Computer account creation failed - Big Sur 11.1 - M1 Macbook

BurroHen
New Contributor II

We just updated our testing M1 Macbooks to Big Sur 11.1 to see if the issue with reinstalling the OS from Recovery boot is fixed (it does appear so). However, we are experiencing an error when it comes to account creation in the initial setup process. The error is:

Computer account creation failed
Your computer account could not be created with the name and password specified. Please try again.

Trying to create the account again errors that the name is unavailable, so you have to choose a different account name. It will also fail on the second account. Powering the device off and back on will bring it to the login screen where it will list the accounts that you tried to create, but the passwords will not work.

It exhibits the same behavior with or without DEP provisioning. It does not exhibit the issue when restored via Apple Configurator 2.

45 REPLIES 45

dgreening
Valued Contributor II

Please open an AppleCare case on this. We are seeing the same, as are other customers.

larrysteinke
New Contributor

Disclaimer: The thoughts below are from someone who only partially understands what he (me) is talking about. You have been warned. No warranties implied. When it doubt, call Apple.

Hi. Let me tell you we just went through this with Apple. After a bit of head scratching we got to a solution. Here is what we did (in the end). The following thoughts are my after-thoughts from three support cases with Apple in the last two weeks about the M1 Macs and recovery of the OS.

To address your specific question (i.e. my three hours with apple yesterday) consider the following:

  1. In ASM, unassociated the device serial number from JAMF.

Reboot to recover mode, erase, reinstall the OS*
Setup Mac as a local, non-MDM-managed Mac to confirm local accounts work again.

  1. In ASM, re-associate the device with JAMF.

  2. Reboot to recover mode, erase and reinstall the OS.

A few notes about erasing these Apple Silicon M1 Macs
1. If you get to the very first recovery screen and it is NOT the list of four programs to run (disk utility, reinstall OS, etc) you should check the menu at the very, very top of the screen and look for ERASE MAC. Run through that process. It does some magic that dimply deleting the volumes does not appear to do.
2. When in Disk Utility be sure to blow away all volumes, including both Macintosh HD and Macintosh HD Data. If you miss the Data drive you will end up with another set of problems to resolve.
3. There is a terminal command 'reset password' that you may wish to run that will reset some more things.

Basically, if you try really really hard you can get the Mac to be back to a factory default state and reinstall the OS. By itself, this does not resolve your issue with the local accounts, though. Those require the steps we took with ASM as listed above.

**
PS: I cannot make the online webUI WYSIWYG editor do correct number of my bullet points. Sorry about that.

Since we are using JAMF
my solution was to configure DEP profile to automatically create local admin account and skip local admin account creating during setup.
It fixed the errors for me and made the process quicker, since I do not need to create local admin account anymore

marony
New Contributor

I had the same issue and larrysteinke's suggestion was a great help for me.
Now I can create a new account successfully through DEP enrollment.

lostradamus
New Contributor II

Had the same issue with the local accounts. I currently do not have access to Apple Business Manager and I am in the process of getting access. Once I do, I will have to unassign the serial number in ABM, reinstall the OS, and then reassign it.

@larrysteinke , question for you. After unassigning the Mac, are you formatting the disk using disk utility both times or are you just re-installing the OS without formatting?

LovelessinSEA
Contributor II

I'm having the same issues. I followed the below steps in ABM and I'm still having the same issue.

I unassigned the machine from the JAMF mdm in Apple Business Manager
I did an erase(Macintosh HD and Macintosh HD - Data) and install. I attempted to go through setup assistant to create a new account and i'm still getting the unable to create account error.

I did not use the reset password command in terminal, so i'll be trying that next.

To address your specific question (i.e. my three hours with apple yesterday) consider the following: In ASM, unassociated the device serial number from JAMF. Reboot to recover mode, erase, reinstall the OS* Setup Mac as a local, non-MDM-managed Mac to confirm local accounts work again. In ASM, re-associate the device with JAMF. Reboot to recover mode, erase and reinstall the OS.

lostradamus
New Contributor II

@LovelessinSEA Hi I also experienced the same, let me know if recovery password helps! I am stuck with a machine that doesn't work unfortunately. I will be trying Apple Configurator 2 tonight as well!

