Jamf Nation Community

pbenware1 · ‎03-02-2023

Greetings,

Curious if anyone has run into this scenario;

We are using JSS cloud, devices enrolled in Apple School Manager and assigned to the JSS, scoped to a Prestage Configuration that bypasses all steps in Apple Setup except Location Services, Registration & FileVault. We're also using an Enrollment Customization Configuration. We do not create a local admin account in our Prestage

This Prestage is the only one in use and has not changed in years.

While setting up a new or freshly-erased-with-new-os Mac:

Start the computer, which initiates Apple Setup.
Step through the screens to the Remote Management screen.
Let the JSS enrollment complete.
At the Account Setup screen, Shut the computer off.
- The scenario here is that a setup tech could finish up for the day and rather than continue setup, shut the computer down, or let it go to sleep. I've only been able to replicate if the computer is shut down.
Restart the computer.

At this point, the computer boots to a login screen showing user and and password fields. Except, Apple Setup did not get to the account setup screen, so there isn't a known user account on the computer and we are unable to login.

We have successfully sent a policy task to the device to create a new local admin account which does allow login.

So far we've confirmed this on the following devices

2023 14" M2 MBPro
2020 13" M1 MB Pro

Its been reported on:

2022 13" M2 MB Air
2023 16" M2 MB Pro

All running macOS Ventura; I know the devices I've tested have had the latest build, but the build techs may be getting new out of the box computers without the latest build installed.

I have not seen or been able to replicate this in Monterey. I searched both Jamf Nation and the google, but apparently my google-fu is off today.

FWIW, at one point after replicating this, I restarted in Recovery mode, launched Terminal to scout around a bit, and found that .AppleSetupDone did not exist which was not surprising given that Apple Setup didn't actually complete.

bcrockett · ‎03-02-2023

Try to allow all the setup screens to be present at boot in your pre-stage enrollment config. This will give jamf time to create its hidden admin account.

If that works. Turn them off 1 by 1 until it breaks the config. Then you will know the limit of the bypass all steps.

I have run into the problem of bypassing too many steps and it causing problems.

View solution in original post

sdagley · ‎03-02-2023

@pbenware1 I can't find when it changed, but at some point Jamf's creation of the hidden admin account was no longer guaranteed to happen after the user account is created in Setup Assistant. That might be what's triggering the behavior you're seeing.

bcrockett · ‎03-02-2023

Try to allow all the setup screens to be present at boot in your pre-stage enrollment config. This will give jamf time to create its hidden admin account.

If that works. Turn them off 1 by 1 until it breaks the config. Then you will know the limit of the bypass all steps.

I have run into the problem of bypassing too many steps and it causing problems.

pbenware1 · ‎03-05-2023

@bcrockett Thank you for the pointer. After much trial and error, I think it could be related to the Data Transfer/Migration Assistant step; I'm not done with my testing yet but that is the only step where I can replicate this issue consistently.

pbenware1 · ‎03-07-2023

More info- Seem to have confirmed that the Transfer Information step is the culprit here, tested across multiple models. Seems also to have been a change related to something in Ventura 13.2, but can't confirm that. I do know it was not in the most recent Monterey release. Also had a report of this issue occurring on a 2017 Intel iMac, suggesting it's not related to Apple Silicon (sort of expected that).

uuajcurran · ‎03-10-2023

I've run into something similar though in my environment it appears randomly without requiring a shutdown. It's tough to tell if it's actually working but my current attempted fix is to delay a configuration profile that blocks Time Machine until after setup is complete. So far, the delay seems to be helping.

pbenware1 · ‎03-13-2023

I only used shutdown myself as a way to consistently replicate the issue. It is still not clear to me if the field intentionally shutdown devices, or unintentionally let them sleep or drain the battery. Evidence of that nature has been pretty thin.

karenmartin · ‎05-01-2023

We are running into the same issue, it is extremely frustrating, we are reconfiguring the setup steps in our preconfig. Will post if it worked or not.

bigben54 · ‎05-03-2023

I've had it happen seemingly randomly, although in my case it's been two different scenarios...

The first, much as you describe, with the new user not completing the local account setup and (most likely) letting the Mac go to sleep/run out of battery.

In the last couple days, I've also had two machines where Setup Assistant crashed after all the profiles were downloaded and installed, but before it even gets to the user creation screen. Just quits to the login screen with a user/password prompt. Looking at the system in Jamf, there is only the jamfadmin management account, and no other local users.

And it's the same prestage config we've used for years. Even made a new one, with the same settings, as recommended elsewhere, but no change. Will have a try with reenabling some of the setup steps.

karenmartin · ‎05-04-2023

Yes, we have seen the exact same scenario, on laptops and desktops. We have opened a ticket with JAMF to see what they have to say, since it is seemingly random!

pbenware1 · ‎05-04-2023

There is a known bug reported on this issue:

PI111120

Account creation can be skipped if "Transfer Information" and "Location Services" are configured to be skipped in Computers > PreStage Enrollments. Workaround: Deselect "Transfer Information" and "Location Services" in the PreStage Enrollments settings.

Jamf Nation Community

Ventura; Apple Setup does not create account if system is shutdown during Apple Setup