We just updated our testing M1 Macbooks to Big Sur 11.1 to see if the issue with reinstalling the OS from Recovery boot is fixed (it does appear so). However, we are experiencing an error when it comes to account creation in the initial setup process. The error is:
Computer account creation failed
Your computer account could not be created with the name and password specified. Please try again.
Trying to create the account again errors that the name is unavailable, so you have to choose a different account name. It will also fail on the second account. Powering the device off and back on will bring it to the login screen where it will list the accounts that you tried to create, but the passwords will not work.
It exhibits the same behavior with or without DEP provisioning. It does not exhibit the issue when restored via Apple Configurator 2.
Disclaimer: The thoughts below are from someone who only partially understands what he (me) is talking about. You have been warned. No warranties implied. When it doubt, call Apple.
Hi. Let me tell you we just went through this with Apple. After a bit of head scratching we got to a solution. Here is what we did (in the end). The following thoughts are my after-thoughts from three support cases with Apple in the last two weeks about the M1 Macs and recovery of the OS.
To address your specific question (i.e. my three hours with apple yesterday) consider the following:
Reboot to recover mode, erase, reinstall the OS*
Setup Mac as a local, non-MDM-managed Mac to confirm local accounts work again.
In ASM, re-associate the device with JAMF.
Reboot to recover mode, erase and reinstall the OS.
A few notes about erasing these Apple Silicon M1 Macs
1. If you get to the very first recovery screen and it is NOT the list of four programs to run (disk utility, reinstall OS, etc) you should check the menu at the very, very top of the screen and look for ERASE MAC. Run through that process. It does some magic that dimply deleting the volumes does not appear to do.
2. When in Disk Utility be sure to blow away all volumes, including both Macintosh HD and Macintosh HD Data. If you miss the Data drive you will end up with another set of problems to resolve.
3. There is a terminal command 'reset password' that you may wish to run that will reset some more things.
Basically, if you try really really hard you can get the Mac to be back to a factory default state and reinstall the OS. By itself, this does not resolve your issue with the local accounts, though. Those require the steps we took with ASM as listed above.
PS: I cannot make the online webUI WYSIWYG editor do correct number of my bullet points. Sorry about that.
Had the same issue with the local accounts. I currently do not have access to Apple Business Manager and I am in the process of getting access. Once I do, I will have to unassign the serial number in ABM, reinstall the OS, and then reassign it.
@larrysteinke , question for you. After unassigning the Mac, are you formatting the disk using disk utility both times or are you just re-installing the OS without formatting?
I'm having the same issues. I followed the below steps in ABM and I'm still having the same issue.
I unassigned the machine from the JAMF mdm in Apple Business Manager
I did an erase(Macintosh HD and Macintosh HD - Data) and install. I attempted to go through setup assistant to create a new account and i'm still getting the unable to create account error.
I did not use the reset password command in terminal, so i'll be trying that next.
To address your specific question (i.e. my three hours with apple yesterday) consider the following: In ASM, unassociated the device serial number from JAMF. Reboot to recover mode, erase, reinstall the OS* Setup Mac as a local, non-MDM-managed Mac to confirm local accounts work again. In ASM, re-associate the device with JAMF. Reboot to recover mode, erase and reinstall the OS.
I just received an M1 macbook air for testing and I am hitting this issue no matter what I do. I removed it from ASM and erased and reinstalled but no users can be created. if I reboot I see that the users are there but the passwords don't work. Not sure what else to do to get this computer back to working order I have clean installed it about 5 times now.
@mmcchesney I was having the same problem with my test M1 MacBook Air. What finally worked, and allowed creation of accounts when enrolled via Jamf Pro MDM or not, was doing a DFU Restore with Apple Configurator 2
EDIT: I can't say with 100% certainty it's what triggered the issue, but prior to the repeated failure to create an account I had booted from a Big Sur 11.1 USB installer and used Disk Utility to erase my M1 Mac's SSD, but failed to select the erase volume group when erasing "Macintosh HD". I did erase the volume group on multiple subsequent boot from USB, erase, and re-install Big Sur 11.1 cycles, but never got past the account creation process until doing a DFU Restore.
I have since done multiple boot from USB, erase, and re-install Big Sur 11.1 cycles while making sure to use the erase volume group option when erasing "Macintosh HD" and haven't seen a repeat of the account creation failure.