LovelessinSEA
Contributor II

@lostradamus Unfortunately nothing I have tried works. Do you have documentation for the AC2 method?

jimderlatka
Contributor

I have had the same issue.. I can recover the Mac though.. thats easy, but I have the same issue in the create computer account.... I did get it to work by using a super simple id and password like. Jim, and apple as the password.. but thats not ideal...

jimderlatka
Contributor

by the way.. I just redid my M1 air with full enrollment, and using 11.1 Big Sur, and the issue seems to have now gone away........ so thats great......

message me if you are still having an issue maybe I can help

Jderlatka@loyalty.com ( work )
Jim.derlatka@me.com ( Personal )

mmcchesney
New Contributor II

I just received an M1 macbook air for testing and I am hitting this issue no matter what I do. I removed it from ASM and erased and reinstalled but no users can be created. if I reboot I see that the users are there but the passwords don't work. Not sure what else to do to get this computer back to working order I have clean installed it about 5 times now.

sdagley
Honored Contributor II

@mmcchesney I was having the same problem with my test M1 MacBook Air. What finally worked, and allowed creation of accounts when enrolled via Jamf Pro MDM or not, was doing a DFU Restore with Apple Configurator 2

EDIT: I can't say with 100% certainty it's what triggered the issue, but prior to the repeated failure to create an account I had booted from a Big Sur 11.1 USB installer and used Disk Utility to erase my M1 Mac's SSD, but failed to select the erase volume group when erasing "Macintosh HD". I did erase the volume group on multiple subsequent boot from USB, erase, and re-install Big Sur 11.1 cycles, but never got past the account creation process until doing a DFU Restore.

I have since done multiple boot from USB, erase, and re-install Big Sur 11.1 cycles while making sure to use the erase volume group option when erasing "Macintosh HD" and haven't seen a repeat of the account creation failure.

AdminIA
New Contributor III

@mmcchesney @sdagley I'm hitting the same issue. MacBook Pro M1 - removed from our Jamf in ABM, but I erase & install comes back with users whose passwords don't work. Trying to reset it in Apple Configurator 2, I get errors like...

Edit - I had to update to the newest Configurator... working on it...

The System cannot be restored on this device. No applicable System images were provided. [ConfigurationUtilityKit.error – 0x263 (611)]

Will-Kriel-Hart
New Contributor

I also had this same issue. Previously, to erase / re-install / reset the device, I was booting from an external USB Big Sur installer and manually erasing the volume group and then re-installing. This lead to the 'Cannot create user account' error. After restoring via the latest version of Configurator 2, the issue no longer has appeared. This guide worked perfectly : https://mrmacintosh.com/restore-macos-firmware-on-an-apple-silicon-mac-boot-to-dfu-mode/

mmcchesney
New Contributor II

@AdminIA I got it to work after going through a restore with Apple Configurator 2. It seems to be ok now. Though I need to try a few more times to be sure its truly gone.

abutterman
New Contributor III

Having the same issue but also cant seem to get it into DFU. Followed the instructions per apple and nothing happens. It does show in configurator with the lock icon if I let it power up though. Anyone else run into issues getting the MacBook Air into DFU?

AdminIA
New Contributor III

Yes, it finally worked for me as well. Quite the PITMac.

mmcchesney
New Contributor II

@abutterman its a bit tricky but you plug it in to another Mac then shut down then hold Power Right Shift, Left Control and Left option for 10 seconds then let go of everything but the power button. And you should get there.

sdagley
Honored Contributor II

For anyone struggling with the DFU Restore process, @ClassicII has written an extremely comprehensive guide: Restore macOS Firmware on an Apple Silicon Mac + Boot to DFU Mode

abutterman
New Contributor III

Turned out I had bigger issues. DFU was hosed and if I tried to run nvram -c in terminal in recovery I would get a permission error. I ended up going through the steps outlined in Apple's article to fix the issue they had with the OS not reinstalling at all after wiping it on 11.0.1 and that cleared up the account creation issue.

