Friday, September 16, 2022

Expelling demons from 2020 Air: when Disk Utility says to run against the Container (and more)

If you have to maintain a modern Mac, it helps to be retired. How else would I have hours to spend one Friday pm?

The 2020 Air I inherited from my daughter had met with a beverage at a bad time. We paid a third party to resurrect it (Apple doesn't touch wet stuff) but the machine seemed quirky in a software way. Maybe related to the T2 chip and doing the battery swap and then (mistake) Migration Assistant from my ancient Air.

First I had to fix the VoiceTrigger bug, but the machine was slow and I kept running into weird sh*t, like being unable to enable the default App Expose gesture.

So I decided to cleanup by removing files on that machine (they are still on my working Air) and also clean up the user library. I removed a lot of 2007 and earlier items, including a RAZR plug-in. Maybe did nothing but didn't take long.

Then I ran Onyx and it complained the disk was corrupted. When I tried to run Disk Utility I ran into the SMC reset bug.

Once I fixed that Disk Utility would run, but it complained about a corrupt snapshot on my Data drive. Deleting the snapshot didn't fix the error though, so it's likely a red herring. The message said to run fsck on the Container, but I didn't see how to do that. Running it on the Volume didn't help.

The Disk Utility directions were, of course, wrong. As were various web sites that said to try fsck in single user mode (is single user even possible in Monterey?).

Eclectic Light had the best guidance, but the real missing piece was telling Disk Utility to show everyone, not just Volumes. That showed me the Container so I could run DU there; the details console shows it's running fsck_apfs -y -x /dev/disk0s2. It ran against all the /dev/disk* things and fixed them all, exiting successfully. My App Expose gesture returned.

I think the demons are purged for now. macOS is pretty damn fragile these days ...

Monterey T2 bug - First Aid, unlocking disk, operation canceled - Do an SMC reset

When I tried to run Disk Utility on my 2020 Intel Air running Monterey I got:

    Running First Aid on ..

    Unlocking Disk

    Operation Canceled. 

Google found exactly one reference to this in a 2021 Apple Discussion post with a link to an Apple Support article that has since been removed ...

... That turned out to the known issue linked with the T2 Security chip (https://support.apple.com/en-us/HT203127).  Resetting the SMC solved that problem as well as the original problem with the hard drive.

Resetting SMC (I used two methods) fixed the bug and First Aid was able to continue. (There are other problems, but at least this one was fixed.)

I don't know if this insanely rare or if Google simply isn't that useful any more (probably both). Resharing here.

Monday, September 05, 2022

Managing multiple Apple Store Apple IDs in Monterey: how to sign out and thus change default Apple ID for app update and purchase

There's a lot of complexity in Apple's software, but my nomination for the ultimate complexity is the web of undocumented and slowly changing rules and tools around Apple's Digital Rights Management (FairPlay) including rights to use media (music, video) and software (apps) for both individuals and family members.

I don't think anyone truly understands it all, not even Apple's senior developers. Sometime in the past decade Tim Cook said he'd fix the Apple ID problem and then things went silent. It's a nightmare. I remember when changing a phone number associated with an Apple ID could switch the ownership arrangement for device history (presumably a matching problem between disparate databases).

My most recent experience with this was trying to fix the default Apple Store Apple ID used to for Mac App Store DRM on my wife's Air Monterey account. It was defaulting to an Apple ID we used to share for iTunes purchases 10+ years ago. I've been slowly disentangling it for 4 years now and the rules change with each macOS/iOS release. Currently there's a bit more tooling to sort out who owns what on a Mac but it's obscure.

As far as I can tell the controls for this are now hidden in the App Store app. That kind of makes sense, because the rules (and Apple's DRM contracts) for movies/TV, music and apps are all likely different. You have to go into the App Store app, which can show the apps associated with multiple Apple IDs, then you have to sign out from the menu:

After signing out the default account for App Store purchases was her Apple ID.

Her Music account seems to be based on her Apple ID, but I didn't check to see if changing the App Store Apple ID changed that too. It would make sense if Apple were to have separate rules though. 

I think the complexity of Apple ID DRM may be one of the reasons Apple never provided a multi-user iPad for families. (Our shared iPad has its own unique Apple ID but is a member of our family sharing.)


