Help

OSX Activation Lock issues

Go to solution
Sandy
Valued Contributor II

Posted on ‎07-01-2021 09:41 AM

Hi all,
T2 laptop, staff member left and Activation lock was enabled. Contact user and he removed the device from his Find My/iCLoud.
I am able to wipe and restore the device now, but it will not go back into DEP, either during setup or after setup with: sudo profiles renew -type enrollment.
I have tried both With Prevent Activation lock checked and unchecked in my prestage. So now this one is enrolled, not in DEP, not supervised. in Jamf, record shows Activation Lock Not Enabled.

Also, I have smart groups: 1 for Activation lock Enabled (thankfully only 8) and 1 for not enabled. When I send either option to either group, I get Command Failed to Send

I am Jamf ProCloud 10.29.2

0 Kudos
Reply
3 ACCEPTED SOLUTIONS

Go to solution
mkunesh
New Contributor III

Posted on ‎07-01-2021 01:30 PM

You could also try logging in with your iCloud account, enable Find My, then log back out disable Find My. Restore the OS & re-enroll to confirm it is no longer activation locked to the former employee. I've had this issue before and while it was removed on the user's end, the machine would still show activation locked until I signed in with my own iCloud account and then disabled it at the machine-level.

View solution in original post

Reply

Go to solution
Sandy
Valued Contributor II

Posted on ‎05-25-2022 08:08 AM

Haha Me again!

Learned. new thing yesterday.

Activation Locked Monterey, T2.

User could not delete the device in iCloud.

Shut down computer for the weekend, and he was finally was able to remove device from his account.

Immediately booted to Internet Recovery, Partitioned Volume Group, reinstalled Monterey, got a message along the way that the device was NOT activation locked.

Booted, went through DEP, then could not activate Find My without putting in his Apple ID password.

1-800-800-2775 Activation Lock Issues:

Call 1 Had me repeat everything I had already done, same result.

Call 2 Had me remove device from my MDM Server temporarily,  Internet Recovery Disk Utility erase HD Install OS Same result

Call 3 Had me boot to internet recovery and use the "Erase Mac" because: it wipes more  thoroughly than Erasing volume group, or partitioning the drive. And I guess so because all is purged and device is good to go on.

 

 

View solution in original post

0 Kudos
Reply

Go to solution
Sandy
Valued Contributor II

Posted on ‎07-13-2022 11:25 AM

Not to keep hammering on this, but today I was also able to use "Erase Mac' and was prompted to use my "MDM Activation Lock Recovery Code" and it worked!

Woot Woot!

Hopefully this will help someone else :)

View solution in original post

0 Kudos
Reply
11 REPLIES 11

Go to solution
junjishimazaki
Valued Contributor

Posted on ‎07-01-2021 10:57 AM

Did you have that person go here https://appleid.apple.com/ to remove the device?

0 Kudos
Reply

Go to solution
Sandy
Valued Contributor II

Posted on ‎07-01-2021 11:11 AM

Well, of course I can only say that he said he did , and he was a tech savvy guy, so no reason to think otherwise... but I did not see with my own eyes :)

0 Kudos
Reply

Go to solution
jhalvorson
Valued Contributor

Posted on ‎07-01-2021 12:37 PM

@Sandy If you have access to gsx2.apple.com, you can check to see the status of Find my Device.

You could try the following command to see what it thinks is the assigned MDM:

sudo profiles show -type enrollment

That can help validate it's assigned in ASM/ABM.

0 Kudos
Reply

Go to solution
Sandy
Valued Contributor II
In response to jhalvorson

Posted on ‎07-27-2021 12:57 PM

Thanks! I had tried this and it just does nothing at all. I have used this before when devices skip DEP at activation with no issues

 

0 Kudos
Reply

Go to solution
mkunesh
New Contributor III

Posted on ‎07-01-2021 01:30 PM

You could also try logging in with your iCloud account, enable Find My, then log back out disable Find My. Restore the OS & re-enroll to confirm it is no longer activation locked to the former employee. I've had this issue before and while it was removed on the user's end, the machine would still show activation locked until I signed in with my own iCloud account and then disabled it at the machine-level.

Reply

Go to solution
Sandy
Valued Contributor II
In response to mkunesh

Posted on ‎07-27-2021 01:01 PM

Oh, good idea! The computer is out of my hands currently, being used to sync iPads but I will give this a try when it comes back to me!

0 Kudos
Reply

Go to solution
Sandy
Valued Contributor II
In response to mkunesh

Posted on ‎08-27-2021 07:48 AM

Hey, I finally got this laptop back in my possession and your solution worked!

"You could also try logging in with your iCloud account, enable Find My, then log back out disable Find My"

After I did this I was able to run: sudo profiles renew -type enrollment

and record shows DEP enrollment

Thank you!!

0 Kudos
Reply

Go to solution
Sandy
Valued Contributor II

Posted on ‎10-28-2021 07:19 AM

Hi! 

A different T2 laptop that went for display repair and came back. OSX 10.15.7 Activation Locked so unable to remove the previous user's profile. Contacted user and she logged into iCloud and did not see this computer. When trying to erase and reinstall from internet recovery, it prompts for their icloud password.  I am now installing OS 15 on a second partition to see if I can sort it out using above trick.... Not sure how the Activation Lock Recovery Key can be used from jamf, manual says to enter it during setup.... 

Another weird thing is that when I boot to Internet Recovery using Command-Option-R (if I want to install Monterey) it boots to IR but then turns off wifi....

0 Kudos
Reply

Go to solution
Sandy
Valued Contributor II
In response to Sandy

Posted on ‎10-28-2021 10:04 AM

to add to my post....

After creating a new partition on the HD in Recovery  (because I could not erase the volume due to Act. Lock) and installing Catalina, I was in fact able to deactivate the act. lock by locking and unlocking using my own Apple ID. Back to Recovery again, wiped volume, reinstalled Catalina and now all is well....

Also, my screens are SO DARK when booting to Internet Recovery: Command-Option-R , that I did not notice the Wifi icon all the way to the right, finally saw it "looking" despite actually being booted to INTERNET recovery, and was able to enter SSID and PW again...

0 Kudos
Reply

Go to solution
Sandy
Valued Contributor II

Posted on ‎05-25-2022 08:08 AM

Haha Me again!

Learned. new thing yesterday.

Activation Locked Monterey, T2.

User could not delete the device in iCloud.

Shut down computer for the weekend, and he was finally was able to remove device from his account.

Immediately booted to Internet Recovery, Partitioned Volume Group, reinstalled Monterey, got a message along the way that the device was NOT activation locked.

Booted, went through DEP, then could not activate Find My without putting in his Apple ID password.

1-800-800-2775 Activation Lock Issues:

Call 1 Had me repeat everything I had already done, same result.

Call 2 Had me remove device from my MDM Server temporarily,  Internet Recovery Disk Utility erase HD Install OS Same result

Call 3 Had me boot to internet recovery and use the "Erase Mac" because: it wipes more  thoroughly than Erasing volume group, or partitioning the drive. And I guess so because all is purged and device is good to go on.

 

 

0 Kudos
Reply

Go to solution
Sandy
Valued Contributor II

Posted on ‎07-13-2022 11:25 AM

Not to keep hammering on this, but today I was also able to use "Erase Mac' and was prompted to use my "MDM Activation Lock Recovery Code" and it worked!

Woot Woot!

Hopefully this will help someone else :)

0 Kudos
Reply