Posted on 11-17-2021 06:58 AM
We bind our devices to AD during the DEP setup.
We get our users to log into their dvices using their AD credentials, usually no issues at all with the mobile account setup and the users AD account is recognised.
I have come across a device that for the first time is giving me grief with an error that simply states
Unable to create mobile account
There was an issue creating the mobile account
Its quite a 2017 iMac with Filevault enabled and I can log in with the local account that we auto setup with no issues.
I have tried reinstalling Catalina via Restore which didn't help.
Unbind rebind didn't help.
Checked directory and OU structure in AD and that all looks good.
The settings in Computer Management > Directory Bindings are correct and have not changed.
Kind of running out of things to point at that could be causing this.
At this point I am heading towards a complete wipe and restart but wondering if this could be a hardware or Filevault related issue.
I am going through the console logs now but confused as this normally just works fine and not seen this issue elsewhere.
Solved! Go to Solution.
Posted on 11-18-2021 01:07 AM
In case someone else comes across this error, I narrowed it down to a couple of things of which I think both needed attention. Reformatting the drive and manual ad bind worked eventually.
1. Ad bind script no longer works for some reason. After reformatting the drive the bind script would not give the previous error but still would not bind however a manual bind did the trick.
2. a misformat of the fusion drive as the structure looked different.
Posted on 11-17-2021 07:00 AM
Here is some of the log out put during the time I tried to create a mobile account by logging in with AD credentials.
Nov 17 14:52:58 D000132 com.apple.xpc.launchd[1] (com.apple.UserEventAgent-LoginWindow): This service is defined to be constantly running and is inherently inefficient.
Nov 17 14:52:58 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.user.loginwindow.977.4294967295): com.apple.universalaccessd (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Nov 17 14:52:58 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.user.loginwindow.977.4294967295): com.apple.VoiceOver (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Nov 17 14:52:58 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.user.loginwindow.977.4294967295): com.apple.TextInputSwitcher (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Nov 17 14:52:58 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.user.loginwindow.977.4294967295): com.apple.accessibility.AXVisualSupportAgent (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Nov 17 14:52:58 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.user.loginwindow.977.4294967295): com.apple.AskPermissionUI (lint): UserName is not supported for non-System services.
Nov 17 14:52:58 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.user.loginwindow.977.4294967295): com.apple.AssistiveControl (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Nov 17 14:52:58 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.user.loginwindow.977.4294967295): com.apple.DwellControl (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Nov 17 14:52:58 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.user.loginwindow.977.4294967295): com.apple.universalaccesscontrol (lint): The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Nov 17 14:52:58 D000132 com.apple.xpc.launchd[1] (com.apple.coreservices.useractivityd): Unknown key for Boolean: DrainMessagesAfterFailedInit
Nov 17 14:52:58 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.user.loginwindow.977.4294967295): Service plist does not specify a label.
Nov 17 14:52:58 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.user.loginwindow.977.4294967295): Could not import service from caller: path = /Library/LaunchAgents/com.efi.FSMAgent.plist, caller = loginwindow.977, error = 110: Invalid or missing service identifier
Nov 17 14:52:58 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.user.loginwindow.977.4294967295): com.apple.package-script-service (lint): JoinExistingSession is only available to Application services.
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.xpc error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XPCServices/com.apple.SpeechRecognitionCore.brokerd.xpc error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/TrustedPeersHelper.xpc error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/ColorSampler.xpc error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/XPCServices/com.apple.hiservices-xpcservice.xpc error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuthorizeAgent.xpc error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychainSandboxCheck.xpc error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeStampingService.xpc error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Failed to bootstrap path: path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/ColorSampler.xpc/Contents/MacOS/ColorSampler, error = 1: Operation not permitted
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/TrustedPeersHelper.xpc/Contents/MacOS/TrustedPeersHelper, error = 1: Operation not permitted
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Failed to bootstrap path: path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuthorizeAgent.xpc/Contents/MacOS/IOServiceAuthorizeAgent, error = 1: Operation not permitted
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychainSandboxCheck.xpc/Contents/MacOS/XPCKeychainSandboxCheck, error = 1: Operation not permitted
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Failed to bootstrap path: path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.xpc/Contents/MacOS/com.apple.DictionaryServiceHelper, error = 1: Operation not permitted
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeStampingService.xpc/Contents/MacOS/XPCTimeStampingService, error = 1: Operation not permitted
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Failed to bootstrap path: path = /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/XPCServices/com.apple.hiservices-xpcservice.xpc/Contents/MacOS/com.apple.hiservices-xpcservice, error = 1: Operation not permitted
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Failed to bootstrap path: path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XPCServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.SpeechRecognitionCore.brokerd, error = 1: Operation not permitted
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/XPCServices/com.apple.FCiCloudPrefUpdater.xpc error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Nov 17 14:52:59 D000132 com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.pid.SecurityAgent.985): Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle
Nov 17 14:52:59 D000132 VTDecoderXPCService[990]: DEPRECATED USE in libdispatch client: Changing the target of a source after it has been activated; set a breakpoint on _dispatch_bug_deprecated to debug
Posted on 11-18-2021 01:07 AM
In case someone else comes across this error, I narrowed it down to a couple of things of which I think both needed attention. Reformatting the drive and manual ad bind worked eventually.
1. Ad bind script no longer works for some reason. After reformatting the drive the bind script would not give the previous error but still would not bind however a manual bind did the trick.
2. a misformat of the fusion drive as the structure looked different.