Has anyone else had a problem with the latest 10.14.5 and DEP Mac's, we are seeing a problem when creating the user account.
Computer account creation failed.
Couldn't find to much on this subject so thought I'd ask here to see if anyone else was facing the same problem.
Update Also seeing this on 10.14.3 so seems to not just be the latest version effected.
I did see that error a couple times the other day, but it wasn't with 10.14.5. I don't know what exact version these were on, but they were Macs that were unboxed last week so 10.14.5 would not have been on them yet. I think we simply rebooted and it still booted to the login screen as if there was no problem.
Hi Folks, this issue was hard to diagnose as we didn't see anything in the logs on either the JSS side or the client side pointing to the problem.
The issue is the root CA cert, which in our case was from InCommon.
What we did to fix it was 1) generate fresh SSL certs, then 2) create the Tomcat P12 cert, 3) move the certs into the correct location on our JSS, and 4) stop and restart Tomcat.
You can test to see if your server has this problem by using the following command:
openssl s_client -connect yourjss.example.com -port 8443
Run the above command from a Mac or Linux machine (don't know how to do this in Windoze).
In the Certificate chain section, if you see the words "AddTrust" then you have this problem and need to fix it.
For example, you'll see "AddTrust: in the last three lines here:
Certificate chain 0 s:C = US, postalCode = 12345, ST = California, L = San Francisco, street = 124 Main Street, street = Boss Office, O = "University of SF", OU = CRM, CN = myjss.example.com i:C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA 1 s:C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority 2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root 3 s:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
Hey All. Update from our Apple Care and JAMF support cases. In our case the root cause for this issue was that we had login/logout hooks enabled and in use for a policy executing immediately after enrollment of DEP machines. After disabling the hooks via "Settings > Computer Management (framework) > Check In > Uncheck Login/Logout hook" and removing the login logout triggers from policies, our account creation(via apple setup) problem went away. I recommend you try this in your environment. Guidance is that the login/logout hooks are deprecated tech and not recommended to be used by apple or JAMF. They ultimately cause the jamf agent to hang and make the apple setup account creation pane time out.