Many error 36 issues on MacAnswered

Hi,

Since a bit less than a week we are having lot of users facing an error 36 on Mac (various OSs, latest TA API). This is surprising because we had very few cases of this error in the past.

Is there any outside reason that would explain that? We are solving this by offline activation, but we would like to find the reason to avoid having to recertify them manually each time.

Thanks for your feedback.

Best wishes,

Mariano

You seem to have same issue as us - offline activation works on pre 10.15
Coincidence maybe but seems to be timewise related to dec 20 (although supposed to be in effect only jan 19) - scroll this link
https://wyday.com/blog/2021/limelm-price-changes-and-stricter-web-api/

Pierre

, edited
Answer

Pierre,

Coincidence maybe but seems to be timewise related to dec 20 (although supposed to be in effect only jan 19) - scroll this link
https://wyday.com/blog/2021/limelm-price-changes-and-stricter-web-api/

No, unrelated.

Mariano,

Since a bit less than a week we are having lot of users facing an error 36 on Mac (various OSs, latest TA API). This is surprising because we had very few cases of this error in the past.

See, TurboActivate.h all error codes are listed:

/*
 MessageId: TA_E_INET_TLS
 Message code (in Hex): 0x24
 Message code (in Decimal): 36

 MessageText:

 The secure connection to the activation servers failed due to a TLS or certificate
 error. This is most often caused by MITM (man-in-the-middle) attempts on corporate
 networks or, if on Unix operating systems (macOS, Linux, BSD, etc.), it's caused
 by out-of-date or missing "CA certificates". This means either keeping your system
 itself up-to-date, or manually updating the CA certs.

 More information here: https://wyday.com/limelm/help/faq/#internet-error
*/
#define TA_E_INET_TLS ((HRESULT)0x00000024L)

Follow the FAQ. Also, make sure you're using 4.4.4.1 (yes, even 4.4.4.0 will have problems). See the changelog.

Oh, I guess I'm missing the 4.4.4.1 update. Glad to know there's a fix. 

Will try it and let you know in case the problem remains.

Thanks

BTW:  We are using 4.4.4.1 since it got released and we still have the new problem…  as we had the cert issue with 4.4.4.0 back in late september.  Offline activation works but right now our internal policy is after grace period we revert to online activation in user's back if we see an internet connection, that then break again… 

Did not work - at least we have a dev machine on Mojave with the problem to examine…

Reverting to old version of wyday if macOS < 10.15 works, old lib crashes on Catalina. So we are needing to detect OS at installer time and install a different exec depending on OS version now…. 

OK 5/5 users have confirmed our patch works (using old LimeLM lib if macOS < 10.15) and this is the only solution we found…  Hope this will not break again feb 1?  It's a gazillion installers to redo here.

All users I now see are actually on 10.14.6 (Mojave), not verified all but all seems on latest security update - Catalina was released like 2 years ago so Mojave is not that old... Comment:  I believe 10.14.6 OS version will remain in use for a while for those that use Mac for Audio and Video not only because of last 32b support but likely all the old mac pros last supported OS... these machines might remain alive for a while to be able to load old projects at least…

Answer

10.14 isn't supported by Apple (yes, they drop support for OS versions super quick – that's part of the cost of doing business with Apple).

Did you ensure that the CA certs were installed? *That's* the issue. Not TurboActivate.

Use Safari / the built-in Keychain app to verify the CACerts are correct (even after running the commands I linked to above).

Using an old version of TurboActivate is absolutely not recommended. We fix bugs (security and otherwise) every version. Using an old versions puts your app at risk for a variety of security bugs and crashes.

Or: deliberately using old TA / TF is a VERY BAD IDEA.

CA certs thing did not help here.  FYI, on our machine where we could internally replicate,  using old lib is the only thing that worked…  Seems anyway if one uses "old" macOS, that they are exposed anyway to a simple website visit outside of wyday context… so I would not be too worry about that. We did fix it for 10.15 and over… all it looks like we can do… 

CA certs thing did not help here.

Much more information is needed.

You have our contact, we can do a remote session if you like to monitor in debugger (on the local machine that can replicate)

Just following up this thread, too.  We are seeing the same issue here for older macs.