless setup experience.
The experience was not seamless. The good news is I have a working system. The bad news is it took a while to get here. I’m writing my experience to help others who may also be setting up a new Mac and trying to get things to work.
Time Machine
I use a Synology DS1815+ NAS as a home server. The NAS supports Time Machine which my venerable MacBook Air has been backing up to for years.
Network backups with Time Machine are only officially supported to an antiquated Time Capsule, an external drive connected to an antiquated AirPort Extreme, or macOS Server. I understand my Time Machine configuration is not officially supported by Apple. All the same, I believe most of my troubles were caused by faults in Apple software instead of my NAS.
I made sure to have a recent backup of my Air before getting started. It completed without issue.
Just follow the instructions
macOS helpfully asks if you would like to migrate during setup. I did so, found my NAS as a Time Machine backup, entered my credentials, and was presented with a list of computers.
Upon selecting my computer, macOS prompts for the encryption password. I typed my password and got an error:
Some backups cannot be opened. Make sure that all of your network devices are connected and turned on. It appears that some backups are already in use. If you don’t see the backup you need, make sure it is not currently mounted by another machine and try again.
OK, no problem. I shut down my old Air. Unfortunately, I cannot retry the operation, so I need to reboot the computer to try again.
Enter Wi-Fi password. Enter NAS credentials. Select. Same error.
I restart my NAS, believing I have a open connection somewhere. Same error.
Then I realize: I’m probably in the Sierra installer. This computer is a refurb from mid 2017. Perhaps it’s getting confused that my Air’s backup is on High Sierra? Perhaps that’s why it’s not working? After all, even the filesystem is new.
Reinstall from Internet Recovery
I use Internet Recovery to boot into High Sierra and install it.
I then try the same steps. I get the same errors.
I quickly realize this will not work.
I complete setup since I cannot restore from Time Machine. I create a user account and I’m in.
Migration Assistant
I decide to run Migration Assistant after setup to migrate directly from my Air.
This works until I get to migrating my user. The option to replace my existing user is grayed out. It turns out you cannot migrate a user with the same name. So, I create another admin account, log out, log in again, then delete the account with my name.
I try again. Everything works and the transfer begins. I leave for several hours.
When I come back, the wireless transfer is done. But it was not successful.
Some files in /Users/reid were not copied.
The assistant also informs me I should enable FileVault since it did not do so during the migration.
OK. When I’m back to my system, my Desktop and apps are working.
Silent failure
However, only about half of my home directory exists. OK, I was expecting this. I kick off a rsync from my old Air to bring in the rest of my files.
I launch the Aerial screensaver and my screen glitches out. Weird.
I try downloading a driver for my USB 3 Ethernet dongle and get another error.
“AXXX.zip” is damaged and cannot be opened. You should move it to the Trash.
Weird. Perhaps it’s not code signed. I download a utility for my LG monitor. Same error. I know that’s code signed.
I visit the Security preference pane and notice Gatekeeper is set only allow apps from the App Store. I typically also allow identified developers, so I reselect that and try again. Nothing.
I go back and visit System Preferences and notice the option is reset back to App Store only.
I look up the Gatekeeper command line tool, cpctl, and attempt to query the assessments list. I get an assertion error instead. What?
Start over
I decide to reinstall High Sierra and start over, again.
This time I am determined to restore from a Time Machine backup. I suspect my backup may need repair, so I run fsck on the sparsebundle and manually verify the Time Machine backup. I know it’s good now.
I boot the new computer and follow the same setup steps. I get the same “Some backups cannot be opened” error.
I am about to give up when I realize the password I’m using to decrypt the backups is a newer password. I created my Time Machine backup when I used a different password.
I restart, enter Wi-Fi, enter my NAS credentials (by this time, I have printed them out from 1Password) and finally enter my old password to decrypt the backups.
Loading backups…
Yes! I was very relived to see this message. I waited a few minutes for the backups to load.
And waited.
And waited.
I realized my backups were not loading after all.
