DEP Prestage Enrollment local user account creation failed

danshaw
Contributor II

I'm trying to set up a DEP workflow for us, but having consistent issues with trying to create a local account. I've tried using authentication and an LDAP user and then also creating a random user.

This test machine is on 10.13.5 and I am running JAMF Pro 10.5.

Anyone have any ideas?41fff9b3104a4339a9ba6e096e41009c

22 REPLIES 22

Chris_B
New Contributor III

Hi Mate,

You can try creating a Local User Account in the PreStage instead?

danshaw
Contributor II

Hey @Chris_B - I am actually creating the account in the prestage. At least that is what I have chosen. Here is the odd thing, creating instead an administrator account works fine with this method. 100% It just can't create a standard account. I have seen this odd behavior in the past with some other things in our environment. For example, after we image and bind (no DEP) a Mac, then log in with a user account, the user profile that is created is an admin account. I wonder if these issues might be linked.

I have still yet to figure out why accounts are created by default as administrators and not standard accounts for us.

494dd659e0f64ebcb9f89d6a88d21a54

umllr
New Contributor

Hey,

do you find a solution for this “issue”. We’re still have no idea how to troubleshoot this issue.

Hope you can help us.

Kind regards
Uwe

umllr
New Contributor

Do you have an update to this issue?

umllr
New Contributor

Hey,

we have the same issue. Is there a workaround or anything that we can create an additional local user?

Kind regards, Uwe

sheltond3
Contributor

I am also running into this issue in our enterprise, has anyone found a resolution for this? It doesn't happen everytime, and there doesn't seem to be a pattern or correlation as to when it does happen, but it's only started happening since we've began to do Jamf enrollments with a prestage enrollment.

Abou_Juwayriah
New Contributor

Same here, we think that when this happens something else is in the background is pushes thing to start like App Store updates or depnotify.app who wants to start asap.. weird.
we are in the proces to make something to not start any thing till the assistantd proces is gone..
when you look in JSS you will see the macbook record filled and in the history tab you see the pending and failed commands.. maybe there is something you can find

a_holley
Contributor

@sheltond3 we are seeing this as well. The guys tell me it seems to happen with 10.14.1 and above. They reckon that if they install 10.14 and then update to 10.14.6, it's fine.

We've been using prestage enrolments for about 2 years now, but have only seen this issue in the last few months.

monogrant
Contributor

Still an issue on 10.15.4 and Jamf Cloud 10.20.1

Anyone find a fix? This isn't the only thread.

RJH
Contributor

Also seeing this, but also creating an admin account, not standard, and setting this in the pre-stage. MacOS 10.14.6/JAMF on prem 10.13.1
Dont think its JAMF version related. As others have stated, appears to be a conflict with other processes running. It is inconsistent, which may be skewing others observations as to "only happens with standard accounts". Seeing it 1 in 5 DEP enrolls, although that number purely random. Any updates/solutions ?

giles_howland
New Contributor II

I have seen this frequently lately. I agree its inconsistent but for me has happened during DEP process and fails on creating an admin account. Sometimes works smoother when you leave it for around 30 seconds to a Minute before entering details in the create account screen. Once it fails if you keep retrying get some very bizarre results at times the machine has actually created an account despite the error presented so when you "try again" it says you cannot use those details as they are already used and when you create with different details you can end up with 2 accounts on the device. Mostly have ended up wiping/ internet recovery and going through the process again. i have noticed more on Catalina and I am on the latest Jamf Cloud Prod release.

JackLaRocca
New Contributor III

We are also observing this and have Apple Care and JAMF engaged through support. Any traction on support cases guys?

JackLaRocca
New Contributor III

@danshaw How do you enable encryption? The latest update in our support case was we observed encryption(via policy) interfering with components of apple setup account creation and the suggestion was to move encryption enablement further along in the process. As of now we're seeing some better results but its early to say...

jlobsien
New Contributor

Randomly having this issue with MacOS 10.15.2 and JamfPro 10.21.0-t1586871296

User enters their credentials and gets "Computer Account Creation Failed". Weird thing is, it actually does create the account. If the user tries again, their username will be incremented like "username1", and if it fails again, and they try a third time, it creates "username2". Checking in Jamf after the fact I see that all 3 users, "username", "username1", and "username3" exist on the system.

Really annoying problem.

JackLaRocca
New Contributor III

@jlobsien @danshaw @giles.howland @RJH @monogrant @a.holley @Abou_Juwayriah @sheltond3 @umllr

Hey All. Update from our Apple Care and JAMF support cases. In our case the root cause for this issue was that we had login/logout hooks enabled and in use for a policy executing immediately after enrollment of DEP machines. After disabling the hooks via "Settings > Computer Management (framework) > Check In > Uncheck Login/Logout hook" and removing the login logout triggers from policies, our account creation(via apple setup) problem went away. I recommend you try this in your environment. Guidance is that the login/logout hooks are deprecated tech and not recommended to be used by apple or JAMF. They ultimately cause the jamf agent to hang and make the apple setup account creation pane time out.

https://www.jamf.com/jamf-nation/discussions/27703/login-logout-hooks-deprecated-technology

RJH
Contributor

@JackLaRocca thanks Jack - great news for your environment. Unfortunately this doesn't apply for our environment, as i had already turned off login/logout hooks a few year back when I heard it was being deprecated, yet we still see the random issue with the local account creation during DEP enrollments.

jeremyb
New Contributor III

We also have this issue. Disabling the login/logout hooks didn't improve anything unfortunately.

sdunbar
Contributor

If I want to skip the local user account creation and use Azure SSO and get the local account automatically created on the mac, do I need Jamf Connect for this? Thanks

ThijsX
Valued Contributor
Valued Contributor

@sdunbar You can configure an Enrollment customization within Jamf Pro and configure Azure AD SSO into that, assign that Enrollment Customization to your Prestage Enrollment, you then can have the Azure AD information pre-filled in into the User creation. You have the option to "lock" those fields so the end-user can't modify them.

But with Jamf Connect you have a lot more options and customised options

sdunbar
Contributor

@txhaflaire Thanks for that, do you know if I can use the Devices owner's details, will that use the SSO details, or do I need to use attribute mappings, via the custom option

ThijsX
Valued Contributor
Valued Contributor

@sdunbar According to the docs check docs.jamf.com

02f92a6e6a694ae3b72970542e0633ef

walt
Contributor III

I have seen this issue occur on one particular Mac recently every time i try to erase and install. other Macs seem to go through fine without issue.

the other issue i see is sometimes Macs are skipping the remote management screen without any reason. ive read you have to go back to the "Language Chooser" screen, but i've never seen that as option in our Macs. How does one get that screen to show?