I don't know if anyone else has experienced this, but any computer that we enroll with 9.9 or 9.91 causes the Spotlight process to jump to 130% and never go back down. We thought it was an indexing error, but I spent about 90 mins on the phone with Apple Enterprise Support and they couldn't figure it out either. I tried making a new image, removing programs, and uninstalling the antivirus. Open when we removed the Jamf framework did the problem go away. Had to roll back 9.82 for everything to go back to normal. I told our TAM and it seems that this may be a known issue. Just wondering if this has popped up for anyone else.
I noted spotlight running at 130% yesterday. Completely wiping the index didn't help. Neither did excluding the entire system drive and unchecking all item types to index. When this is happening spotlight doesn't try to re-index. Also tried removing /.Spotlight-V100. All of this with reboots of course.
Found by removing /Library/Managed Preferences/com.apple.Spotlight.plist and /Library/Managed Preferences/*/com.apple.Spotlight.plist, then doing a "killall Spotlight" allowed spotlight to re-index and use nominal CPU.
I checked my managed preferences in casper and saw no reference to spotlight at all. I did "jamf mcx" and "jamf mcx -username MYNAME" which brought those plists back down. After restarting spotlight the problem came back. Removing those plists and restarting spotlight resolved it again.
I'm using the following script to refresh the managed preferences on systems periodically and have appended removing the uneeded and problematic spotlight plists.
# Setting this variable, "field splitting" makes sure each line is considered as such, even with spaces in them. # Otherwise spaces are considered splitters. Here we are specifying " "(page break) is the only splitter. IFS=$' ' echo Deleting all managed preference files... rm -rf /Library/Managed Preferences/* echo Deleting all computer level managed preferences from the local directory.. dscl . -mcxdeleteall computers/localhost a=`ls -d /users/* | cut -d "/" -f 3` for userfolder in $a do if [ "$userfolder" != "Shared" ]; then echo Deleting all user level managed preferences from the local directory for user: $userfolder dscl . -mcxdeleteall users/$userfolder fi done /usr/local/bin/jamf mcx for userfolder in $a do if [ "$userfolder" != "Shared" ]; then /usr/local/bin/jamf mcx -username $userfolder fi done jamf manage killspotlight="no" if [ -e /Library/Managed Preferences/com.apple.Spotlight.plist ]; then echo "System: Spotlight Managed Pref Plist found. Removing..." rm -rf /Library/Managed Preferences/com.apple.Spotlight.plist killspotlight="yes" fi for i in `ls -d /Library/Managed Preferences/*/`; do if [ -e $i/com.apple.Spotlight.plist ]; then echo "System: Spotlight Managed Pref Plist found in $i Removing..." rm -f $i/com.apple.Spotlight.plist killspotlight="yes" fi done if [ $killspotlight == "yes" ]; then killall Spotlight; fi exit 0
We've had this going on at our org too, mostly newly-provisioned machines but a handful of previously deployed machines as well. It does seem to line up with updating to 9.91.
Mine has been running at 150% CPU for about a week now. Every once in a while it runs up the fan. SMC reset, NVRAM reset, killing processes, flushing system/user cache, killing the process in Activity Monitor… none of that seems to help.
Has anyone tried removing the Framework and re-enrolling to see if that fixes it, if it really is a binary issue causing this problem?
ETA: I'm seeing in the initial post that removing the framework does appear to fix it, weird. I'll try unenrolling/re-enrolling and see if it starts up again for me. Odddddddd
Has everyone tried locating all instances of com.apple.Spotlight.plist on their system and done a 'defaults read' on them to see what they say?
FWIW, when I did "defaults read /Library/Managed Preferences/com.apple.Spotlight.plist", defaults seg faulted. It did this after I removed the file and refreshed mcx from the jamf server as well. Considering the problem is with spotlight, spotlight configs are probably a good place to start looking for anything that stands out. For me, between the reproducible segfault and not having any managed preferences pertaining to spotlight configured on the JSS, yet still getting assigned spotlight plists under managed preferences, that stood out to me.:)
Just an FYI, you will want to just remove the spotlight and submit diag info profiles and NOT do the full rm -rf of /Library/Managed Preferences/ due to many OS X Configuration Profiles actually using MCX plists to apply settings. Some commonly used ones are login window, screen saver, FileVault redirect along with many others. But even though Configuration Profiles use the MCX plists, they aren't being pushed by the MCX framework of the JSS so the "jamf mcx" wont bring down the settings again.
The ones that appear to be the culprits for the cpu spike are:
/Library/Managed Preferences/com.apple.Spotlight.plist /Library/Managed Preferences/<username>/com.apple.Spotlight.plist
/Library/Managed Preferences/com.apple.SubmitDiagInfo.plist /Library/Managed Preferences/<username>/com.apple.SubmitDiagInfo.plist
Also upon logout/login these plists are recreated so the problem would likely return.
In regards to reapplying settings removed that you wished to have there, the inventory collected by a recon only reports on Config Profiles being installed, not their corresponding plists they lay down. So any subsequent inventory submission wouldn't tell the JSS to resend the profile with the corresponding plist because technically its still installed. You would most likely have to remove the profile from the scope of the device and reapply if you didn't wish to have the users log out and log back in.
I would recommend contacting support as they have some workflows to help resolve this issue in a more permanent manner.