Monday, August 29, 2022

Monterey orphaned our physical podcast files. What can we do with them?

Podcasts started out as distributing MP3 files; back then iTunes was a great podcast app (and music and audiobooks, and voice memos and more -- it was a glorious app before the fall.)

Over the years Podcasts really shifted to streaming, listen once, don't keep. Then, somewhere post Mojave (Monterey) Apple orphaned the physical podcast files stored in iTunes. The Finder shows physical files in your media library but neither Music.app or Podcast.app can browse them. Music. app's browser Get Info still shows the media type dropdown, but there's only one type! (Music)

If you click on a podcast file iTunes will play it and import the file into the media library where it has media type Music but genre podcast.

So the fix is:

1. Move Podcast folder out of media library

2. Reimport all podcast as music.

3. For genre podcast multi-edit to make more like podcasts. You use macOS Music.app column browse to see all with genre "podcast", select all then hit cmd-I. You'll see a prompt asking if you wish to multi-edit (yes). Then in Options select: 'remember playback position' 'skip when shuffling'. I think this operation may fail if a file is being uploaded to Apple Music (at least I get to burn GB of Apple Storage!) so let uploads complete if it doesn't work.

Reference Stack Exchange.

PS. Voice Memos are supposed to have a migrate path, but that didn't show for me.

Saturday, August 27, 2022

Using Apple's USB-C to T2 adapter: not for video but still good

My 2015 MacBook Air uses Thunderbolt 2; it was connected to an elgato T2 hub (reliable for over 6 years) with a few USB and Firewire 800 peripherals. That Air is in for a battery swap after which it will be primarily an Aperture machine with some portable use. At the moment I'm sharing my son's 2020 Air; there may be a Pro or M2 Air ahead.

To reduce costs and hassles I decided to try Apple's T3/USB-C to T2 adapter. It costs around $45. Everything works for now -- except my external HDMI monitor. It flickers on and off. I might play with it a bit but for now I have it connected directly to the laptop via a compact Anker USB-C hub [1]. Apple tells us that "This adapter does not support DisplayPort displays...". I wonder if the HDMI display connected to a Hub with a DisplayPort/T2 cables affected by this limitation.

Overall it's worth the money, even though I'm likely to switch everything to a USB-C or better hub eventually. The single remaining Firewire 800 device can be retired.

- fn -

[1] When I disconnect the laptop I have to pull two cables! Oldness helps with the indignity.

Tuesday, August 23, 2022

Migration Assistant from Mojave to Monterey is mostly a train wreck

Ugh. Almost nothing went well with doing migration assistant from Mojave to Monterey. I had to trash my Photo Library and recreate a new system photo library to repopulate from iCloud. I had to turn off iCloud Drive, delete the Archive versions, then turn it back on again. A bug with deleting user accounts was unrelated but took up an hour or two.

Kind of what I'm used to with Apple to be honest.

I probably would have been better off to migrate my documents folder and my mail files manually, then recreate the rest.

Unrelated but also sad: I hoped Apple's T2 to USB-C cable would let me continue to use my T2 hub and related peripherals (some Firewire 800!) but it's unstable in early testing.

Can't empty trash because VoiceTrigger is in use: It's a macOS system integrity bug

If you delete a user account in some versions of macOS (Monterey in my case) where the user account was created in certain earlier versions of macOS you will run into a System Integrity bug.

There's a folder called VoiceTrigger that in the deleted user account that is protected by System Integrity (~/Library/VoiceTrigger/SAT. ) It's located in the User's Library, so it should not be SIP protected. (In Monterey there's nothing there called SAT).

I'm guessing the bug is that it was never supposed to be SIP protected but in some version of macOS it was. Maybe Big Sur. (There's a second bug because the error message is incorrect. The problem isn't that the file is in use, the problem is it's SIP protected.)