tanderson
Contributor

We're having this issue as well and have opened an AppleCare case. I'll update if I'm able to figure out anything. I have noticed the account we create as part of our PreStage enrollment does work at the login window after a power cycle but as mentioned up top, none of the accounts we attempt in Setup Assistant work.

bpstuder
New Contributor III

I can't remember where I found this solution, but it works for me :

  1. shut down computer
  2. hold the power button until the "options" icon shows
  3. select the "options" icon
  4. when next screen loads, select menu item to launch terminal
  5. in terminal type "resetpassword" and hit enter
  6. when a reset password box appears, select menu item to erase Mac (see note below)
  7. in new pop up confirm option to erase Mac.
  8. once erased, exit back to recover
  9. reinstall the operating system
  10. once installed, create the account.

No need to remove the computer from ABM or use AC2, it's just a little longer to wipe a computer.

EddyLara
New Contributor II

Jim @jimderlatka

you solution works. Thank you so much for your help and quick response.

nicholash
New Contributor

I tried many of the responses here(minus removing from abm) and the only one that worked was a DFU restore in apple configurator

pinsent
New Contributor III

I ran into this issue as well and tried every approach suggested here. The only thing that worked was the DFU restore

dgreening
Valued Contributor II

Unfortunately per AppleCare there is no update on restoring M1 via non-DFU means.

Geissbuhler
Contributor

@bpstuder this resolves it for us 🙂 Thanks so much for the post!

Rémi
New Contributor

https://support.apple.com/guide/apple-configurator-2/revive-or-restore-a-mac-with-apple-silicon-apdd5f3c75ad/mac

abnaau
New Contributor III

@bpstuder 's solution is the way to go until Apple get's this fixed.

It seems Apple does some iCloud verification on the account creation step and this is what fails - because there's still some local token or key or something left (even though the Mac isn't iCloud locked).

tputnis
New Contributor

Absolutely outrageous that this is an issue. I'm having the same problem. Trying Larry's solution now.

MikeF
Contributor II

I have been playing around with the m1 and found that at least in my environment i am able to re-image these off the recovery drive with no issues. But what I have found is we have been using logon in the dep process to start. I have found that however you reimage one of these iot seems like the fist account that logs on needs admin rights.

We have been running the dep process and it finished up just fine. has the user log off and back on and starts the encryption. Right now all looks good Mac works properly and is properly managed. All look great.

And then a reboot. And the mac stars complaining that there is no admin account for recovery to set the start up drive. Took me a while to realize that the account that the process makes at login to the jamf/enroll is created as a standard user. This causes a admin issue on reboot. What i have found that restoring admin rights before rebooting sets the admin account up properly.

Just seems like apple is making it harder on enterprises now.

nathancmiller
New Contributor

Used the @bpstuder instructions and it did fix this issue for me. I did notice that it wanted me to activate the Mac before I could continue with the restore. It hadn't done that the last few times i tried to restore it

brunerd
Contributor

Just got an M1 Air for testing and had 11.1 and DEP/ABM, sure enough got hit with this

I dropped down to Terminal (click on background, Command+Option+Control+T) and the user is created (as admin with Secure Token) and /var/db/.AppleSetupDone is set so I just powered off and back on and was able to log in, while not ideal and has caveats* it means a remote user that has one dropped shipped doesn't need to do anything special besides turn off and on after attempting account creation.

*Caveats mainly are that things that Setup Assistant does after account creation are not done: Siri, Hey Siri, TouchID, Screen Time, Location Services, etc...

Geissbuhler
Contributor

A more complete solution for this:

