MacOS High Sierra – SafariBookmarksSyncAgent CPU problem (updated 20180321)


Edit – 20180321

Late yesterday afternoon this problem came back. Turning off Safari sync in the iCloud cdev treats the symptom but its not the cure.

Root cause found. Information below updated to reflect the final fix.

Fault Description

For an unknown reason the SafariBooksmarksSyncAgent process is consuming large amounts of CPU and memory on my 2012 MacBook Pro 15”.

Observed Behaviour

The process can be killed using Activity Monitor but will restart when Safari is open. If Safari is closed then the sync process doesn’t restart. showed the following warnings and errors:

XX BAChangeCopyChangedItem: BAChange object created with UUID that does not correspond to a known bookmark.
Move change <BAChange 0x7fc580b014b0 (0x7fc580cb0450 85087F40-FD87-4FDB-B101-713F9FCD1AA3) Modify> was provided without a corresponding changed item.
Batch record save operation completed but failed to save records due to unrecoverable error: Error Domain=CKErrorDomain Code=12 "Request UUID: (null)"
Did fail to save record batch with error: Error Domain=CKErrorDomain Code=12 "Request UUID: (null)"
Sync coordinator failed to sync bookmarks with error: Error Domain=CKErrorDomain Code=12 "Request UUID: (null)"
*** CloudKit bookmark sync failed with result <3>: Error Domain=CKErrorDomain Code=12 "Request UUID: (null)"

So obviously the sync agent has some problems.

Getting Close

Some Googlephoo turned up a few items that were close but nothing that really seemed to me like a root cause fix. Eventually I found an article that led me to this Apple support article: Resolve issues caused by changing the permissions of items in your home folder

That seemed like a worthy fix to try since I had just rebuilt my Mac from scratch and started with a fresh and new user profile. It was highly likely that some home directory permissions got clobbered during my various file restores, especially related to the hidden ‘~/Library’ folder.

I performed the steps as described however it didn’t seem to fix it. The sync process was still chewing high CPU.

The Fix Part 1

I closed Safari and reran the Apple support fix steps.
When I started Safari again the sync process was perfectly behaved. For a short while. Read on.

The Fix Part 2

So, soon after posting this article the problem came screaming back. Same fault as originally described.

This time I nuked the site from orbit.

  • In Safari on my Mac I exported my bookmarks. File -> Export Bookmarks.
  • I turned off Safari iCloud Sync on the Mac and my devices.
  • I deleted all Bookmarks from all devices and then properly closed Safari on all devices.
  • Waited five minutes.
  • Opened the and watched the logs for any process with the word safari in it.
  • Turned on Safari in the iCloud cdev on the mac and my devices. Watched a bunch of stuff scroll by in the None of it appeared to be warnings or errors.
  • Waited five minutes.
  • Imported my bookmarks from the backup file.

Root cause? Unknown. Problem fixed? Yes.

A side effect

Immediately following the fix a bunch of ‘mds’ related processes started churning. These are processes related to the Spotlight app and are part of Spotlight’s discovery and search of data on the computer. Obviously the permissions fix also fixed a bunch of access issues for Spotlight. I left it alone to chug along and it settled down to more normal levels after a short while.

Light rail third rail. What?


Now that the new light rail down George St is slowly taking shape in Sydney i’ve seen a few comments around the place that go something like:

  • Where’s the overhead wires?
  • Looks nice now but wait till they put the overhead wires in and then its an eyesore.

Well in the Sydney CBD this isn’t going to be an issue because the Govt has decided to use a ground-level power supply. The sections of light rail outside the CBD will still use overhead, probably because its cheaper and less likely to get tangled because a lot of our light rail will run on a dedicated per-way.

So, what is this fancy ground-level power supply system used in our light rail? Here is some information about it. Now before anyone freaks out, yes it’s using a third rail but the live rail isn’t actually exposed to the road. There is some mechanical mechanism that ensures the rail is only energised when a tram is over the rail. That’s all I know. The incidents of drunken Sydney yoofs peeing on the rail and taking a fatal jolt should be negligible.

Though, and I suspect because the system uses magnets, Im sure some bright spark will come along with a big magnet one day and end up dead.

So, the third rail you see in the CBD is perfectly safe. Until someone defeats its safety mechanisms on purpose.

Microsoft Remote Desktop for Mac


Mac users have a few choices when it comes to an RDP client for MacOS. There is the one that comes included with MacOS or there is the the one from Microsoft in the App Store.

There is also a beta version of the app store version available from here which, if you like to run beta stuff to get access to new and improved features and bugs is also useful.

I blew away my Mac on the weekend and did a fresh OS install etc because reasons. Unfortunately for me I didn’t remember to save/export my config from the beta client. Fortunately I had my TM backups and was able to grab the config file out of it and copy it over to my new profile. Problem is is that the App Store and Beta versions seem to store their configs in different files. **FURIOUS EYE ROLLING**

For the benefit of other people and for my own future reference the beta version of the app stores its config in `~/Library/Application Support/`. So, to recover your settings quickly and easily, quit the app, copy the file above from your backups and then restart your Mac. After the restart when you open the beta client you should see all your configs restored.


I had a response from the team that develops the tool to my question about this. They said:

hi Andrew, they are stored under:
~/Library/Application Support/

this will only transfer your saved desktops, remote app feeds, gateway, and usernames.
it wont transfer your passwords, as they are stored on the keychain.
also please note that this is not an officially supported scenario

Azure AD Connector Configuration Dumper


So today I discovered that if you inspect the Azure AD Connector config via its GUI the config it gives you is actually about 5% of what is actually there. Specifically, the GUI doesn’t display the rules for OU filtering.

To work around this you can use the sync tool to display the OU filtering config. You’ll need to login as your in-prem AD sync user though to do this. If you don’t have those credentials then you can gather the config using the tool below and then turn it into an easier to review HTML output.

Be warned though, a small AD I ran this against produced a 3MB html file of stuff. There is A LOT of items in AADC that average admins wont ever see or hear about.

Microsoft/AADConnectConfigDocumenter: AAD Connect configuration documenter is a tool to generate documentation of an AAD Connect installation.

Terraform and dependancies


Ive been using Terraform recently to achieve some IaaS capabilities for myself quickly and easily. Its pretty neat and if you haven’t played with it yet I suggest you have a look. The main challenge i’m trying to overcome at the moment is when you want to use Terraform to add resources to an established tenancy. eg adding a VM to an existing vNet thats not managed by Terraform. While trying to get my brain around that I found this article which was very useful and worth sharing. Terraform Environment+Application Design Pattern –