“DTiPhoneSimulatorErrorDomain Code 2”

Quick follow-up on point #2 (Security Roles): checked Schema → Security Roles. GuardianRequest and GuardianResponse grant Read via _world, Create via _icloud, Write via _creator — a standard public-DB config. The Read permission query subscriptions need is present, so Security Roles don't appear to be the cause.

Thanks for your new post. I thought I have covered those scenarios on my previous post, I guess I missed something. I would recommend you to look at the documentation and see how AASA files works and how you register the different appIDs do that will give you the knowledge that the most important is to have multiple AppID into the AASA file so you can have 2 apps that will use a unique AASA file. Because the App Store is still distributing that original binary, any brand new user downloading the app for the first time is installing an app signed with the original Team ID. When iOS installs the app and fetches the Apple App Site Association (AASA) file from your server, it will be looking for a match with the original. As long as your AASA file still includes the original and new App ID, Universal Links will continue to function completely normally for these new users during the interim period. This exact behavior is why it is highly recommended to host an AASA file that contains both the original and

I think I have a related problem in my code. Please see this link: https://developer.apple.com/forums/thread/822717 I'd like to understand better how your solution works and how you are using lockForConfiguration as a hardware readiness check.

maybe the timestamp difference message should be a warning and the tool should exit with an exit code of zero? Agreed. Again, I’d appreciate you filing a second bug about that. Filed FB22826836 for this one, under Developer Technologies & SDKs -> macOS -> Something else not on this list.

Sorry I didn’t reply to this earlier. I’m not sure how I missed your replies last August. I’m also not sure why your code is failing, and there’s too much there for me to check line-by-line. However, I have a general debugging process for issues like this. The basic idea idea is to dump the contents of the keychain after each step to make sure that the stuff you think you’ve set is actually set. In your case that means three probes: One after you create the private key, to see its attributes. One after you add the certificate, to see its attributes. One after the identity lookup fails, to see if any identities are available and what they’re attributes are. As to what these probes look like, I recently updated SecItem: Pitfalls and Best Practices with some suggestions on that front. First, the Starting from Scratch section explains how to reset the keychain so that each of your tests starts from a known clear state. Second, the Lost Keychain Items, Redux section explains how to dump all the attributes

Same here, it's been 2 weeks since I paid for the developer program. I contacted support service and still haven't gotten any response.

If you haven’t already done so, I recommend that watch WWDC 2025 Session 234 Filter and tunnel network traffic with NetworkExtension. Alice gives a good overview of the expected use cases for this stuff. Regarding your specific questions, lemme tackle the second one first: [quote='827106021, Pavel, /thread/827106, /profile/Pavel'] 2- Can a single container app install and manage more than one Network Extension in the system? [/quote] Yes. There are actually two ways to slice this: Put each provider in a separate sysex. Create a single sysex with multiple providers. Additionally, you can combine different sysex types into a single sysex. For example, folks often combine an ES client and NE providers into one sysex. My general advice is that you use as few sysexen as possible. Managing sysexen is a bit of a pain, so life is easier if you have just one. If your sysex has multiple providers, you can enable and disable them independently by enabling or disabling each provider configuration using

I presume you’ve read TestFlight, Provisioning Profiles, and the Mac App Store. If not, please do so now. As to what’s going wrong, it’s hard to say because I’m not confident that the XML snippets you posted survived the trip into DevForums. In future, I recommend that you put them in a code block. See tip 3 in Quinn’s Top Ten DevForums Tips. Having said that, there’s an easy way to see what this file should look like: Create a dummy Xcode project with the same bundle ID as your app. Make sure that automatic code signing is enabled. Add some restricted entitlement to the app. See TestFlight, Provisioning Profiles, and the Mac App Store for more about that. Build the app. Dump its entitlements: % codesign -d --entitlements - --xml /path/to/your.app Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Hi Ziqiao, thank you, both suggestions were worth testing. Unfortunately neither resolves it. Reporting back with results and fresh request IDs you can correlate server-side. Setup: container iCloud.com.luiz.PandaApp, PUBLIC database. Two CKQuerySubscriptions, options: [.firesOnRecordCreation], simple equality predicates (guardianRecordName == %@, requesterRecordName == %@). Visible NotificationInfo (your point #3). Set alertBody, shouldBadge = true, and category; did not set shouldSendContentAvailable. Subscription save still fails: CKError code 12; CKInternalErrorDomain 2006 BadSyntax; ServerErrorDescription: attempting to create a subscription in a production container. Server log: RequestUUID 9BD2E50A-60DF-4DDA-86EF-B91E27192F33 (Op 46EA29B4FF3AFC28), SubscriptionCreate / PUBLIC / USER_ERROR / BAD_REQUEST, ~65–82 ms (20 May 2026 ~15:07 UTC). 2) CKModifySubscriptionsOperation instead of CKDatabase.save(_:). Same failure: Server logs (21 May 2026 ~04:12 UTC): RequestUUID 3276D248-

Hello , Yes, we have been able to reproduce this issue in our office as well, but only 2 times so far on macOS 26.4.1. It appears to be an intermittent issue, and we are not able to reproduce it consistently or quickly. Based on our investigation, this seems to occur in scenarios involving audio playback. We also made changes to ensure sound playback happens on the main thread and shared that build with the customer. However, the customer is still encountering the crash on their end. We are attaching the customer crash log for reference. Please let us know if there are any specific areas in the crash log that we should focus on or if additional diagnostics would help. crash.crash