Monterey: Mac Restarts After Pre-Stage Enrollment

KMak84
Contributor

For some odd reason on M1's & Intel Macs especially on Monterey, when the machine is going through Pre-stage enrollment the machine just shiuts down

When enrollment reaches "Applying Settings" it either shuts down or reboots. Both on Intel and M1.

I have ticked & unticked all Config Profiles in Prestage but still the behaviour remains.
Has anyone else had this issue? If so how did you resolve it?

8 REPLIES 8

patelsanjay
New Contributor III

Can't say I've seen this exact issue before, but you might want to double check the Policy Logs on the affected computers.  First thing that comes to mind is that a policy running on Enrollment Complete might be triggering a restart either in the policy definition or in a script.  It can be difficult to predict when the enrollment complete trigger will actually begin.

PaulHazelden
Valued Contributor

Seen an issue just about as you describe.
When it happens has the Mac set up any admin accounts from the prestage?
If you look in Jamf for the Mac is it called DEP-<SerialNumber>?
With mine in general they had set up only the one account, the one Jamf uses, because it is set up in the prestage. I did have a case open for a different issue, but when I asked the tech about this they suggested trying...
Log in as this account. You have to know the password for that, so if yours is set to randomised then it will be difficult.
Then open Terminal and put in
sudo profiles renew -type enrollment
It will want the password again.

Then I found there is a popup in the GUI, Click on it and it opens System preferences for you and then yes you want to renew the enrollment.

Wait a bit and it should resume your normal setup.
Has to be done locally, not in a remote session.

My only other fix was to erase and start again.

They asked me to test a whole load of things, which in general appeared to extedn the total time to set up the Mac. And for me erasing and starting again was quicker. Typing in that profiles renew was even quicker again.

 

It appears to be after the prestage runs, the Mac gathers basic info - serial number etc. And then it is supposed to continue and do a recon to get the Mac name and more details. But for some reason it will shut down.

At one time my rate was 50%. I would set off a number of Macs to erase and reinstall and about 50% would work as expected, the rest shut down.

 

KMak84
Contributor

Yes at Pre Stage we have set create local admin account & skip account creation raio button also selected.

I do get the DEP+Serial appear

I mean I did do the whole sudo profiles renew -type enrollment once booted it up the machine, logged in etc etc

In my PreStage I dont have any apps pushed only Post that once Ive logged in

At this stage we dont have Jamf Connect but plan at some stage next year for it,
Im the same as you 50/50 when it comes Erase and reinstall

PaulHazelden
Valued Contributor

They had me try loads of things. My PreStage sounds about the same as yours. I spent a good two weeks erasing a test Mac in the hopes of it failing, so that I could capture the Logs for them. Then changing the settings and repeat the process.

As it was our busiest time of the year I kind of gave up. Everything they were suggesting was simply extending the time to complete the install process, and the profiles renew command pretty much fixed all of them straight away. They are easy to find, set a lab off and come back about an hour later and they will be the ones that are shut down.

From what I recall of it, they said the shutdown came from the server, but they never found why.

It makes no difference if you delete the computer record or not, I normally do delete it once I set the Mac to install the new OSX.

It is amazing how many hours and days you can waste erasing Macs in the hopes of getting one to fail, just to capture the logs and change a setting then do it all over again.

This is what they told me is supposed to happen...

"If a mac is reported with only DEP-SERIALNUMBER it's because only the base informations have been forwarded to the MDM server upon the authentication during Automated device enrollment.
Even when a ADE goes well, the first info of the mac are given to the MDM server under this form. THEN, either DeviceInformation command is triggered gathering partial informations or a recon happens and all the informations eligible to be captured by the Jamf MDM framework are captured."

wakco
Contributor III

In a PreStage Enrolment, the setting "Automatically advance through Setup Assistant" is not compatible with the setting below it, leave them turned off, otherwise the advancing process will trigger a shutdown or restart when it expects a missing window to appear.

I can confirm that this sorted the problem in our environment.

I rarely have a need to edit our prestage but I did the other day to exclude a machine, upon saving it we started having this issue where straight after the cog screen we got a hard shut down.

I followed this advice and left the 'Automatically advance through Setup Assistant (macOS 11 or later only)' ticked but unticked everything under 'Setup Assistant Options' and it seems OK now.

I'm sure these were both ticked before but me editing and saving the prestage must have written the settings back out into a format that was causing issues.

If I understand correctly those old boxes are only for 10.15 and below anyway so from Big Sur onwards just the single tick is needed for fully automated enrolment.

Ian

PaulHazelden
Valued Contributor

For me I do not have the Automatically advance checked. I left a couple of the boxes unchecked so they would display. There was a period a couple of years ago where if you made it skip them all it also skipped the Remote Setup one too. So I find peace of mind to hit a couple of skips and a not now button to get to the Remote Setup one.

KMak84
Contributor

I did a bit of digging on my environment, turned out the local account and the management account both had the same username and password
I changed the management account and re-did the pre-stage enrollment on a number occasions, now my issue appears to be resolved