I found the fix in in r/MacOS - disable SIP, delete, re-enable SIP:

Disable System Integrity Protection

  1. Click the  menu.

  2. Select Restart...

  3. Hold down Command-R to boot into the Recovery System.

  4. Click the Utilities menu and select Terminal.

  5. Type csrutil disable and press return.

  6. Close the Terminal app.

  7. Click the  menu and select Restart....

Login normally, then Empty the Trash Can

Re-Enable System Integrity Protection

  1. Click the  menu.

  2. Select Restart...

  3. Hold down Command-R to boot into the Recovery System.

  4. Click the Utilities menu and select Terminal.

  5. Type csrutil enable and press return.

  6. Close the Terminal app.

  7. Click the  menu and select Restart....

Things other's suggested that didn't work:

1. Terminal: sudo rm -rf ~/.Trash/*

Note you need to be admin to do this. There's a way to escalate non-admin to use sudo but I think Apple has basically given up on non-admin user accounts.

2. Turn off iCloud document sync.

Friday, July 29, 2022

Wi-Fi Calling not working? Your probably SIM-swapped and your IMEI is wrong and you don't have HD Voice

When Emily complained of poor call quality I tried enabling Wi-Fi calling on her 13mini -- and got this error message:

Oops! 

We've hit a bump, but we should have it straightened ... ERR0093-WS 

Don't worry, it will never get straightened. This is a crap error message. A pixel page gave me the answer.

Chances are you SIM-Swapped this phone to avoid an infuriating $50 activation fee from AT&T. Turns out that only seems to work, the IMEI in AT&T's system doesn't update. If your plan has HD Voice (most do) it's not working and Wi-Fi (WiFi) calling won't work.

We called AT&T new line support (chat was down) at 611 and after a bit of careful navigating got a human being in "advanced technical support" who updated the IMEI number for us. You may also be asked for the ICCID number. After a phone restart and waiting a few minutes Wi-Fi calling worked. Her voice quality also seemed better.

I did this for a different phone and the first agent said I needed a new SIM -- then (accidentally I think) dropped me. A second agent wanted IMEI and ICCID then told me to restart the phone. It seems to take 3 minutes or so for the change to propagate and enable Wi-Fi calling (and HD Voice by the way).

If you SIM swap to avoid AT&T's #$@$ $50 activation fee you should probably call support or take your phone to an AT&T store to fix the IMEI there.

What's the chance AT&T will ever give up on its activation fee grift? Would be nice for them to just do an eSIM without the fee.

PS

Friday, July 22, 2022

Getting Outlook to export Exchange contacts as vCards (vcf) with proper email addresses for use in macOS

In 2009 I wrote about how it was getting harder to move contact information out of Outlook into something else (like macOS Contacts). I wrote about some options, but that's not what I do now.

Here's what I do (tested in Mojave, which I'm still using because Aperture):

  1. Create a simple list Contacts view. I usually only want people so I sort by last name. In a few cases last name of people is blank so I fix that.
  2. Now create an empty email. Drag Contacts from Outlook's view into the email body. It has to be to the email, dragging to desktop creates a .msg file. It might fail if you do too many so I distribute 300-400 contacts across 4 separate emails. Outlook creates a vCard file as an attachment. It resolves the email too, so instead of an Outlook x400 (?) you get a proper email address.
  3. Send the email to your Mac
  4. On the Mac download all attachments. They show as VCF files and macOS renders them quite well.  If they have photos the photos show within the card icon. Spotlight indexes them all. You don't even need to bother with dropping them into Contacts (though that's easy to do, you can drop them into your Contacts Groups (folders)).
It's pretty easy if you know the trick. I've not seen it described anywhere else but I'm sure others know it.

Sunday, May 15, 2022

iMessage not synchronizing - your store ID matters too

Based on some issues I've seen with my daughter's devices I think that Apple Message sync will only work when both Apple ID for "iCloud" and Apple ID for "Media & Purchases" agree on both devices.

There's a dependency on "Media & Purchases" Apple ID for Apple Messages, perhaps because it's descended from the Apple messaging apps that predate iCloud.

How to leave Google Apps / G Suite / Google Workspace

UPDATE: As of early May 2022 Google has relented and will allow continued personal use of legacy G Suite domains. You need to login to your domain and then use this URL. (The option is described, a bit obscurely, in a support page).

<background>
It's hard to remember now, but there was a time that geeks had some affection for both Google and Apple (but, TBH, never Microsoft). Those were the glory days my friend.

