Jamf Nation Community

v3 · ‎10-02-2023

Hi Peeps,

I'm having an issue with this login window, and I can't find any solution for this particular issue.

AitchySan · ‎10-06-2023

Jag - Think i have resolved this... after hours of pouring over jamf connect scripts, logon issues, mobile account creations etc, i discovered that the particular ADE build i was using had a newer version of swift dialogue. after i downgraded dialogue the errors went away and the logins returned to normal. kind of makes sense in hindsight given the error is an unhelpful dialogue box. the key was in the word dialogue... hope this helps.

View solution in original post

AitchySan · ‎10-03-2023

Jagveer - Im having the exact same issue on my lab builds. im on ventura, jamf connect has been tested from 2.23 up to 2.27. same results. seems inconsistent. its almost like a local account creation issue. it could also be the jamf connect plist possibly? what is the process you are going through to see this error? we are signing on with SSO/MFA, there is no filevault as its a multi user machine - the login asks for verification of the password, then we get this unhelpful message, it then bombs back to login screen. it does actually work perfectly on a restored machine - it logs in fine. as soon as you log out though it does this and then i have to restore!

v3 · ‎10-03-2023

Hi @AitchySan,

Let me give an insight about what I'm going through,

I have a new machine that needs to enrol in jamf pro, but after the enrolment I've got the Yellow Exclamation mark and says "We are creating your account". When I click on the "OK", and the screen goes off, and restart.

Should I remove the Local Account creation in the PreStage Enrollment? I will try to do it without using any policy and see what's going on. I will keep you posted.

iOS version : Ventura

Jamf Connect : 2.24.0

Maybe it could be an issue with the latest Ventura and I'm also having a flickering screen. I wonder if it is normal.

AitchySan · ‎10-03-2023

Jag - this is very similar to us. what version of ventura are you on? my machines are 13.5.2 - my other test machines didnt do this though and its possible they were 13.5.0. im potentially going to test this. i contemplated removing local account creation. are you using jamf connect? if so we could compare jamf connect plists? im also trying to find a log that might give an insight into account creation... cheers

v3 · ‎10-03-2023

Aitchy, I have downgraded mine to Catalina, and see what's going on. I will keep you posted.

Later on tonight.

AitchySan · ‎10-06-2023

Jag - Think i have resolved this... after hours of pouring over jamf connect scripts, logon issues, mobile account creations etc, i discovered that the particular ADE build i was using had a newer version of swift dialogue. after i downgraded dialogue the errors went away and the logins returned to normal. kind of makes sense in hindsight given the error is an unhelpful dialogue box. the key was in the word dialogue... hope this helps.

v3 · ‎10-06-2023

Thanks for keeping me posted @AitchySan , and mine was different issue.

There was a missing group from my AAD's account and now the issue has been resolved.

linknandez · ‎10-06-2023

Hey AitchySan,

What do you mean by ADE Build?

linknandez · ‎10-06-2023

We just resolved this issue. This was due to the EntraID as OIDC Provider in Jamf connect requirement for version 2.27. However, this affected our Macs on Jamf Connect 2.22. So, my takeaway is to immediately update everyone to Jamf Connect 2.27 and deploy the modified config profile with the "EntraID" as the OIDC Provider as opposed to "AzureAD".

AitchySan · ‎10-09-2023

link - would you be able to provide a copy paste of this config (obviously minus the unique id's etc) please?

linknandez · ‎10-09-2023

Below is my com.jamf.connect.login, configuration profile.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AllowNetworkSelection</key>
<true/>
<key>BackgroundImage</key>
<string>pathto.jpg</string>
<key>ChangePasswordURL</key>
<string>https://account.activedirectory.windowsazure.com/ChangePassword.aspx</string>
<key>CreateJamfConnectPassword</key>
<true/>
<key>CreateNewUserHide</key>
<true/>
<key>DemobilizeUsers</key>
<true/>
<key>DenyLocal</key>
<true/>
<key>DenyLocalExcluded</key>
<array>
<string>admin1</string>
<string>admin2</string>
</array>
<key>EULAText</key>
<string>This computer system and all data and information associated therewith, are the property of the Company and for authorized use only.</string>
<key>EULATitle</key>
<string>Welcome to Company</string>
<key>EnableFDE</key>
<false/>
<key>LocalFallback</key>
<true/>
<key>LocalHelpFile</key>
<string>/usr/local/jamfconnect/help.pdf</string>
<key>Migrate</key>
<true/>
<key>MigrateUsersHide</key>
<array>
<string>admin1</string>
<string>admin2</string>
</array>
<key>OIDCAdmin</key>
<array>
<string>Administrator</string>
</array>
<key>OIDCAdminAttribute</key>
<string>roles</string>
<key>OIDCClientID</key>
<string>*clientid*</string>
<key>OIDCNewPassword</key>
<false/>
<key>OIDCProvider</key>
<string>EntraID</string>
<key>OIDCROPGID</key>
<string>*ROPGID*</string>
<key>OIDCRedirectURI</key>
<string>https://127.0.0.1/jamfconnect</string>
<key>OIDCTenant</key>
<string>*Tenant*</string>
<key>OIDCUsePassthroughAuth</key>
<true/>
<key>ROPGProvider</key>
<string>Azure_v2</string>
<key>ROPGRedirectURI</key>
<string>https://127.0.0.1/jamfconnect</string>
<key>ROPGTenant</key>
<string>*Tenant*</string>
</dict>
</plist>