@mmcchesney @sdagley I'm hitting the same issue. MacBook Pro M1 - removed from our Jamf in ABM, but I erase & install comes back with users whose passwords don't work. Trying to reset it in Apple Configurator 2, I get errors like...
Edit - I had to update to the newest Configurator... working on it...
The System cannot be restored on this device. No applicable System images were provided. [ConfigurationUtilityKit.error – 0x263 (611)]
I also had this same issue. Previously, to erase / re-install / reset the device, I was booting from an external USB Big Sur installer and manually erasing the volume group and then re-installing. This lead to the 'Cannot create user account' error. After restoring via the latest version of Configurator 2, the issue no longer has appeared. This guide worked perfectly : https://mrmacintosh.com/restore-macos-firmware-on-an-apple-silicon-mac-boot-to-dfu-mode/
Turned out I had bigger issues. DFU was hosed and if I tried to run nvram -c in terminal in recovery I would get a permission error. I ended up going through the steps outlined in Apple's article to fix the issue they had with the OS not reinstalling at all after wiping it on 11.0.1 and that cleared up the account creation issue.
We're having this issue as well and have opened an AppleCare case. I'll update if I'm able to figure out anything. I have noticed the account we create as part of our PreStage enrollment does work at the login window after a power cycle but as mentioned up top, none of the accounts we attempt in Setup Assistant work.
I can't remember where I found this solution, but it works for me :
No need to remove the computer from ABM or use AC2, it's just a little longer to wipe a computer.
I have been playing around with the m1 and found that at least in my environment i am able to re-image these off the recovery drive with no issues. But what I have found is we have been using logon in the dep process to start. I have found that however you reimage one of these iot seems like the fist account that logs on needs admin rights.
We have been running the dep process and it finished up just fine. has the user log off and back on and starts the encryption. Right now all looks good Mac works properly and is properly managed. All look great.
And then a reboot. And the mac stars complaining that there is no admin account for recovery to set the start up drive. Took me a while to realize that the account that the process makes at login to the jamf/enroll is created as a standard user. This causes a admin issue on reboot. What i have found that restoring admin rights before rebooting sets the admin account up properly.
Just seems like apple is making it harder on enterprises now.
Just got an M1 Air for testing and had 11.1 and DEP/ABM, sure enough got hit with this
I dropped down to Terminal (click on background, Command+Option+Control+T) and the user is created (as admin with Secure Token) and
/var/db/.AppleSetupDone is set so I just powered off and back on and was able to log in, while not ideal and has caveats* it means a remote user that has one dropped shipped doesn't need to do anything special besides turn off and on after attempting account creation.
*Caveats mainly are that things that Setup Assistant does after account creation are not done: Siri, Hey Siri, TouchID, Screen Time, Location Services, etc...
A more complete solution for this:
M1 Mac process for erasing: thanks to @bpstuder for the inspiration
Recovery (assistant) will load: (5a.) If this is your first time wiping the machine and/or no user has been created you will see Recovery in the menu bar and will need to do the following: (if the menubar item says Recovery Assistant skip to (5b.) below) I. Click on the Utilities Item in the menu bar II. Click the Terminal option in the drop down menu III. When Terminal loads type: resetpassword IV. Hit the return key V. Select the password utility window VI. (Now the menu bar item will have changed to Recovery Assistant) select Recovery Assistant VII. Select Erase Mac VIII. Select Erase Mac IX. Select Erase Mac one last time (Wait for Reboot) X. Select Language and Hit Arrow (bottom right) to continue XI. At the Activate Mac screen Select the wi-fi icon in the upper right and enter your wi-fi credentials (ignore if hardwired) XII. Once connected to a network successfully you will see the message "Your Mac is activated." XIII. Hit the Exit to Recovery Utilities Arrow XIV. Select Disk Utility and hit continue XV. Secondary Click (right click) on the "Untitled" APFS Volume under the Internal section, and select Rename XVI. Realize that "Yes, indeed you are not crazy!" Apple's own utility left you in the lurch for naming the drive back to "Macintosh HD" for no known reason. Now name this APFS Volume whatever you please with reckless abandon! But seriously, mac admin OCD dictates "Macintosh HD" (once renamed) hit the return key. XVII. Exit Disk Utility via the red button in the upper left corner or using the menubar item Disk Utility >> Quit Disk Utility. XVIII. Select Reinstall macOS Big Sur and hit continue XIX. Use the onscreen instructions to complete your regular scheduled programming of macOS installer.
