Monterey: Mac Restarts after enrolment and has invalid device signature

FutureFacinLuke
Contributor II

My Big Sur workflow was great.

Erase and Reinstall the OS either using Recovery or StartOSInstall, leave it to do it's thing, restart at the end of the build script and users can log in.

I tried the same process on Monterey and every time it restarts after installing its config profiles.

I had to do:

 

 

sudo profiles renew -type enrollment
sudo jamf policy

 

 

for the EnrolmentComplete triggered policy to kick in.

Has anyone got a fix for this?

1 ACCEPTED SOLUTION

alexjdale
Valued Contributor III

One of our teams is seeing this in a different enrollment scenario.  When they enroll a new Mini using automated setup, as soon as enrollment completes and Apple Setup shows "Applying Settings" it shuts down.  This interrupts the agent install.  I haven't seen it in our environment (different server entirely) so I wonder if it's a config profile thing.  It works as expected on earlier OS versions and only behaves this way on Monterey.

 

Edit: I just took a look and they are applying Energy Saver settings to wake on network and also restart after power failure, and those sound perfect for an OS bug.  What payloads are you installing when this happens?

View solution in original post

10 REPLIES 10

alexjdale
Valued Contributor III

One of our teams is seeing this in a different enrollment scenario.  When they enroll a new Mini using automated setup, as soon as enrollment completes and Apple Setup shows "Applying Settings" it shuts down.  This interrupts the agent install.  I haven't seen it in our environment (different server entirely) so I wonder if it's a config profile thing.  It works as expected on earlier OS versions and only behaves this way on Monterey.

 

Edit: I just took a look and they are applying Energy Saver settings to wake on network and also restart after power failure, and those sound perfect for an OS bug.  What payloads are you installing when this happens?

Unchecking all config profiles in the PreStage worked.

Thanks for the tip!

This worked for us as well, very frustrating as we are going to be enroling over 500 new M1's running Monterey.

jtaylor969
New Contributor

Any other ideas on this one? I have attempted to uncheck all config profiles and run into the same issue. When enrollment reaches "Applying Settings" it either shuts down or reboots. Both on intel and m1.

sist
New Contributor II

Same issue for me, any ideas? 

Hi,

As above I solved this by disabling all Config Profiles from the PreStage groups (I use them for provisioning different Labs, Group Criteria = PreStage XXX so I had a lot to go through and clean up).

The commands I posted in the OP worked on Macs where I was able to log in with the Management Account to get the Enrolment Complete policy to kick in and run through the build script.

wakco
Contributor II

I found I could setup a smart group that identified if an extension attribute was empty, that I could add that smart group as an exclusion to all my config. profiles, was enough to resolve the issue. Essentially any attribute that requires the Jamf agent to perform a recon to fill is enough, i.e. push notification inventory update can not be enough. I'm sure there are some standard Jamf Pro computer attributes that would work, I just happened to have a simple extension attribute that meets the requirements (boot drive free space in Gigs instead go Megs).

wakco
Contributor II

In a PreStage Enrolment, the setting "Automatically advance through Setup Assistant" is not compatible with the "Setup Assistant Options" below it, leave them turned off, otherwise the advancing process will trigger a shutdown or restart when it expects a missing window to appear. i.e.

Screenshot 2022-11-22 at 10.25.24.png

I also had a shutdown on a MacBook M2. At first it did a complete shutdown.

I followed your instructions, so I left all the options below "Setup Assistant Options" unchecked. Now it doesn't shutdown, but it does a restart. So this seems not to be the only reason for this unexpected restart/shutdown.

To supplement my previous post: When also unchecking all of the configuration profiles, the machines finishes the DEP enrollment. Only an Office 365 package which is added to 'enrollment packages' is not installed after DEP enrollment. You would expect this one to be installed during the DEP enrollment.