It's not the Security & Privacy profile, though that triggers the issue. The problem is with the restrictions, specifically, " Allow iCloud documents & data" and " Allow use of iCloud password for local accounts" are the two keys that cause this. These were introduced in version 9.9 from what I can tell, and those are exactly the two that's causing this problem. That said, JSS is rewriting the key values in the payload, so the only way to fix it is to use the OS X server profile manager to create your own, sign it, and then upload it to JSS.
That fixed our problem (~53 Macbooks) immediately.
@CasperSally & everyone else,
We have it filed under PI-002155.
We've found that the most reliable workaround in this case, as @william.gregorian mentioned in his post, is to use Profile Manager to create the profile that needs the Security and Privacy payload, export it signed, and then import it to the JSS and deploy it. It is important that the profile is signed when exported, or the problem will likely come back after the profile is uploaded to the JSS and deployed.
If you find you need assistance with the workaround or have additional questions, please get in touch with your Technical Account Manager by giving them a call, sending an e-mail to firstname.lastname@example.org, or by using the My Support section of JAMF Nation.
JAMF Software Support
I'm now wondering if this relates to the white screen issue I'm seeing on our Library iMacs after it boots up with fans spinning. I had recently added a security profile to them....
Princeton Public Schools
For us it doesn't matter if the restrictions payload has the iCloud checked or not.
I did the following while applying each. I start with no abnormal Spotlight CPU usage. I also programmatically delete the com.apple.Spotlight.plist's via a script that runs on every checkin, so when I run the following it returns "no such file or directory" as you would expect. As soon as I apply a configuration profile containing the payloads Retrictions, Login Window, and Security & Privacy, the command shows the files are created. I removed them then reproduced these results several times to make sure it wasn't coincidence.
M-USER01:~ ACCOUNT$ while [ 1 == 1 ]; do ls /Library/Managed Preferences/*Spot*; ls /Library/Managed Preferences/*/*Spot*; sleep 1;done ls: /Library/Managed Preferences/*Spot*: No such file or directory ls: /Library/Managed Preferences/*/*Spot*: No such file or directory ls: /Library/Managed Preferences/*Spot*: No such file or directory ls: /Library/Managed Preferences/*/*Spot*: No such file or directory ls: /Library/Managed Preferences/*Spot*: No such file or directory ls: /Library/Managed Preferences/*/*Spot*: No such file or directory ls: /Library/Managed Preferences/*Spot*: No such file or directory ls: /Library/Managed Preferences/*/*Spot*: No such file or directory ls: /Library/Managed Preferences/*Spot*: No such file or directory /Library/Managed Preferences/USER/com.apple.Spotlight.plist /Library/Managed Preferences/com.apple.Spotlight.plist /Library/Managed Preferences/USER/com.apple.Spotlight.plist /Library/Managed Preferences/com.apple.Spotlight.plist /Library/Managed Preferences/USER/com.apple.Spotlight.plist ^C M-USER01:~ ACCOUNT$
After doing this and seeing those re-created I did "sudo killall Spotlight". The new spotlight process instance launched as a result takes 130% cpu. I then manually remove those files and kill spotlight again. The new spotlight process instance takes nominal cpu usage.
Is it normal for a Configuration Profile payload to create a plists in the managed preferences folder? I've always assumed that was a function/result of any configured Managed Preferences settings.
Here is what I put in my script that runs on every check-in. A lot easier than messing with exporting/importing the profiles.
## # Spotlight: Fix spotlight cpu issue ## IFS=$' ' killspotlight="no" if [ -e /Library/Managed Preferences/com.apple.Spotlight.plist ]; then echo "System: Spotlight Managed Pref Plist found. Removing..." rm -rf /Library/Managed Preferences/com.apple.Spotlight.plist killspotlight="yes" fi for i in `ls -d /Library/Managed Preferences/*/`; do if [ -e $i/com.apple.Spotlight.plist ]; then echo "System: Spotlight Managed Pref Plist found in $i Removing..." rm -f $i/com.apple.Spotlight.plist killspotlight="yes" fi done if [ $killspotlight == "yes" ]; then killall Spotlight; fi
@MrP I'm getting this error frequently. Any ideas on how to tweak it so it doesn't fail as much?
Actions from policy log: Executing Policy Spotlight CPU temp fix Running script spotlight-mcx-removal.sh... Script exit code: 1 Script result: System: Spotlight Managed Pref Plist found. Removing... System: Spotlight Managed Pref Plist found. Removing... No matching processes were found Error running script: return code was 1
Just wanted to add that @bentoms solution worked for me. I had already combined my Login Window and Security & Privacy payloads into one config profile to solve the "screen doesn't lock immediately" issue, so I just added the Restrictions payload, distributed and rebooted my test machines (both of which had high Spotlight CPU usage), and they were both fixed after that. Thanks for the detailed info, @bentoms .
Have been fighting with this today, it seems that you have to have "Allow Spotlight Suggestions" checked to fix the issue. When unchecked it creates the com.apple.Spotlight with the MCX for "parsecEnabled" and Spotlight jumps back to 100%. Requires a reboot after applying. Thanks @bentoms for the writeup here: https://macmule.com/2016/05/09/icloud-spotlight-login-window-issues-with-jss-9-9-the-security-privacy-profile-payload/#Back_To_The_Start !