Jamf Nation Community

Most of our affected devices have been updated to 15.2 and this does indeed appear to have resolved the issue.

Hi Kevm, we dug for hours, looking for a root cause, but we couldn't find anything.  We found it was about 15 Mac Minis across about 4 labs (probably ~100 devices) that exhibited the problem so wasn't quite as wide-spread as we initially thought.  We've now rebuilt them all as that was the only solution we found.

As above, we found this in the system log...
loginwindow[325]: The connection was interrupted, calling interruption handlers

... but we never figured out what was causing the interruption (I'm sure a better macOS admin may be able to track it down but we couldn't get anywhere and found the quickest solution was to wipe and rebuild).

Thanks for the update Stuart. I have around 650 Macs but only a handful of reports. They hardly get reported so I didn't know it was happening for a while.Problem is we have so many launch agents, adobe chrome, AV, the list goes on.You dont have Netnotify or Smoothwall installed do you?. As you found it appears just the log in window process is being interrupted. I am currently compiling a list of know bad ones to re install. If I do find a magic easy fix I will report back here.

No, we have neither of those two things.  Rebuilding the devices with 0 changes to the deployed content (although I can't talk about what might have historically been on the devices and since removed from Jamf) tells me that it was most likely to be something to do with an update to 15.x having gone slightly wrong somewhere.  The devices rebuilt to macOS 14.x and all had 15.x re-applied without issue.

Yes I think almost definitely an update. Never had this issue until 14.x.

Thanks for the update, it's good to know we are not alone Eh?. I did open a report with my apple developer account. heard nothing as yet. Ticket # FB14664272

These commands have worked on some rare occasions for me after ssh into the affected Mac:

sudo killall HUP loginwindow (this obviously kills the process causing the issue)

Wait a few seconds then:

sudo launchctl start com.apple.loginwindow

Sudo reboot. This does work sometimes. but yes erase and install is the best option.

Are you bound to AD too?

In answer to your question, it's hard to say as I only started making proper notes of the rebuilt ones. I did have one that reverted to the issue again. I have definitely had some affected after 15.3.1 update and 14.7.2.

I will report back here if the apple come up with anything (won't hold my breath) but agin the ID is  FB14664272 if you want to chip in.

Yes, also AD bound (unfortunately). Appreciate the information on the developer ticket. I'll have a look and see if there's anything I can contribute to it.

It's certainly "nice" to know that I'm not alone here. It's been a really annoying issue to try and track down and there's always some comfort in knowing others are going through the same ridiculous issue with me. ;)

Not knowing the Apple ecosystem too well, how would I chip into the bug ID if I wanted to?

Hi Stuart, If you have an appleseed for IT account (good idea as you get updates on security releases etc), you can file a bug report there. Not sure if this is the official way, but you could reference the number I was given in there I guess. Regarding the AD binding, apple don't support that so we may be stuffed. I have managed to get NomAD to do this effectively but it creates an ugly log ion screen and I don't know if this problem we are seeing just pertains to AD bound Macs.

Interested to hear what you find!

That's worrying, I have nearly 700 Macs across 2 sites. I am looking at testing Xcreds but that is a paid solution.

Are these ones that have been updated since a rebuild?

Mine, at least, have had the same issue happen again after a rebuild. Something I'm working on now is forcing updates or manually updating computers instead of allowing macOS to manage the update installation itself.

Since the issue does not seem to recur in any predictable way it is hard to tell if this is working but manual updates have not, so far, triggered this issue. I've only ever notice it happen after a new macOS update is available. Some will have updated automatically with no issue, but the ones that are affected have always had an update available (and the partitions in Disk Utility make me think it tried to update and failed).

We need to track down the logs from when it happened the first time to compare (this might be useful information).

We use native AD binding.
We have only seen this issue on Mac Minis.
We use S.U.P.E.R.M.A.N. to update our lab Macs silently overnight.
It was only ~20% of the Mac Mini devices where we saw the issue the first time.  I THINK it's about the same for the second time around.
It definitely feels related to Mac Updates.

We're also doing native AD binding.

We've only seen this on our 2019 i7 iMacs. Our 2022 Mac Studios seem unaffected so far, even though they're deployed the exact same way.

Also seems to be around 20-30% of our Macs affected at once.

Ours has been mainly M1 and M2 Mac minis, I have had a few i5 21.5 iMacs affected too. None of our 27" iMacs, so it seems to be Sonoma onwards that is affected which must be an OS update.

I would love to move away from AD binding, but the vast majority of our Macs are in a lab environment where binding has made the most sense so far. Are you using NoMAD in a lab environment?

I have been testing NoMAD and it works great. The only thing I have seen so far is after a reboot occasionally the login screen is in the corner of the display. It does need a profile though to customise it. The next step up is XCreds bit I doubt our college would fork out for that.

Same. It's been mostly non-problematic for us for a very long time, which is why I'm thinking this has to do with the updates instead of AD. Not sure why this is only impacting a small number of computers. We're also unable to reproduce this manually, by running updates ourselves on the machines. This only seems to happen when macOS updates automatically.

We're configured to defer major software updates for 90 days, but otherwise let macOS manage the updates itself.

That's an interesting data point. We also disable Wi-Fi on our affected iMacs and attempt to rely on the ethernet connection only.

Hi kwarner.  Are your devices bound natively to Active Directory?  That does seem to be a common thread here?

We are bound to AD, and using Jamf Pro to manage these macs and push automatic updates, etc.

Still having some issues on our end but it's hard to say whether or not it is "fixed" because it only seems to arise during automated updates, and even then only on a small percentage of computers. I imagine we'll have to go through a few rounds of automatic updates without this happening before I'm feeling satisfied that I can stop monitoring our Macs for this busted state.

We use Jamf Pro to manage all of our macs, it's primarily maintained by a central IT department, and I'm in a sub-department so I don't have full access to change certain things. We also do push automatic updates and are bound to AD. We have 2 different AD binds, one for the public computers and one for staff, I haven't had any issues with the staff logins, but typically only one user is logging into those, rather than multiple per day.

That sounds familiar. Just out off interest are you able to log in with a local admin account when they go wrong? I rarely can.

It started for us around the 14.2 update and happens on MacOS15 too.but only after a DEP update for me.

When they do the freeze thing, I can always ssh into the Macs. Sometimes a quick fix can be after you have root ssh access 

sudo killall HUP  loginwindow 

wait a couple of seconds then

sudo launchctl start com.apple.loginwindow

sudo reboot.

occasional that fixes it.

Apple haven't supported using the directory utility for binding for years now so we are lucky it works at all.

I am going to erase and install all 700 of our Macs this summer if I get a chance. Currently looking at using different authentication methods too. Meanwhile I hope someone can find a fix.

I rarely can login to the local admin account either.

I'm hoping for a break in student usage on the labs as a whole so I can just erase and install all of our macs as well. Hopefully this summer.

It does affect local accounts yes we can't log in with our admin account when machines get in this state but if I'm reading the other posts correctly this only seems to be affecting AD bound machines in general? As in no binding no problemo...