M1 Mac process for erasing: thanks to @bpstuder for the inspiration

  1. Shut down computer (You can just continue pressing the power button until the device powers off)
  2. (after waiting until the machine is indeed shut down) Hold the power button through startup chime then the "Continue holding for startup options..." When you see "Loading startup options..." you can now release the power button, it will coast on its own from there.
  3. Select Options (Gear icon)
  4. Hit the Continue button below
  5. Recovery (assistant) will load: (5a.) If this is your first time wiping the machine and/or no user has been created you will see Recovery in the menu bar and will need to do the following: (if the menubar item says Recovery Assistant skip to (5b.) below) I. Click on the Utilities Item in the menu bar II. Click the Terminal option in the drop down menu III. When Terminal loads type: resetpassword IV. Hit the return key V. Select the password utility window VI. (Now the menu bar item will have changed to Recovery Assistant) select Recovery Assistant VII. Select Erase Mac VIII. Select Erase Mac IX. Select Erase Mac one last time (Wait for Reboot) X. Select Language and Hit Arrow (bottom right) to continue XI. At the Activate Mac screen Select the wi-fi icon in the upper right and enter your wi-fi credentials (ignore if hardwired) XII. Once connected to a network successfully you will see the message "Your Mac is activated." XIII. Hit the Exit to Recovery Utilities Arrow XIV. Select Disk Utility and hit continue XV. Secondary Click (right click) on the "Untitled" APFS Volume under the Internal section, and select Rename XVI. Realize that "Yes, indeed you are not crazy!" Apple's own utility left you in the lurch for naming the drive back to "Macintosh HD" for no known reason. Now name this APFS Volume whatever you please with reckless abandon! But seriously, mac admin OCD dictates "Macintosh HD" (once renamed) hit the return key. XVII. Exit Disk Utility via the red button in the upper left corner or using the menubar item Disk Utility >> Quit Disk Utility. XVIII. Select Reinstall macOS Big Sur and hit continue XIX. Use the onscreen instructions to complete your regular scheduled programming of macOS installer.

    (5b.) If you have created a user and recovery assistant is asking to "Select a user you know the password for" you will see the menubar item Recovery Assistant and can do the following: I. Select Recovery Assistant from the Menu bar (no need to type in password if we are wiping this Mac anyways) II. Select Erase Mac III. Select Erase Mac IV. Select Erase Mac one last time (Wait for Reboot) V. Select Language and Hit Arrow (bottom right) to continue VI. At the Activate Mac screen Select the wi-fi icon in the upper right and enter your wi-fi credentials (ignore if hardwired) VII. Once connected to a network successfully you will see the message "Your Mac is activated." VIII. Hit the Exit to Recovery Utilities Arrow IX. Select Disk Utility and hit continue X. Secondary Click (right click) on the "Untitled" APFS Volume under the Internal section, and select Rename XI. Realize that "Yes, indeed you are not crazy!" Apple's own utility left you in the lurch for naming the drive back to "Macintosh HD" for no known reason. Now name this APFS Volume whatever you please with reckless abandon! But seriously, mac admin OCD dictates "Macintosh HD" (once renamed) hit the return key. XII. Exit Disk Utility via the red button in the upper left corner or using the menubar item Disk Utility >> Quit Disk Utility. XIII. Select Reinstall macOS Big Sur and hit continue XIX. Use the onscreen instructions to complete your regular scheduled programming of macOS installer.

Just in Case
(Possibly like me you got an Intel Mixed up for an M1 in the moment, and the Recovery screens looked the same to you and you accidentally chose the new Erase Mac Feature)

If you accidentally went through the above process on and Intel Mac after pressing "command + R", and are at the flashing folder, you can restore by:

  1. Pressing and holding the power button (wait for the device to shut down)
  2. Power the device on by pressing the power button
  3. Hold
    command option R
    to enter recovery of the latest macOS version (at time of this post Big Sur)
  4. Select Wi-Fi and enter credentials (skip if hardwired)
  5. Follow the on-screen instructions as per usual

qward
New Contributor II

Is anyone else still experiencing this issue? For all of our laptops it's a 50/50 chance after the Remote Management screen if it goes to the Account Creation screen or right to the login screen without prompting to setup a user.

My previous support case with Jamf they pointed towards this post with no actual resolution. It's not fun to have to guide new remote employees through erase and install process especially if they aren't familiar with Macs.