This year's bitter resentment is brought to you by Google ending free Google Apps services. Back in the glory days Dreamhost bundled these with domains, I picked up 7-9 of them. Two of these Google App domains have been heavily used by my family. They are the core of a wide range of daily things we do, including email addresses association with numerous logins, credentials, passwords, and so on. (But not with Google OAUTH identity services, that is not supported for Google Apps email addresses.)

A few months ago, in early 2022, Google told us that these services, once as permanent as gmail (*cough*, they're coming for you), would become quite expensive. For us the costs to maintain our current setup would be hundreds to thousands of dollars a year. Shortly after this announcement we were told that there *might* be a reprieve, that non-business services would continue. This false-hope was never officially withdrawn, but in May 2022 it has been replaced by a bizarre offer to maybe continue but, like, without email or domain?

Google's very limited online guidance does not review how to exit Google Suite. In email communications they mention a 'suspended state' but do not describe what that means.

So now I have to spend several lovely days in May sitting at my computer trying to salvage our digital identities. We will clearly have to pay for at least one of our domains - principles be damned. Charges begin Aug 1, 2022. </background>

The following is a rough guide to what I will do. Much of this requires knowledge from decades ago that I'm having to refresh.

Considerations and discoveries

  1. It's difficult to move IMAP emails between services. IMAP emails can be copied to a local store. In mail. app I've had success dragging and dropping emails from one IMAP inbox to another, but I believe this is fragile and unreliable. You can also copy, see this iCloud example.
  2. Local store email is barely supported any more. Mail.app, for example, 
  3. My domains are managed by Dreamhost which does provide some classic web services though fewer than it once did.
  4. Domain based email forwarding is fragile -- many services including google will reject it. See DKIM notes below.
  5. Modern email is both essential and a river of spam and Google has good spam filtering (though it was better once)
  6. The knowledge of how to manage DNS settings is more esoteric now than it once was, and Google Search no longer works.
  7. My Dreamhost DNS and mail forwarding has lots of old detritus. That's on me!

References related to closing Google Workspace accounts

  1. Microsoft on switching to Office 365 - cancel subscription
  2. Fastmail also has switching options, but price not much less that Google Workspace
  3. Google has not provided any migration guidance.
  4. You close your account by canceling the subscription: https://admin.google.com/ac/billing/subscriptions/ then deleting the account (see below).

References for migrating to Dreamhost email services

  1. Dreamhost email client configuration
  2. The Dreamhost custom MX config panel has 'uses Gmail' management links that take you to Google admin (so not terribly useful but at least can tell what to change.
  3. Dreamhost used to support both a mailbox and a forwarding action but you can't do that any more (still works for old settings). Dreamhost uses Roundcube Webmail but has not enabled forwarding in that app. You can use forwarding directly from a domain but I think Google treats emails forwarded this way as spam. (At one time we were supposed to have had quite large storage caps with Dreamhost, but I think email overwhelmed them. Similar to the days our Gmail storage was to be unlimited.)
  4. A comment on this post mentioned imap sync for moving email: "For transferring IMAP email, imapsync works well. There's a free version you can download and run on your computer (or on your hosting provider if you have ssh access). It's well documented and relatively easy to get your head around, and is fast and reliable. I’ve not got any affiliation, but someone pointed me to it a couple of years ago, and I’ve since used imapsync to migrate email hosts for a small organisation. Highly recommended."

References for migrating to Apple iCloud+ email

Apple supports custom domains with iCloud+ email including family sharing.
  1. You can assign up to 5 domains to a family group and for each domain each member can have up to 3 email addresses.
  2. Apple will instruct on how to do DNS settings (there's a bug in the quotes apparently) - there's also a tech note on DNS settings.
  3. Useful twitter stream on migration to iCloud
  4. Detailed twitter thread on migration - Google takeout mbox, import into Mail, then drag from local to iCloud.

