What is Your Deployment Process?

@JC_CLCSD You've mentioned seeing the issue discussed on Jamf Nation so I won't rehash the cause. Apple's recommended "fix" is to update a Mac to macOS Catalina 10.15.7 prior to sending to the the user for enrollment by following these steps:
1) Drop into Terminal as root at the Language Chooser screen via the Command-Option-T (or Control-Command-Option-T - I forget which was the trick)
2) Run this command to update the Mac to 10.15.7: softwareupdate -iaR (that's a minus in case the forum software makes it a dash)
3) Once the Mac completes the 10.15.7 update and restarts back into Setup Assistant use Command-Q to shut down the Mac and it should be ready to be sent to a user

We've experienced the random times where the Remote Management popup doesn't actually pop up. The only fix was to re-install MacOS to the latest version and it would always come up.

@sdagley running softwareupdate -iaR comes up with:

Passing --restart requires root privilege.

Anyone know the mbsetupuser password? (I jest, no-one knows that* password!)

Just have to shutdown Terminal and the mac setup screen with the usual Cmd-Q buttons :-)

Vmware fusion works for me terrible unstable when going through Pre-stage setup. Simply works every 2nd or 3rd time, so really is difficult to know if this is wmware issue or it is setup issue

@jameson I have run through it dozens of times using Fusion (12 Pro) and haven't had it fail once when everything was set up correctly in Jamf. Regardless, I appreciate your feedback and that is good to know that others don't have the same experience and I'll remember that going forward.

@sdagley Thank you!! I've come across a lot of hands-on required "fixes", maybe my goal of a true zero-touch is just a pipe dream. I was able to set up a zero-touch with our new iPads that worked great. I just handed out the boxes, pointed the users to directions in our KB, and went on with my day. I didn't have a single issue, exceptions being those that cannot or chose not to follow directions.

@tsylwest I am running the command suggested by @sdagley right now and it is working, updates are downloading and being installed. Terminal automatically launched as the root user for me. This is straight out the box, booted, and used the keyboard shortcut to launch terminal at the country selection screen (it didn't work on the language selection screen for me). Fingers crossed, I can deal with this minimal interaction before giving devices out.

@tsylwest When you access Terminal from the Setup Assistant with that key sequence you're running as root so the mbsetupuser account doesn't come into play

@JC_CLCSD Glad to hear it's working for you. There's definitely some inconsistencies in the instructions on how to get into Terminal, but my understanding was the Language Chooser was critical to the process so very interesting that's not where you ended up accessing Terminal.

@sdagley Your suggestion to use the softwareupdate command work without issue. The computer rebooted, I verified it was on 10.15.7, that the serial was scoped to the prestage, and it is still not picking up DEP wireless or wired. I think I may just go back to the last setup I had that worked that presented the macOS login dialog, have Jamf create a dummy admin account the end-user can log in with initially to launch DEPNotify then have Jamf remove that dummy account via policy. Frustrating for sure.

@sdagley that's weird... It dropped me at a normal non-root prompt, it was definitely not a # prompt. I don't think the error I posted would have appeared had I been at a root prompt. Curiouser and curiouser... going to double check it again and will report back :-)

@JC_CLCSD How are you delivering the DEPNotify binary? Is it part of your PreStage Enrollment, or is installed by a policy triggered on Enrollment Complete? I use the latter approach with a Smart Group containing Macs enrolled via a specific PreStage so the appropriate version of my driver script for DEPNotify runs. My PreStage configuration limits Setup Assistant to the Account Setup screen where the user creates their account, and I don't use the Account Settings payload so that the user's account will be 501

Update on things. I streamed the system log while going through setup assistant using a post I found, and I noticed the message "device enrollment record info unavailable" appeared several times. This told me that there was at least an attempt at communication with the activation servers. After a little more searching here, I found a post suggesting the command “sudo profiles renew -type enrollment" from the terminal. I ran that, restarted, and the setup process worked as I expected! I'll continue testing this with Macbooks I still have in the box to make sure it wasn't a fluke.

An odd (to me) behavior I've found with terminal access during setup assistant is that the shortcut key sequence to open terminal in 10.15.6 only worked for me on the country selection screen. That does not work for me in 10.15.7, I had to be on the language selection screen as @sdagley stated.

@sdagley my DEPNotify binary is part of prestage, and that seems to work great. My issue is that Jamf Connect doesn't - or wasn't - firing up as the login screen for the users. The Jamf Connect and launch agent packages along with our branding package are also part of the prestage. I had help setting all that up during my onboarding training so I hope that is done correctly because that training was expense! If I can get things to stay consistent after running the command above, I think I am set. I hope!

I appreciate all of you, your input has helped tremendously with this issue and made me really think about things!

@sdagley seems they (read:Apple) may have changed something...!

@JC_CLCSD Glad to help. Just paying it forward since Jamf Nation is such a useful resource (Never create from scratch what you can steal borrow from someone who has previously travelled the path you're taking)

@tsylwest That looks like the Country, not Language, selection screen. The root access to Terminal sequence has to be done on the Language selection screen which will normally only appear the very first time a Mac is booted. This page shows how you can make it re-appear: Resetting Device Enrollment cache without reinstalling macOS

@sdagley Thank you so much for that! Root access: granted.

Some more Apple 'mists' have now been cleared, much appreciated.

@sdagley How do you connect the mac to the internet successfully while in root mode pre-setup, I tried several USB-C ethernet dongles, and had no luck.

@ovortiz The only USB-C adapter I’ve used is from Belkin and it just works. No driver or configuration required.

@JCCL I think your environment is still ahead of mine because my environment is still officially on user-initiated enrollment by authorized IT staff as my Windows-centric organization (and University as a whole) is still resistant to enabling ADE for prestaging from our ASM (DEP) through now which I'm working towards to achieve. The functionality is there, including enrollment customization for macOS Catalina, but it's a matter of getting the green light to make that official in my environment.

@dng2000 Does your current workflow utilize DEPNotify and the DEPNotify Starter script? Even if you're not yet using ASM/DEP to automatically enroll machines you can leverage DEPNotify and the DEPNotify Starter script to build a manually initiated workflow. That's what I did in my current environment while working on getting the necessary approvals for ABM/DEP, and when that was done the process of changing from manual to PreStage based enrollment was pretty simple.

@sdagley Yes it does.

@dng2000 Good luck on getting the ASM/DEP process approved then. My previous role was in edu, and I faced the same issue with a Windows-centric organization never quite getting to where they would provide the approvals/support necessary.

@ovortiz I also use the Belkin adapter but have found it only begins working after the Mac is connected to wireless for a few minutes. Something is happening in the background, but I don't know what.

@dng2000 ASM is a key component for sure. I am in a smaller organization and do the approvals for myself so it was a lot faster to get going :)