Posted on 03-07-2023 01:15 PM
We've been having some sporadic Mac devices lose items/icons in their menu bar and both Chrome and Slack (main tools in the company) open but do not load anything. Just spinning wheel. Also Privacy & Security in System Prefs (Settings) would not load either. The devices still were connected to their wifi and could use Safari to browse the web. This has happened to about 5 users out of 45 macos devices.
This started happening a few of weeks to our fleet after enrolling into Jamf.
Trouble shooting included rebooting, shutting down, entering safe mode. Nothing in activity Monitor was taking up resources as the Mac was idle. I checked logs on all the devices and initially believed from the install.log's that it was a softwareupdate running in the background so i deactivated deffered updates and auto updates.
With the last user, experiencing all these symptoms, i was able to get some time to dig further. We use Jamf Compliance Editor to upload plists and compliances to CIS Level 1 + 2. I decided to remove configuration profiles one at a time for this user and asked him to keep an eye on his menubar. When i removed a profile (com.apple.MCX) that set the timeserver all his items/icons in his menubar came back and Chrome and Slack were working again. We checked his time+date settings and his time server was time-a.nist.gov. I changed it back to default to time.apple.com.
On checking the compliance plist in Jamf Pro, I saw that the time server string was set to time-a.nist.gov,time-b.nist.gov. On the official NIST time server page, these two time servers do not exist.
Here is the plist for the com.apple.MCX config profile:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>DestroyFVKeyOnStandby</key> <true/> <key>DisableGuestAccount</key> <true/> <key>forceInternetSharingOff</key> <true/> <key>timeServer</key> <string>time-a.nist.gov,time-b.nist.gov</string> </dict> </plist>
As of now, I'm thinking this could be the cause and wondering if anyone else has experienced these same symptoms and how or if this is somehow related to the .plist above.
I know that the Jamf Compliance Editor is not supported and a "use as you please, with no strings attached" but would like them to know that those timeservers do not exist and could potentially cause issues for others.
Any help or advice would be very much appreciated. Thanks.
Posted on 03-07-2023 01:43 PM
Hey @wlew !
thanks for sharing this, i will make sure to share this with the engineers working on Jamf Compliance Editor!
Posted on 03-07-2023 04:02 PM
@wlew just a few things, if you nslookup time-a and time-b you'll see they have CNAMES that are in that list of NIST time servers. As well, CIS Level 1 & 2 should not create a profile with those set. You should get time.apple.com, here is what I'm seeing when I create guidance against CIS Level 1 or 2.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DestroyFVKeyOnStandby</key>
<true/>
<key>DisableGuestAccount</key>
<true/>
<key>EnableGuestAccount</key>
<false/>
<key>forceInternetSharingOff</key>
<true/>
<key>timeServer</key>
<string>time.apple.com</string>
</dict>
</plist>
When you bring up CIS 1 or 2 in the app and go to Configure macOS to Use an Authorized Time Server, do you not see time.apple.com? See below as to what you should see:
I'm also thinking this is not all related to the time server at all. Are you seeing this issue when waking a system from sleep?
Allen
Posted on 03-08-2023 05:27 AM
Hi @golbiga Thanks for that info. I believe I had an old CIS lvl 1 benchmark profile that had the NIST time server. I also do not think it is related to the time server profile either but wanted to note that as soon as i removed that profile, everything started working on the affected device and menu items reappeared. Maybe it was another profile that i removed but i did not have the device on hand to troubleshoot.
As for if the issue occurs when waking the system, it could possibly. I will ask the affected users. I know that after some time, the issue resolves itself, menu items reappear and both Chrome and Slack load correctly.
Here is a screen shot of what the menu bar looks like on one of the devices:
Some users have experienced losing all menu items and some just the system items (wifi, bt, time, etc.).
Are there any other logs that I can possibly pull from the device? I looked at install/system/jamf logs and nothing (to me) looked out of place other than a software update that I had suspected could have been the root cause. I can share these logs if you'd like. Maybe you could see something I cannot.
Posted on 03-08-2023 11:41 AM
This was reported last year.
Menu bar disappears, and cannot type or select app... - Jamf Nation Community - 266666
The apple fixed this in macOS 13.1
Posted on 03-08-2023 11:51 AM
@dmccluskey Thanks. I am familiar with that disappearing menubar bug in 12.x, as I saw that with devices at my previous job but this issue is different.
The menu bar is present, it's the menu items that disappear and users can click and open apps.
4/5 affected devices are on the lates macOS (13.2.1).
You asked me if "Are you seeing this issue when waking a system from sleep? " and most of them either just rebooted or woke from sleep so wondering if you have seen this or have more insight since you asked about this.