Fruity Tips #3 - Got a Slow Boot Problem On A MacBook Pro?

My love affair with my new refurbished 2017 15" MBP was on the verge of needing a trip to Relate recently. Whilst it has been a brilliant performer and has easily coped with everything I've thrown at it over the past three months, it has had something of a teenage strop in the last few weeks. It has been taking ages to reboot and be ready for me to start to do any actual work.

I'm used to Windows machines taking an age between powering them up and being able to do anything productive - that was the primary motive for me making the move to a Mac. And I've never had any problems with MacBook Airs or iMacs in respect of boot time. Even the latest addition to the Apple Harvest was fine until a few weeks back. And then it suddenly started taking an age to reboot. I'd get the Apple logo and progress bar which would get to about 60-70% and then hang. I'd power down and re-power and the same thing would happen.

I hate it when this kind of problem occurs because you usually know it's going to take a lot of sleuthing and pain to find the root cause. And it's almost certainly going to take a lot of time and patience (and as I get older, patience is sometimes in short supply).

I started off with all the usual experiments:

• Reboot in Safe Mode - the outcome was even worse. I nearly wore out my fingertips waiting for the logo to appear
• Reset SMC - no change
• Reset PRAM - no change
• Reboot into recovery - result!

Once in recovery, I could at least test the SSD using disk utility and this showed there were no problems (but indicated there were 9 APFS snapshots, each of which took an age to verify). In addition, with access to the Terminal app, I also set the boot arguments to automatically start up in Safe mode and with verbose output. I started the laptop and retired to a safe distance rather than sitting there watching it and being tempted to interfere. I returned after about an hour and the MBP was indeed booted into Safe mode. Phew! I becoming was less concerned that this was a hardware issue and more of a software or configuration problem. I reset the boot argument and started again.

A reboot into Safe mode is sometimes all that is needed to fix a teething problem, but not so in this case. When I restarted in normal mode I still had the same problem. This time I left the laptop to its own devices and it took over twenty minutes to get to the login screen. In theory,  I could have things as they were. I generally keep my MacBook powered on, just putting it to sleep every night and waking it up every morning using a schedule set up in Power Manager. I only switch off the machine on a Saturday night, again, using an automated schedule which then wakes it early on Sunday morning. Since the machine is set to switch on before I wake up, I wouldn't see how long it takes to boot! Out of sight, out of mind, so to speak. 

But I already knew it was a problem, so I needed to resolve it. It's just the way I am, and who knows, it could be hiding a bigger problem just waiting to happen. Next step was to reinstall Mojave. I have a USB installation drive for such contingencies, so I booted that up (it booted almost instantly) and ran the installation. 

Still no improvement on the boot time. But since the USB drive boot was quick, it was becoming clearer that this was now either a problem with the SSD, which I deemed unlikely or it was a third party software configuration issue.

I started searching for similar reports of poor boot times and was kind of relieved to find I was far from alone. A boot time of twenty minutes was far from uncommon. One particular discussion on the Apple support forum ran to twenty-three pages (with no obvious resolution). One area that caught my attention was that the APFS snapshots could have been responsible and I went back to verbose mode to see if this was a problem but it turned out to be a red-herring.

Eventually, I happened upon a discussion about Little Snitch and some people reporting that they had isolated their boot time problems to a specific set of releases of Little Snitch. A support query on their web page concerning this problem runs to 7 pages. Since I was into my second weekend of trying to isolate the problem, I was willing to give anything a go, so I disabled Little Snitch and rebooted. Wham, bam and thank you, mam. I got back to the kind of boot time I was expecting, around 20-30 seconds (I have quite a lot of stuff that gets loaded at boot time). 

To try and prove the point and verify that this was the problem I re-enabled Little Snitch and went back to a twenty-minute reboot. A few days later,  Objective Development who own Litte Snitch released a new version which resolved the problem - a problem that Objective Development say they've been unable to recreate, which I find extraordinary. Nonetheless, Little Snitch 4.3 Build 5256 appears to have fixed the problem...For now at least! 