My steps to closing an essentially unused account where I didn't worry about forwarding

  1. Go to Google admin console for account.
  2. Review how many users exist. (typically one)
  3. For that user review email to see if there's anything important, sites, docs, etc. Don't forget google  voice!
  4. From Google Admin account cancel your subscription. Now pay close attention so you don't miss the next step - delete your account (https://admin.google.com/ac/companyprofile/accountmanagement)
When you choose to delete account you see:
Now return to Dreamhost
  1. Go to DNS for domain and delete the Google CNAME records
  2. Go Custom MX controls and Choose "make me regular email". It may take hours for this to work.
  3. At this point Dreamhost enables webmail. But I wonder if this actually blocks email forwarding even if you set that up! (The lack of warning doesn't give me a happy feeling about Dreamhost TBH.) So disable webmail. Dreamhost also has a control panel for email forwarding that I think is a disabled feature.) - NEED TO TEST MORE HERE
  4. Go to Manage Email and set up a forwarding account as needed. This can take a while. Apple picked up the DNS changes within about 15-30 minutes, but Google took 1-2h. (I wonder if DNS propagation in general works as well as it once did.)
  5. Enable DKIM if not already enabled.

Carbon Copy Cloner won't create sparse bundle disk image (grayed out) - Mojave

On Mojave as of May 2022 CCC v 5.whatever wouldn't create a sparse bundle disk image for me when I selected new disk image as destination. The 'action button' was grayed out. 

I switched from the non-admin account I've long used with CCC to an admin account and I was able to do it.

I was able to create disk images using Disk Utility from the non-admin account.

I don't have time or energy to debug further, but if you run into this issue try an admin account.

PS. Once upon a time CCC would just create a disk image if the task referenced one but none was found on the target drive. That's no longer an option, if you are setting up a new drive modern tasks will require the disk image to exist. It's hard to get the 'right' image manually, so you really want CCC to create it for you.

Also, by the way, and unrelated to above, you need to use AFP if you're doing network CCC backup to a sparse bundle disk image.

Tuesday, April 12, 2022

Universal Clipboard (Handoff, Continuity) not working, endless spinning in iCloud Notes (Mojave)

 Recently I've had two issues:

  1. Mojave Universal Clipboard stopped working between Mojave and iOS 15.4.1
  2. Mojave notes iCloud synced but always showed a spinning activity icon
I found that I could make Universal Clipboard work again by creating or editing a note on my iPhone or on Mojave. Once that synced then UC worked until I rebooted.

I may have had success by:
  1. Changing my Mojave location DNS settings from Cloudflare (1.1.1.1) to Google (8.8.8.8). (Based on this post)
  2. Toggling Notes iCloud off then on again (restores notes)
Now the spinning is gone, and UC seems to be working.

Update 5/15/2022: UC is back to not working unless I create a note that's synced between iOS and Mojave. Notes doesn't show the skinny activity icon. So this is an open problem.

Sunday, March 13, 2022

When iCloud Keychain stops working (No more Safari passwords) - Mojave

I'm buying tickets for an event and suddenly there's no password autocomplete in Mojave Safari. Safari Preferences Passwords shows 3-4 entries, but my Apple passwords shows on my iOS devices and my Monterey Air. It's just Mojave that has lost all its iCloud/keychain access.

A good reminder that if you want to use Apple Passwords as a 1Password replacement you need to export a static backup (and this must be automated). The Cloud is where data goes to die.

A found a relevant 2016 Apple Discussion post which would be Mojave era. So I wonder if it's a Mojave bug. The fix there was from "Linc Davis" a "Level 10" with 209K points [1]

Please take these steps to resynchronize the iCloud keychain. Your keychain on iCloud and your other Apple devices won't be affected. Take Step 2 only if Step 1 doesn't solve the problem.
Step 1
Back up all data.
Open the iCloud pane in System Preferences and uncheck the Keychain box. You'll be prompted to delete the local iCloud keychain. Confirm—the data will remain on the servers. Then re-check the box. Follow one of the procedures described in this support article to set up iCloud Keychain on an additional device. Test.
Step 2
If you still have problems, uncheck the Keychain box again and continue.
Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination  command-C: 
~/Library/Keychains
In the Finder, select
          Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return.
A folder named "Keychains" should open. Inside it is a subfolder with a long name similar to (but not the same as) this:
           421DE5CA-D745-3AC1-91B0-CE5FC0ABA128
The above is only an example; yours will have a different name of the same general form. Drag the subfolder (not the Keychains folder) to the Trash.
Restart the computer, empty the Trash, and re-enable iCloud Keychain.