AitchySan · ‎10-09-2023

Link - Sorry, Automated device enrolment. the prestige enrolment basically a Mac coming from a factory state going into enrolment out of the box. what I found was my manual enrolments were working fine, but my automated enrolments were not. as mentioned above I noticed each of these 2 deployments had different versions of swift dialogue. after I switched to the older version of swift dialogue the problem went away...

AitchySan · ‎10-10-2023

Folks,

this would appear to not be resolved. im still getting this despite consistent good logins. i have tried changing the jamf connect script references from azure to entraid, still the same. i have tried varying versions of swift - still the same. i just did a new build there and it breaks on first logon. the only consistency is that as soon as it gets to "creating your account on this mac" it gives the error msg of "OK" with the exclamation, and then. black screens. its so inconsistent its unreal!!

v3 · ‎10-10-2023

Please check the required user if he/she is the correct group in AZURE, for mine was resolved, by adding the user to the correct group in Microsoft-Azure Portal.

AitchySan · ‎10-10-2023

V3 - I don't think that's our issue as the account that's getting rejected is my own, and I can log into any other Mac on our estate, so surely If it was an azure membership issue that wouldn't be the case? its odd!

v3 · ‎10-10-2023

so how many devices are being affected? Maybe this device that you are currently enrolled is not listed in the correct group in AZURE. Please triple check it on your side, since I do get the same issue, and in the end the matter has been resolved by adding into the correct group.

AitchySan · ‎10-03-2023

Im starting to wonder if this is a network issue... our wifi connections are notoriously bad for dropouts, and my test mac is now working ok. so it worked fine on first login, then it broke after the next logon, then after another restart and reconnection it seemed to work again. it seems very odd. when it actually logs in ok, everything looks fine.

linknandez · ‎10-06-2023

We just experienced this today on three macs simultaneously! Upgraded Jamf Connect from 2.22 to 2.27 as well. No issues making new accounts. Issues persists. So currently resorted to deleting and rebuilding the account.

v3 · ‎10-06-2023

Are you connected between Azure to Jamf PRO?

linknandez · ‎10-06-2023

In what way exactly? Users don't authenticate into Jamf pro, just the Azure OIDC app via Jamf connect. The devices also register with JamfAAD.

v3 · ‎10-06-2023

Please do check if there users are in the current group assigned in AAD, then re-enroll the user's into jamf Pro by the normal process.

It should be working fine.

linknandez · ‎10-06-2023

Affected users are in the AAD group used to authenticate into Jamf Connect OIDC app, as well as the group used for the compliance partnership in intune.
UPDATE: deleted user profiles doesn't help. Wiping the Macs seems to be the only resolution.

v3 · ‎10-06-2023

And also make sure the iOS versions are not on Sonoma, it can be the concerned as well. Please keep us posted.

linknandez · ‎10-06-2023

Yep this is happening on Ventura so far. Wiping the Macs didn't help the issue. On with Jamf support chat now.

v3 · ‎10-06-2023

Please do check all the AAD Permission group assigned, this might be a conflict to your AAD. Or it could be a different case.

Relying on Apple live chat it be lasted for ages.

AitchySan · ‎10-10-2023

Link, can you let me know what jamf support say? im running out of ideas! thanks

linknandez · ‎10-10-2023

They just helped me find the issue in my configuration profile. So, making sure to be on Jamf Connect 2.27 with the right config profile fixed this issue for us. We also found upon using Login Window settings in a configuration profile would break JAMF Connect but I'm not totally sure if that's related. I would reach out to Jamf Support chat if you could.

AitchySan · ‎10-10-2023

i was literally just thinking about login profs possibly messing with jconnect. i noticed now that Azure logins are 100% broken after 10 minutes of the mac coming back from enrollment. i have now noticed that if you select local login you can then get logged in via the mobile account that gets created. it has to be as you say either jamf connect prof or something else. ill open a ticket with them and see. i feel like its close! thanks!

Jamf Nation Community

Login issue with a yellow exclamation mark !