Devices upgraded to Ventura can't login

Valued Contributor II

I've getting reports of people that have upgraded from an older OS (anything from 10.14.x on up to 12.x) to Ventura, but it seems like a significant portion of them put in their credentials at the FV screen but never get a desktop.  The progress bar seems to halt around 3/4 of the way through.  

The support technicians noticed it's a lot of the Intel Macs vs the M series, but I haven't been able to confirm it.  

Further, it seems like it may be related to a login script and home drive mapping in AD for their accounts.  Typically we can clear that and have them reboot on the corporate network.  The issue becomes when users are remote and can't get to an office building. 

The accounts have all been AD mobile accounts.  Typically when I'm working on those devices I will convert them to local accounts and then use Kerberos Extensions to handle the AD relationship.  


Curious if others have run into this?  I haven't been able to reproduce it on lab machines.


Contributor II

Upgrade/addon the Jamf Connect component. It stops all AD issues, and makes logging on very consistent. 

Honored Contributor

I generally try to avoid skipping versions when I can (11 > 13 without stopping on 12). In the past I have seen keychain issues and all kinds of other random things when you skip versions. Granted the last time I skipped a version was going from 10.12 to 10.14 which was some time back. 


Apple has been very rapidly moving away from AD Binding which it sounds like you are already doing. I have a gut feeling the AD Bind and Mobile account may be involved in your issues somehow. 

Valued Contributor II

We've been switching to kerberos extensions on any rebuild or net new deployments.  but we have a considerable portion of the fleet still on mobile accounts.  Gonna see if I can get a pre-flight script in place to check for mobile accounts and convert to local before running the upgrade.


Contributor II

Does bridge updating work in a test environment? 

For example, you could use erase install to update a client from macOS10 to macOS11 to macOS12 to macOS 13. 


Then see which hop the login screen dies at and use the info to further troubleshoot the issue.