It's been months now and still no update, adding hours onto our onboarding of new employees

Geissbuhler
Contributor

@qward

  1. Are these M1 machines or are they Intel based Macs ( I have posted above in this thread very specific instructions on how to properly wipe an M1, if the method is the "older way" the issue you are describing seems to happen to us as well, as it seems if you do not Use Apple's "Erase Mac" feature, the encryption between the account setup window and the password on the user do not match, so basically whatever you type in seems to fail, if you even get that far in the process, we have experienced both being able to create the account without being able to login after and the account creation just straight up failing.)
    • Intel macs, "older way" you can just boot to recovery as normal and delete the Macintosh HD Data Volume, and Erase the Macintosh HD volume, and fire away with installing the OS.
  2. Is the intention to get to the account setup screen? I only ask because most orgs wish to skip this part (if you are using Jamf Connect and you sign your packages and issue them at prestage, you can have the users land directly on the Jamf Connect login screen, after they login from the Jamf connect screen this will create the account and bypass Apple's Account setup screen all together, by checking the skip account creation box in Prestage Enrollments >> Account Settings Screenshot Below)
    • You will need an Apple Developer account to get a signing certificate, once you get one you can setup Composer to use that certificate to sign packages created in Composer, By opening Composer, the going to Composer >> Preferences >> "check Sign With" and choose the Signing cert from Apple Dev account.
    • You will only need to sign Custom Desktop deployments like the Images and Icons you deploy for Jamf Connect Login along with any scripts you may be including, such as if you choose the - Jamf Connect Notify.sh option, it is also important to set this as priority 1 as it will need to be installed before JamfConnect.pkg and JamfConnectLaunchAgent.pkg in order to have the apps recognize your custom settings.
    • Jamf signs their apps already so JamfConnect.pkg does not need to be signed, nor does the JamfConnectLaunchAgent.pkg located in the Jamf Connect.dmg you download from the Jamf.com My Assets page, JamfConnectLaunchAgent is located in the resources folder.
    • In order to kick off the Jamf Connect Notify.sh you also have to issue a config profile at prestage that looks something like the code below. We set this up by creating a new Configuration profile >> Applications & Custom Settings >> Using com.jamf.connect.authchanger for the preference domain.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Arguments</key>
        <array>
                <string>-reset</string>
                <string>-JamfConnect</string>
                <string>-Notify</string>
        </array>
</dict>
</plist>

3. If you do not want to skip the account creation you do not have to do so, I say why not let Jamf Connect Login handle that part, it's a super smooth experience for the end user.

  • Just in case you are not using Jamf connect however the "Erase Mac" should still resolve your issue for M1 devices.

Hope this helps!
e2d2e9312f7341008f28cd14866dcca1

cashxx
New Contributor

Just an FYI....I'm having this issue on an Intel based MacBook Air where the Computer Account creation failed. Don't think it's just the M1 having this issue. I am stuck with Microsoft Intune as our MDM. I was restoring from the cloud and not having the issue and was tired of the hours of installing it took so I created a thumb drive with 11.3.1 I believe and started having the account creation issue after wiping the drive to nothing and installing the OS. I would reinstall the OS, go through enrollment, get to account creation and it would fail and jump back and ask to create another account. The first account is there and you can make a second account and it goes through. Can reboot and login with the first account and delete the second one then but that screws with some scripts and stuff from Intune not running on the first account for some reason. I re-did the thumb drive with 11.4 and still having the issue. Going to try going back to reinstalling from the cloud again and see what happens.

Cayde-6
Valued Contributor

Just to say I’ve been tracking this issue with Apple care for a year or so, it’s definitely not limited to M1 devices.

qward
New Contributor II

@Geissbuhler Thanks for the response

This is exclusively happening on the M1 laptops. We don't use Jamf Connect at all, our work flow is as follows and has been working until the M1's:

-Plug the laptop into ethernet/power
-Click through setup prompts, get to the remote management screen and continue
-Click next until it gets to the Account Setup page
-We enter in the employees full name, username and temporary password ourselves -Continue with the prompts until it's logged in as that user

What is happening about 80% of the time now with the M1's:
-Plug the laptop into ethernet/power
-Click through setup prompts, get to the remote management screen and continue
- It goes to the Data and Privacy screen, and then right to the login screen of the MacBook with a blank username and password field
-At this point we can login with the management account we push to the computer through one of our policies

I would like to also point out this is for brand new laptops right out of the box from Apple