And it was just in time for Valentine's Day - so the machine and I could continue the love affair and no machines got massacred during the writing of this blog post!

Warning: Suspicious User in the Users folder! Don't Panic?

Unless you physically glue up the ports on your computer, remove the wireless chips and all the other input capabilities, no matter how careful you are, it’s still possible to get caught out by unwanted surprises.

I was doing a bit of routine maintenance on my MacBook Pro over the weekend and I noticed an unusual item in the Users folder of my primary disk. At my local supermarket an “Unexpected Item In The Bagging Area” is the grocery shopper’s equivalent of an air raid warning, and is met with shivers, sweaty palms, red faces, and an overwhelming sense of wanting to go and hide in a deep hole. On a Mac, an unexpected User in the Users folder is even worse.

To make it worse, the unexpected user went by the name “tsninja”. Having any sort of ninja lurking, uninvited, on your computer does not bode well, and I immediately started panicking. How long had it been there, how did it get there, what was it doing there, and most importantly, what the heck had it been doing while it had been there.

What sane person creates a User account called 'tsninja'?

Let’s just add some context before going any further. I take precautions. I have firewalls in place, Little Snitch is installed and configured, I don’t spend my time surfing ‘adult’ sites, I have Malwarebytes set up to scan the laptop every day, the computer is protected with ultra-strong passwords and TouchID, and has never been accessible to members of the general public. In other words, it’s about as secure as it can be, within reason. But something had created this intruder user and I wanted to find out what.

Donning my best deerstalker, I began to investigate. Google didn’t proffer any useful indicators. I ran Malwarebytes again but it came up clean. I ran EtreCheck but nothing untoward there. I guess the smartest thing to have done now, would have been to attempt to delete the ‘fake’ user and get on with my life, but I couldn’t let it lie.

So I started to dig down into the tsninja folder, and this is what I found:

User folder tsninja appears to contain MS-Team configuration data

This didn’t look much like a normal User folder. A little further investigation on the internet suggested that the files at the lowest level of folders were configuration data for Microsoft Azure, and everything in the entire tsninja folder was timestamped on the same date and at the same time. Sure enough, I’d installed Microsoft Teams (for research purposes) at about the same time according to the system logs. By this time, some of the panic was beginning to seep away, but I really wanted a second opinion.

I asked some chums on the Mac To The Future (MTTF) Facebook group if they’d encountered anything similar. I got a response pretty quickly saying that they’d used MS-Teams for about six months but couldn’t reproduce the issue. I checked my fiancee's laptop because we’d also installed MS-Teams on her MBA. Nothing was showing up on her machine either. Signs of panic were beginning to reappear. My MTTF FB chums weren’t making any reassuring noises.

I decided to try a brute force experiment. I deleted the whole ‘tsninja’ folder. Interestingly it just let me!  Usually attempting to delete a Users folder would require a password at the very least. Anyhow it was gone, for now.

I relaunched MS-Teams and although it appeared to have to found a glitch it ran as expected. But lo and behold, as soon as I quit the programme, the ‘tsninja’ folder had reappeared in the Users directory. That was too much of a coincidence. But why was it showing up on my system but no-one else’s?

My only guess is that I had set my system up as the host for a Team, with my MBP effectively acting as a server, whereas my fiancée was a member of that team. The guys I was talking to on MTTF were also in a similar situation; they were members of other teams.

Ultimately, we collectively came to the solution that it is just shoddy programming by Microsoft. Despite (or maybe because of) Apple’s guidelines about where application support data files should be stored, Microsoft have a history of doing their own thing. In this instance, it’s cost me a bit of time trying to track down the root cause of the problem, and a few more ageing lines. And despite sending messages to the MS-Team product support people, they have declined to reply although I have now joined the MS-Teams community and started the discussion there. I’ll report back on any updates.

For now, I'm comfortable with my own explanation, and I'm not batoning down the hatches. But seriously, for a professional programmer writing business application software, creating a user folder called tsninja and sticking it in a reserved space should be a disciplinary offence. It's childish and unnecessary, and it's cost me a couple of lost days and an uncomfortable night. Time to grow up Micrsoft!