Help

laptop shuts down during enrollment

bfrench
Contributor III

Posted on ‎07-08-2023 06:51 AM

We are experiencing an issue where a laptop going through enrollment shuts down during enrollment leaving the device not fully enrolled and the admin account in a corrupt state.  At first we thought it was just M2 laptops but as we start resets with older devices the same thing is happening.  We are wiping the laptops using Configurator and have created a fresh Prestage but it still happens.  Usually restoring a 2nd time with Configurator allows enrollment to complete but now I'm seeing a few devices consistently fail in this way.  Have an open ticket.

0 Kudos
Reply
13 REPLIES 13

Bol
Valued Contributor

Posted on ‎07-08-2023 07:47 AM

Without knowing what's going on from pre-stage to enrolment complete trigger, it's a little hard to comment. I remember being in a somewhat similar situation and the advice I would give is (I can't remember who said this); You want to complete enrolment as quick as possible, get in and get out. Then finish off your configs / policies.

Perhaps try and get back to basics, less installs until first startup (reboot and check-in) and bare minimum commands needed to config machines. 

When enrolment is completed, hit it with all your policies then.

Good luck!

Reply

bfrench
Contributor III

Posted on ‎07-08-2023 07:57 AM

Unfortunately our Prestage is bare bones.  Nothing added.  It seems to be an issue of something with the secure token.

0 Kudos
Reply

Bol
Valued Contributor

Posted on ‎07-08-2023 08:02 AM

And nothing triggered by enrolment complete, network trigger that could run at this point. 
Im not sure how secure token could cause a panic to shut down the machine, are you scripting a user password change and key escrow?

0 Kudos
Reply

bfrench
Contributor III

Posted on ‎07-08-2023 11:19 AM

I do have a remote management script running on enrollment complete - will disable that  and try try try again.
 
0 Kudos
Reply

bfrench
Contributor III

Posted on ‎07-08-2023 11:20 AM

Nope still shutting down.  Hopefully my jamf buddies can find a clue in the log files. It's always frustrating when something that has worked suddenly stops.

0 Kudos
Reply

Bol
Valued Contributor

Posted on ‎07-09-2023 04:38 AM

Head to the Jamf known issues and search for 'prestage', there's a couple I would look into.

Also, image a machine then after this occurs, boot back up and check logs using;

log show --predicate 'eventMessage contains "Previous shutdown cause"' --last 1h

I have to assume there was nothing glaring in the Jamf logs leading up to this event after enrolment?

/var/log/jamf.log

If still nothing, I would be wading through the last few minutes since the shutdown time;

log show --last 5m

 

0 Kudos
Reply

bfrench
Contributor III

Posted on ‎07-09-2023 08:08 AM

Thanks for the hints.  It is definitely something with the prestage.  I reset out of a prestage and was able to do a user initiated enrollment without issue.

0 Kudos
Reply

bfrench
Contributor III

Posted on ‎07-09-2023 08:43 AM

I think it may be related to PI111014. 

If the management account configured for user-initiated enrollment is the same as the additional administrator account created in a PreStage enrollment, devices fail to become managed during Automated Device Enrollment.

When I changed the "Create a local administrator account before the Setup Assistant" to be different from the management account, enrollment worked.  In the past these 2 accounts had always been (and I think were required to be) the same.

0 Kudos
Reply

Bol
Valued Contributor
In response to bfrench

Posted on ‎07-09-2023 08:58 AM

Ha that’s great, it was the one I was going to post and had a similar issue. I wasn’t sure how we go posting them in the threads.

Glad it worked out!

0 Kudos
Reply

bfrench
Contributor III

Posted on ‎07-09-2023 09:07 AM

Well - it worked on the laptop I brought home to test with ... will see how it works when I test a few more tomorrow...

0 Kudos
Reply

Bol
Valued Contributor

Posted on ‎07-09-2023 09:10 AM

When I saw it occurring it would error out the setup assistant and cause a restart, permissions were totalled as a result. Wasn’t nice, good luck. 

0 Kudos
Reply

bfrench
Contributor III

Posted on ‎07-11-2023 08:54 AM

Jamf has confirmed that having the management account and managed administrator be the same can sometimes be an issue after an OS change or equipment change even though it worked in the past.  So far testing with this change in place is working as exepcted.

0 Kudos
Reply

kwsenger
Contributor

Posted on ‎07-17-2023 09:05 AM

PI111014 - This was an issue for our environment as well this week.  Moving to the cloud this summer and after updating to 10.46 >10.48 from 10.40 we ran into this issue (wanted to hand onto Jamf Remote).  Changing the management account name and using the random password worked for us.  We had the same management account name and hidden admin user since JSS 9.14 and has never been an issue. This change solved our issue of MacBook Air M1 units shutting down in the middle of a prestage enrollment.

0 Kudos
Reply