Toggling Keychain off and on didn't seem to do anything so I figured I'd check in the morning. Before I checked though I did review my passwords in Monterey. For *reasons* (this happens way too often) I had to reenter my iCloud credentials there but I was also asked the usual iCloud keychain questions -- provide passcodes for my other machines.

Then I looked at my Mojave machine and Safari had my passwords again.

Maybe the fix was toggling Keychain and waiting a bit, but I'm suspicious that something happened somewhere in iCloud that required me to do the iCloud Keychain authentication dance from a Mac -- and Mojave couldn't do it.

Again, if you use Apple Passwords as your sole repository you need a non-iCloud backup.

- fn -

[1] No profile info, has participated in 97K threads. Either insane or an Apple staff pseudonym.


Sunday, March 06, 2022

What happens when you have an Apple ID without an email address and you change it? (And much more about Apple ID hell.)

I'll provide some back story below, but it's tedious and a bit ranty so I'll put the most useful stuff up front.

For *reasons* (see below) I have had an Apple ID associated with iTunes, App Store, physical Apple Store, hardware and other purchases for about 20 years. For other *reasons* almost lost to memory the username has not been a valid email address for most of those years. Until recently it had an associated email address it would forward to but Apple changed things sometime in the past two years and that stopped working.

I'm simplifying.

We will call this Apple ID username "bob@mac.com". I will use alice@icloud.com and dan@me.com for my new Store Apple ID ("Media & Purchases") and my longstanding iCloud Apple ID respectively.

Once bob@mac.com stopped forwarding I no longer received notifications related to Apple Discussions or emails related to charges. Since bob@mac.com was the store Apple ID for my family (this was the practice in early iTunes days) our children (now adult) used it for purchases. Simplifying a lot and omitting family details the lack of email meant no monthly statements -- so I didn't spot a scam subscription - among other things.

I knew I had to fix this but I dreaded the side-effects. I'd already tried undoing the shared store Apple ID and ran into disaster; I had to reverse that attempt. I had to fix the Apple ID invalid email problem first.

Before Apple broke forwarding for the Apple ID "bob@mac.com" I had used "alice@icloud.com" as a forwarding address. Although there was no clue in the Apple ID online configuration tool, I knew alice@icloud.com was still entangled with bob@mac.com (see below, this post goes on for a long time but still omits much).

Ok, so far? I gets a bit simpler then you can skip the back story.

Anyhow ... when Apple broke forwarding they seem to have introduced the ability to change an Apple ID userid - such as bob@mac.com. I believe, though I can't find any documentation, that the visible username with the form of an email address (ex: bob@mac.com) is an alias for an unchanging hidden identifier (maybe a GUID). 

After some thought I decided the cleanest approach would be to change my Store Apple ID visible username from bob@mac.com to alice@icloud.com (I knew the two were entangled, see below). It's easy to make this change from appleid.apple.com. When I did this I was not asked to confirm that alice@icloud.com was a valid email address I owned. All I got was an email sent to to alice@icloud.com saying the change had been made.

After I made the change I found the following. I expect other changes as Apple's different systems synchronize and update (I will update this as I learn more, I expect to learn of problems from family members later today):

  1. I cannot login to the Apple ID or anywhere using bob@mac.com but the two factor notification dialog still says bob@mac.com (this may change).
  2. I think I may have more control over Apple ID two-factor, I can add/remove trusted devices, remove from account, and I can add a second trusted phone number. I still can't add a backup email address; that is available on some other Apple IDs I have
  3. Apple Discussions is intact. When I login with alice@icloud.com I show as "member since June 23, 2003".
  4. Mail sent to bob@mac.com still fails, there's no redirect.
  5.  iTunes on Mojave: asks me to sign in and displays new alice@icloud.com. Says session expired, asks again. Purchase history intact.
  6. Media & Purchases on iPhone showed new iCloud address and I had no trouble with updating apps.
In addition, Messages in my personal dan@me.com iCloud stopped working! It turns out "Messages" has legacy associations with the old Apple Store ID used with iMessage before Apple implemented iCloud. I got this error message

Messages in iCloud not available as iCloud and iMessage accounts do not match. (Messages in iCloud is not available because iCloud and iMessage accounts are different.)

