We're also doing native AD binding.

We've only seen this on our 2019 i7 iMacs. Our 2022 Mac Studios seem unaffected so far, even though they're deployed the exact same way.

Also seems to be around 20-30% of our Macs affected at once.

Same. It's been mostly non-problematic for us for a very long time, which is why I'm thinking this has to do with the updates instead of AD. Not sure why this is only impacting a small number of computers. We're also unable to reproduce this manually, by running updates ourselves on the machines. This only seems to happen when macOS updates automatically.

We're configured to defer major software updates for 90 days, but otherwise let macOS manage the updates itself.

Ours has been mainly M1 and M2 Mac minis, I have had a few i5 21.5 iMacs affected too. None of our 27" iMacs, so it seems to be Sonoma onwards that is affected which must be an OS update.

Hello all, Made a discovery today that 'may' have a bearing on the issues. I managed to get into three Macs today that were stuck at logi n with a local account. All 3 the students had tried to join them to the wifi (disabled by me) so wondering whether that was affecting the ethernet connection? Something else to think about. One now works after forgetting that SSID, another that was truly broke I installed NoMad and was able to log in locally and remove the wifi, the other (first one I found today is an erase and install job as I hadn't seen the similarities at that point). May be a red herring but?

That's an interesting data point. We also disable Wi-Fi on our affected iMacs and attempt to rely on the ethernet connection only.

Hi, I know this is a bit of an old thread but we are starting to have this issue on some public-facing iMacs that are running anywhere from 15.3.2 to 15.4.1. My solution lately has been just to wipe the computers and reinstall with a clean MacOS image, but I wanted to see if you found a different solution?

Hi kwarner.  Are your devices bound natively to Active Directory?  That does seem to be a common thread here?

Hi Warner. We are still having the issues but so far everything I have erased and installed has been ok so far. I got called to one this week that only one user could not log in, after a reboot it was ok. I have been through every thought I had in desperation. What I have noticed that students who leave everything open (especially chrome with like 20 tabs open) are more likely to get the issues.. As discussed before though it seems to be down to a borked apple OS update. More about your environment would help. Do you use MDM, automatic updates, bound to AD etc?

We are bound to AD, and using Jamf Pro to manage these macs and push automatic updates, etc.

We use Jamf Pro to manage all of our macs, it's primarily maintained by a central IT department, and I'm in a sub-department so I don't have full access to change certain things. We also do push automatic updates and are bound to AD. We have 2 different AD binds, one for the public computers and one for staff, I haven't had any issues with the staff logins, but typically only one user is logging into those, rather than multiple per day.

Still having some issues on our end but it's hard to say whether or not it is "fixed" because it only seems to arise during automated updates, and even then only on a small percentage of computers. I imagine we'll have to go through a few rounds of automatic updates without this happening before I'm feeling satisfied that I can stop monitoring our Macs for this busted state.

That sounds familiar. Just out off interest are you able to log in with a local admin account when they go wrong? I rarely can.

It started for us around the 14.2 update and happens on MacOS15 too.but only after a DEP update for me.

When they do the freeze thing, I can always ssh into the Macs. Sometimes a quick fix can be after you have root ssh access 

sudo killall HUP  loginwindow 

wait a couple of seconds then

sudo launchctl start com.apple.loginwindow

sudo reboot.

occasional that fixes it.

Apple haven't supported using the directory utility for binding for years now so we are lucky it works at all.

I am going to erase and install all 700 of our Macs this summer if I get a chance. Currently looking at using different authentication methods too. Meanwhile I hope someone can find a fix.

---

"Apple haven't supported using the directory utility for binding for years now so we are lucky it works at all."

Have you got an links that confirm this?  If this is genuinely the case then we can create a project to look into different authentication methods.  The fact that it still exists in the OS suggests to me that it is supported.

I rarely can login to the local admin account either.

I'm hoping for a break in student usage on the labs as a whole so I can just erase and install all of our macs as well. Hopefully this summer.

Hi here is just one link. At the last macadamias conference there were talks on platform SSO. I am going to see if I can get that working.

https://www.kandji.io/blog/binding-to-active-directory-alternatives#:~:text=Again%2C%20clever%20Apple%20people%20came,Those%20alternatives%20include:

There is a lot more out there about this.

However I found a lot on the macadmins slack channel about our issue on Friday . Seems it may not be an AD only issue.

According to apple 15.4 

• 
  

  Resolved an intermittent issue where the Login Window failed to accept a correct password

  
  

Sorry that should say Macadmins conference !

Just to chip in on this and say that we're seeing these issues as well. It started just after Christmas after machines went to Sequoia and we thought it was just a Sequoia issue affecting certain models. I think this has gotten mixed up with another issue though (audiomxd process causing 100% CPU usage) and it took us a long while to realise that there were two different things going on.

This seems to have spread for want of a better word and is affecting more and more machines, we keep flattening them but the problem does then come back sometimes. Affects both Intel/ARM, various ages and models, both Sequoia and Sonoma. I think it's some common issue which has been introduced in an update to both OS as others have suggested.

We are AD bound and have no immediate capability to turn that off though are now looking into JAMF Connect. This has been a frustrating and high impact issue for us and as yet I don't really have any answers for the support staff other than 'hopefully they'll fix it in an update' which obviously isn't great :/

Ian

Hi, I have (So Far) not seen the issue return after Sequoia 15.4. I am going to erase and install all 700 Macs this summer. I have been looking at platform SSO and it will work, but you have to actually log onto each computer for it to work for all users which is a royal PITA. Really hoping apple and Microsoft sort this out. One thing though with this loginwindow issue is the fact this affects local accounts too. If you look on the macadmins slack channel I have seen scattered about people using jams connect getting this too.

It does affect local accounts yes we can't log in with our admin account when machines get in this state but if I'm reading the other posts correctly this only seems to be affecting AD bound machines in general? As in no binding no problemo...

It also seems to have been resolved for us after 15.4, but we're doing a check of our Macs today to make sure this is still the case. Our students have all left so we have more time to focus on trying to figure out what's happening.

I hope that will be the end of it. If it does turn out to be an AD binding thing I will just switch over to PSSO (even if that mens enabling manually on all the Macs once).

Hi all…

It looks like we’ve had this problem creep back in recently and we’re just unearthing some more issues with devices running various versions of macOS 15.  Has anyone had any success finding a solution or work-around (not removing devices from AD)?

Also, I thought it might be worth sharing, to see if there is any commonality, that where we have seen issues has been mainly in our Arts and Media areas (who else uses Macs?) with the installed software being (amongst others)…

Blackmagic RAW
DaVinci Resolve
Microsoft Defender
Office 365
The Unarchiver
VLC
XCode

We are also still seeing this problem both on Sonoma and Sequoia Mac mini’s (We bind to OpenLDAP instead of AD but same behavior seems to be happening). Even fully updated to 14.7.8 and 15.6.1 we still see this happening, often times it happens on the 2nd login or after waking from sleep. The odd thing is it only seems to happen is one of our buildings. Has anyone managed to solve this yet? This has been an issue on and off for the last year for us and even wiping and reinstalling OS has not permanently fixed the issue.