I've been ordering new 16" MBPs direct from Apple for some of my team members.
When they receive them, the auto-enroll is not showing the new user account creation screen, completing the setup, and then just displaying the login screen (we have it set to username/password, instead of the list of users).
Checking the local users on the systems, the only account that shows up is the 'jamf' user.
Right now, it's been a small number of users affected by this as the rest of the company is getting either 13" MBPs, or an MBA (both M1s). The M1 systems enroll just fine, prompting the user to create an account.
Has anyone else experienced this? Did I miss a step somewhere when I configured everything? I haven't changed any settings since our initial Jumpstart a couple of months ago.
We've seen a few of these too. Not just 16" MBPs, but 13" as well.
We're on Jamf Pro Cloud, v10.28.0-t1615386406.
So far, our only option is to flush all policies for the device, use the recovery partition and wipe/reinstall the OS. Second enrollment works, but not a great 1st day experience.
@ryan.ball is that what Apple recommended ? : ) Also those are the two Setup Assistant screen I 100% don't want the use to see : (
Also we don't see the issue every enrollment ... it's random maybe 40% of the time....
I have reported this issue to Apple and they knew about so please open ticket with Apple so it will ger fixed faster
@gachowski Setup Assistant is crashing most likely causing the user creation portion to not occur. From trial and error it appears as though not skipping those screens seems to greatly improve the situation. My suggestion was really to provide something for you to test but of course its not ideal (better than having a Mac that you need to wipe though).
Apple/Jamf has not recommended that it but let's see the correlation of folks who are skipping those screens with those having this issue.
Perfect!!! I just noticed that those Setup Assistant options may not match the newer Big Sur options and Apple said it's Big Sur only so I am going to guess and see what works vs what doesn't in our dev Jamf...
PS great idea FYI I assumed that the GUI set up assistant had nothing to do with the user set up but that is obviously wrong!!
We saw this a lot, and realised the cause was that the Management Account (under User-Initiated Enrollment) was using the same username as the Administrator account in our Prestage Enrollment profile (I inherited the setup and it never occurred to me that someone would have done that).
Until that was fixed, I would say that we had a 50% local user setup success rate.
Just my 2c's there, hoping that's not how your JP is setup :-D
Uh, wait what? How would that do anything? Prestage for automated device and a User-Initiated enrolment are too different things. They should never do anything at the same time. I'm so confused by this comment.
That's bizarre... I have the same username in both of those sections, never had this issue with it. The only difference is the User-Initiated is set to randomise, and the prestage is set to an actual set password. Weird though.
Have also seen this sporadically when testing out authenticated enrolment using SSO Enrolment Customisation (Okta as IdP).
When passing the account details through for the user's account using the "Pre-fill primary account information" option, I would sometimes see this issue if I used the built-in option for "Device Owner's Details" and using "Lock primary account information".
I've had better success with the following setup:
- Pre-fill primary account info - On
- Information Type - Custom Details
- Account Full Name - $FULLNAME
- Account Name - Left blank (this auto-populates on the device if $FULLNAME came through properly from Jamf)
- Lock primary account information - unticked
On a few rare occasions, I've not seen the account full name populate on a test device, but since the details aren't locked, I can manually fill it out.
I feel like this may be related; if lock details are used and bad (or no data) comes through, SetupAssistant doesn't like it and bails out of the pane. I could however be completely wrong and all of this coincidental.
(This has been tested on a few physical and multiple VM instances, all with a management account specified in the prestage. Creating the user as standard or admin doesn't seem to affect.)
@ryan.ball Your suggestion worked for me. I only needed to untick the Transfer Information box in Setup Assistant Options (which translates to the Migration Assistant pane in the Apple Setup). It's a small hiccup (having to have users click Not Now) vs. the entire Setup Assistant bailing and not finishing.
We had the same issue but I didn't see it mattering what checkbox. We used to have everything but Location Services un-checked. Recently I decided to not show any Setup Assistant options then 11.6 came out. We were scrambling and forgot we hid Setup Assistant and assumed 11.6. We re-enabled Location Services and so far its been stable.
I am seeing this now too, all of a sudden! The M1 Air enrolled fine, the 13" Pro hiccuped the first time but worked after wiping and deleting from Jamf. But a 16" Pro I am trying to re-enroll keeps skipping the User creation (Ive wiped it and deleted it from Jamf three times now).
I had learned that Location, Privacy, and Ts & Cs were needed before or I had issues so I kept those. There is also this new checkbox "Automatically advance through Setup Assistant (macOS 11 or later only)" that I had checked and am wondering what that means? I tried getting more details on it but nothing helpful came back. I tried unchecking and wiping the machine/starting over but nothing changed. Anyone know anything?
I recommend opening a ticket with Apple ... I have been told that the issue is, the set up assistant randomly crashes creating the 2nd user and that it's not going to change. Three times was the most I have seen however I have a coworker that has seen 5, but we thing the user wasn't erasing the drive correctly.
I did the same (removed them all actually), as well as re-exposed the Apple ID step. In my cases, I still facilitate setting up the machines first before sending to the employee and while I dont add an AppleID (and skip the step) it seemed to be part of the solution.
I've had it recently.. a macbook pro (not new but m1).. it was remote to me, so another tech was doing the physical work. Our one ended up being it was hitting the login screen without asking to create a user. It ended being the time was WAY out. Once I got that in line, and used the terminal command (have a set account loaded with password to get in) to run jamf mdm reenrol -prompt it started connecting properly. Not sure if that helps or not with yours.
Okay lads, my 5ct.
We ran into the same problem: all of the sudden the enrollment shuts into the login window with no account created.
We tried about everything that was mentioned here, tick boxes in the prestage enrollment Setup Assistant , tick 'm out. Nothing seemed to help as it happens randomly at any box...
But there is a kinda workaround that prevents your user from being locked out of the Mac without a user account.
What you need to do is:
As you may notice the enrollment could still crash into the login window but at least you'll have a useraccount that is able to log in and finish the rest of it.
Let me know if this works for you guys as well.