There's a fix here but it's not the one I needed. When I looked at Messages on my iPhone it showed only my Phone number, the Apple IDs were all absent. When I tried to enter an Apple ID it showed my store Apple ID; I chose "use other Apple ID" and entered my personal iCloud Apple ID. That worked and it immediately restored all my send/receive message list. I could then reenable messages in iCloud.

It didn't fully work on Mojave iMessages though. I reenabled using iCloud Messages in preferences there and about an hour or two later it seemed to start working (though uploading messages to iCloud is still ongoing.)

That concludes the current record of changes to date. So far it has been less of a problem than anticipated, but it's early days. I will add other issues as they emerge. Then I can return to the herculean tasks of moving family members off of a shared Media & Purchases account.

Below are details for the benefit of someone searching who finds this post. They are related older items that I will summarize in outline.

----------- additional details ---------------

As noted above years ago I had alice@icloud.com as forwarding email for the Apple ID bob@mac.com. The address bob@mac.com had no associated email because of complex changes Apple made in migrating from free iTools to not-free .Mac to MobileMe. [1][2]

When I finally realized I wasn't getting Apple media purchase statements for bob@mac.com I began investigating what had happened to the old alice@icloud.com iCloud account. I found it was deactivated. I was able to reenable it. That's when things got weird. Remember (if you read above) that there was no longer anything I the Apple ID settings for bob@mac.com that showed alice@icloud.com.

Once I reenabled alice@icloud.com with a new password I found that:

  • Both alice@icloud.com and bob@mac.com worked as usernames for the same bob@mac.com Apple ID.
  • The password for the bob@mac.com Apple ID had changed to match the alice@icloud.com password. [This actually took a day to propagate to iTunes purchases]
  • Both alice@icloud.com and bob@mac.com showed the same iCloud services (mail, etc).
  • bob@mac.com was still not a valid email address. 
fn -

[1] https://en.wikipedia.org/wiki/MobileMe#.Mac

Originally launched on January 5, 2000, as iTools, a free collection of Internet-based services for Mac OS 9 users, Apple relaunched it as .Mac on July 17, 2002, when it became a paid subscription service primarily designed for Mac OS X users. Apple relaunched the service again as MobileMe on July 9, 2008, now targeting Mac OS X, Microsoft Windows, iPhone, and iPod Touch users.

On February 24, 2011, Apple discontinued offering MobileMe at its retail stores, and later from resellers.[2] New subscriptions were also stopped. On October 12, 2011, Apple launched iCloud to replace MobileMe for new users, with current users having access until June 30, 2012, when the service was to cease.

... The original collection of Internet software and services now known as iCloud was first called iTools, released on January 5, 2000, and made available free of charge for Mac users.

Services offered by iTools included the first availability of @mac.com email addresses, which could only be accessed through an email client (e.g. the Mail app); iCards, a free greeting card service; iReview, a collection of reviews of popular web sites; HomePage, a free web page publishing service; the first version of iDisk, an online data storage system; and KidSafe, a directory of family-friendly web sites.

.Mac[edit]
As costs rose, most particularly due to iDisk storage space, the wide demand for @mac.com email accounts, and increasing support needs, iTools was renamed .Mac on July 17, 2002, as a subscription-based suite of services with a dedicated technical support team.[25]

... Existing iTools accounts were transitioned to .Mac accounts during a free trial period that ended on September 30, 2002. This move generated a mixed reaction among Mac users, some believing .Mac was overpriced...

[2] eWorld https://en.wikipedia.org/wiki/EWorld

. Yesterday the password for App Store was different from password for Apple ID but today they seem to be same. I think they are two different systems that update every few hours...

 · Feb 19

Today it appears there is a single Apple ID with two usernames and one password. One username has iCloud services but is nowhere displayed in Apple ID information. twitter.com/jgordonshare/s…

... If you change a phone's Store ID to match the phone's iCloud ID  you cannot update all their apps with their iCloud ID password. You need to use the old Store ID password. Even when family sharing is in play...

... I have a hunch that Apple has an internal ID for users separate from the username (email form) displayed with their Apple IDs and Store IDs and iCloud IDs and that is what they use in FairPlay.