I was going to try to back up a few steps in the Installer to see if I could retry loading when I noticed a new volume appeared next to my NAS in the previous step. It was a picture like an external Time Machine drive labeled “Time Machine Backups 1”. Perhaps macOS behind the scenes mounted this drive but did not get any further?
When I selected this option, I was able to select my backup and begin the restore. Finally.
Waiting
The restore of about 256 GB of content took about 8 hours over Wi-Fi.
This time, everything worked. FileVault was also helpfully on by the time setup was over. Everything was working. My files were all present, Aerial loaded correctly and Gatekeeper was setup correctly. Hooray.
Let’s enable my kexts
I noticed Keybase and my USB 3 Ethernet dongle kernel extensions (kexts) were not loaded. So, I told Gatekeeper in the Security preference pane to allow Keybase, Inc. and “LEI SU”, the Honest Achmed vendor of my network dongle.
When I restarted, the computer froze on boot. I waited a while and realized I now have yet another problem: I just loaded a bad kext.
It took me a while to figure out how to fix the problem. I tried booting into single-user mode, but I was unable to run mount without assertion errors. It’s also quite difficult to read single-user mode on a Retina display.
I booted into Recovery OS, mounted my drive with Disk Utility, then read the SQLite3 database at /var/db/SystemPolicyConfiguration/KextPolicy to understand which kexts belong to the vendors I allowed. I then edited the database to disallow them an moved the kexts from System/Library/Filesystems and System/Library/Extensions into /tmp.
I rebooted and thankfully everything was working again. I decided just to buy a newer USB-C Belkin dongle instead of trying to load drivers for my old one. (Why does Apple not make their own USB-C Ethernet dongle? Belkin is not a substitute. Alas.)
One more thing: Time Machine continuity
I wanted my Mac to inherit my old Mac’s backups. I could not get prompted for this, so I has to lookup and run tmutil inheritbackup on my old Mac’s sparsebundle. I was then prompted to use an existing backup in Time Machine which matched my new machine’s name.
I thought this was a mistake and possibly the old backup from my computer’s brief broken state, but realize inheritbackup renames my old computer’s sparsebundle to my new computer’s name.
I use per-user quotas on my NAS to ensure Time Machine doesn’t take over my entire volume. I noticed Time Machine thought I had several terabytes instead (no quota), so I used log to query for Time Machine logs to find out what user is in use.
I found it was using the credentials I used to mount Time Machine Backups when running tmutil, not the credentials I used when setting up Time Machine. Weird. I disabled the quota free user, was prompted to give my credentials again, then everything worked correctly.
This is not normal
I have a working computer. However, it took a lot more effort than I’d expect.
My computer comes with AppleCare phone support and I cannot imagine having AppleCare walk me through all of this, let alone someone else who would not have the patience.
I upgraded my Air to High Sierra a few months ago and the installation failed midway, leaving my computer failing to start up. I had to restore from a Time Machine backup, which worked without issue. It was just slow.
I am a bit disheartened to see so many rough edges in the Mac setup process. The biggest trouble was the vague error message about opening backups. Sure, the error was technically correct: I gave the wrong password so the Installer could not open the backup. But when I mistype my password in Time Machine preferences, I get a message saying I used the wrong password instead of a generic message.
My hope is for Apple to improve the experience here. I know a few folks who are working there and hope they continue to work on making the Mac experience great. Even for nerds like me, who can dig into the UNIX underpinnings of the OS, but would rather have things just work.
The good news is it’s a very nice setup. Once it’s working.
Postscript: Why the upgrade?
My venerable MacBook Air has been traveling in my backpack all over the place for over 3 years. Over the last several trips, my screen has developed a halo effect near the center of the screen which is brighter than everything else. This is because of a damaged diffuser and it’s very tricky to repair. This makes photo editing a bit more challenging and has been annoying me more and more lately.
I got a repair quote which came to $400. I decided to put this toward a new computer, even though my Air has been quite capable of occasional video editing and nearly everything else I’ve asked it to do. I’ll miss the Air.