(5b.) If you have created a user and recovery assistant is asking to "Select a user you know the password for" you will see the menubar item Recovery Assistant and can do the following: I. Select Recovery Assistant from the Menu bar (no need to type in password if we are wiping this Mac anyways) II. Select Erase Mac III. Select Erase Mac IV. Select Erase Mac one last time (Wait for Reboot) V. Select Language and Hit Arrow (bottom right) to continue VI. At the Activate Mac screen Select the wi-fi icon in the upper right and enter your wi-fi credentials (ignore if hardwired) VII. Once connected to a network successfully you will see the message "Your Mac is activated." VIII. Hit the Exit to Recovery Utilities Arrow IX. Select Disk Utility and hit continue X. Secondary Click (right click) on the "Untitled" APFS Volume under the Internal section, and select Rename XI. Realize that "Yes, indeed you are not crazy!" Apple's own utility left you in the lurch for naming the drive back to "Macintosh HD" for no known reason. Now name this APFS Volume whatever you please with reckless abandon! But seriously, mac admin OCD dictates "Macintosh HD" (once renamed) hit the return key. XII. Exit Disk Utility via the red button in the upper left corner or using the menubar item Disk Utility >> Quit Disk Utility. XIII. Select Reinstall macOS Big Sur and hit continue XIX. Use the onscreen instructions to complete your regular scheduled programming of macOS installer.
Just in Case
(Possibly like me you got an Intel Mixed up for an M1 in the moment, and the Recovery screens looked the same to you and you accidentally chose the new Erase Mac Feature)
If you accidentally went through the above process on and Intel Mac after pressing "command + R", and are at the flashing folder, you can restore by:
command Rto enter recovery of the latest macOS version (at time of this post Big Sur)
Is anyone else still experiencing this issue? For all of our laptops it's a 50/50 chance after the Remote Management screen if it goes to the Account Creation screen or right to the login screen without prompting to setup a user.
My previous support case with Jamf they pointed towards this post with no actual resolution. It's not fun to have to guide new remote employees through erase and install process especially if they aren't familiar with Macs.
It's been months now and still no update, adding hours onto our onboarding of new employees
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Arguments</key> <array> <string>-reset</string> <string>-JamfConnect</string> <string>-Notify</string> </array> </dict> </plist>
3. If you do not want to skip the account creation you do not have to do so, I say why not let Jamf Connect Login handle that part, it's a super smooth experience for the end user.
Hope this helps!
Just an FYI....I'm having this issue on an Intel based MacBook Air where the Computer Account creation failed. Don't think it's just the M1 having this issue. I am stuck with Microsoft Intune as our MDM. I was restoring from the cloud and not having the issue and was tired of the hours of installing it took so I created a thumb drive with 11.3.1 I believe and started having the account creation issue after wiping the drive to nothing and installing the OS. I would reinstall the OS, go through enrollment, get to account creation and it would fail and jump back and ask to create another account. The first account is there and you can make a second account and it goes through. Can reboot and login with the first account and delete the second one then but that screws with some scripts and stuff from Intune not running on the first account for some reason. I re-did the thumb drive with 11.4 and still having the issue. Going to try going back to reinstalling from the cloud again and see what happens.
@Geissbuhler Thanks for the response
This is exclusively happening on the M1 laptops. We don't use Jamf Connect at all, our work flow is as follows and has been working until the M1's:
-Plug the laptop into ethernet/power
-Click through setup prompts, get to the remote management screen and continue
-Click next until it gets to the Account Setup page
-We enter in the employees full name, username and temporary password ourselves -Continue with the prompts until it's logged in as that user
What is happening about 80% of the time now with the M1's:
-Plug the laptop into ethernet/power
-Click through setup prompts, get to the remote management screen and continue
- It goes to the Data and Privacy screen, and then right to the login screen of the MacBook with a blank username and password field
-At this point we can login with the management account we push to the computer through one of our policies
I would like to also point out this is for brand new laptops right out of the box from Apple
This was also happening to me, I had to create a new Prestage, and for whatever reason that resolved it for me. Not sure if that will do it for you, but it for sure worked for me. I can now use both Intel and M1 Macs in that prestage. I honestly just thought I set the original Prestage up incorrectly or that it was somehow corrupted, and did not associate these two things, might be worth a shot. However like @Cayde-6 it was not just M1 devices having this issue in my env.