Problems Thin Imaging Lion

stevewood
Honored Contributor II
Honored Contributor II

Okay, I've been beating my head on the table all morning with this, and
figure it's time to turn to the community for help.

I'm trying to thin image two MBAs that I received last week. I have created
a new config in Casper Admin named "10.7 Base Apps". In this config I have
thrown all of my base applications and scripts, including a post image
script that sets some of the finer settings like time zone, etc. During the
initial creation of the configuration in Casper Admin, I clicked on
"Management" and set "Ensure computers imaged" and gave it a user name and
password, and checked "Create this account".

I've booted the MBA from either a NetBoot (created on the MBA, and yes the
NetBoot works) or from an external USB drive. Getting the machine to boot
and run Casper Imaging is not the problem. Casper Imaging goes through and
lays down the applications and reboots the machine. The problem comes in after the reboot and the machine is at the login window.

For some reason I cannot get past the login window entering the user's name
and password. The user appears on the loginwindow, but when I put in the
password the screen clears and then comes right back. If I enter ">console"
and slip to the console, I can login with that user's credentials. I can
even sudo up and list the users on the machine (dscl . list /Users) and see
that user. I just cannot get past the login window.

So, where to start? Any ideas? I haven't seen anything on the list about
this, so that's why I'm reaching out.

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

9 REPLIES 9

stevewood
Honored Contributor II
Honored Contributor II

The machine I was using was not even bound to any directory, it was just
On Thu, Oct 20, 2011 at 12:18 PM, Tubbiola Tom <ttubbiola at oakley.com> wrote:
local users.

I think I may have solved it, or at least found something interesting out. I removed all of the install packages from the config and left only a
post-image script that tweaks settings and creates a second admin user. When I used that config the machine started up and allowed me to login with
no problems. Strange.

So, I've moved all of my installs into a policy and I'm triggering that on
restart. I'll go with this method for now.

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

tomt
Valued Contributor

I'm seeing similar behavior on a new Air also. It seems to start after the machine has been bound to our AD (once using our Casper policy and once manually, machine was wiped after each login failure). We can bind, log in as a network user which creates a mobile account (local home folder only) and then after a reboot no credentials will log in. This includes a local admin, network mobile account and root (which we had manually enabled before the binding).

The Air is running 10.7.2. I haven't had much time to dig into this since it's not a production machine yet. I also have an older MBP that I just installed 10.7.2 on and will be testing today (hopefully).

Tom
------------------------------
Tom Tubbiola
Special Technical Services (STS Team)
Ttubbiola at oakley.com
949.900.7705

stevewood
Honored Contributor II
Honored Contributor II

Just wanted to update the list on this. The problem I was running into I
On Thu, Oct 20, 2011 at 2:43 PM, Steve Wood <swood at integer.com> wrote:
tracked down to a bad package that was being installed during imaging. I
took that package out and everything went fine.

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

Not applicable

Hi Steve.

If you have ssh enabled, can you ssh in from another machine and watch logs as you try to login to the air. You should be able to see all of the logs using tail -f /var/log/*.log

What happens if you try and create another user using the jamf binary? Can they login?
http://www.jamfsoftware.com/kb/article.php?id=059

iamkmc
New Contributor III

Steve,

I've ran into the same issue recently and noticed that most of my packages which are dmgs seem to be the culprit. After I excluded the ones breaking deployment after imaging, all Login Window mishaps haven't reoccurred.

I tried to contacting Apple about the same issue but they haven't come up with quick resolution as of yet.

Going to recompose those packages in a 10.7.2 machine and test results.

Kevin Mc

stevewood
Honored Contributor II
Honored Contributor II

So, I didn't try logging in from another station to watch the logs, but I
On Thu, Oct 27, 2011 at 1:12 PM, Aaron <a.robinson.lists at gmail.com> wrote:
did go back and come through the logs, especially secure.log, and the errors
that were popping up were concerned with no kerberos ticket, or something
along those lines. Basically that the LKDC could not find the principal
name and it would kick back to the login screen.

I did try creating a new user by hand using dscl, also using the JAMF
binary, and finally by using a QuickAdd package. None of these things
worked.

What I ultimately found is that one of the packages that I was layering on
was making changes to a folder, I think in /private/var, and that broke the
login process. Once I removed that package, everything was fine.

I was able to deduce which package it was by removing everything from the
configuration except the post imaging script, then adding a few packages at
a time until it broke, then weeding those few packages I added until I found
the culprit. Fortunately, before I started any of this I had made an image
of the factory hard drive so I could nuke and pave each time I re-imaged.

As a note, one of the things I found by doing the nuke and pave was that the
restore partition was gone. I used this post to re-create the partition:
https://plus.google.com/109088229817689076273/posts/CDTUmQUiBV9

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

stevewood
Honored Contributor II
Honored Contributor II
On Thu, Oct 27, 2011 at 1:20 PM, Kevin McLeod <kevin.mcleod at mcgarrybowen.com > wrote: Steve, I've ran into the same issue recently and noticed that most of my packages which are dmgs seem to be the culprit. After I excluded the ones breaking deployment after imaging, all Login Window mishaps haven't reoccurred.

Kevin,

I have plenty of other DMG packages deploying in my configuration, and none
of them are breaking the build. As I mentioned in my post a few minutes
ago, it turned out to be one bad apple. And we all know what they say about
one bad apple.... :-)

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

jwojda
Valued Contributor II

I had my FireFox package do this... banged my head against the wall
till, through process of elimination, I removed that package then
everything worked again J

John Wojda

Lead System Engineer, DEI & Mobility

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

Page: (224)532.3447

Team Lead DEI: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

Team Lead Mobility: Chris
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.> Sta
Ana

Mac Tip/Tricks/Self Service & Support
<http://bit.ly/gMa7TB>

"Any time you choose to be inflexible in your approach to an
unpredictable project you are already building failure into your plan"

nessts
Valued Contributor II

My ipass connect package was killing my build similarly.
--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services