Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Stuck on startup

Hello all,

I'm still seeing some issues with 10.10.5 and 10.11.4 that won't fully load and get stuck on startup. It will load either halfway or even 95% but never past that. Sometimes I'll turn them off, let them go over night, come back and they work next day? Sometimes I'll boot to single user mode and run fsck -fy and reboot and it works. Just so hit and miss. These machines are bound to AD. Is anyone still seeing these issues in their environment?

Like Comment
Order by:
SOLVED Posted: 5/19/16 at 9:34 AM by Jerod

We are an education environment and the root of this issue seems to stem from misuse (other than the documented issues with 10.10 having this issue). Our users like to put devices to sleep no matter what it's doing, mash the power button during boot, and all of the other fun things that can cause issues. We see the same issue frequently. We have everything from 10.9 to 10.11.5 (the issue really seemed to popup with 10.10), all bound to AD. A lot of the time, resetting the PRAM clears the issue. In the more extreme cases, booting into recovery and loading the OS over the top of itself fixes it.

SOLVED Posted: 5/19/16 at 9:36 AM by Chuey

@Jerod Thanks. It's weird because sometimes those things will work and other times they won't. So hit and miss. I then find myself just re-imaging the computer because nothing I troubleshoot works and I'm done spending time on it. Thanks for the info.

SOLVED Posted: 5/19/16 at 9:44 AM by mm2270

Yes, its an unfortunate consistent issue we face here as well. Although its gotten a bit better under 10.11 for us, almost all versions of 10.10 exhibited this problem from time to time. Oddly, 10.10.3 and 10.10.4 improved the situation and then 10.10..5 came along and things blew up again for us. As you stated, sometimes a reboot will fix it. Other times we need to do SUM and run a disk check (for us that means booting to Recovery HD and disabling the firmware password first) its incredibly annoying. And yes, our Macs are all joined to AD and have FileVault 2 enabled. In rare cases I've need to go in and disable FV2 and the firmware password from Recovery HD and reboot and then it would come right up.
Something with the combination of these settings causes this boot hang problem, but I'll be damned if I know exactly what it is.

Just curious, but do you tend to see this after a Mac gets updated with any software updates? That seems to be when we see it most frequently, like a Mac running 10.10.4 that updates using the 10.10.5 Combo Updater. User reboots and... hang! As Apple has a horrible tendency to put firmware updates within their OS updates these days, I suspect its a firmware patch being applied that causes the initial problem, until the Mac is booted into single user mode or Safe boot mode, and then it seems OK. Irritating to say the least.

SOLVED Posted: 5/19/16 at 9:58 AM by Chuey

@mm2270 Thanks for all the great info. I've checked updates after I've gotten it to come back and sometimes no updates have even been applied. It's so random that I can never pinpoint the issue. I'm glad to see I'm not the only one having this issue so it makes me feel a little better.

I've mainly been seeing this issue with 2012+ iMacs that get used heavily on a daily basis. They are located in a lab so I have a lot of users coming and going all day logging in and out.

When 10.10 first came out I was seeing it a lot on single user computers but seems like they fixed it and now I really only see it on these lab computers that are heavily used. Super frustrating.

SOLVED Posted: 6/7/16 at 2:53 AM by amosdeane

We are also having this issue on 10.10 and 10.11 machines - we are a university and it mainly occurs on open access machines. It seems to have become worse recently, and we’ve also identified that it tends to take hold when machines are forcibly shutdown. Unfortunately, it becomes a catch 22 as machines that are failing to startup are then forcibly shutdown until they eventually boot.

We have noticed that on 10.11 a verbose boot will sometimes allow booting. PRAM zapping seems less reliable.
On 10.10 it also seems to occur on machines where very large numbers of users are logging in - for example print stations. That said, it is infuriatingly inconsistent and it is very difficult to advise users of a reliable fix.

SOLVED Posted: 6/7/16 at 6:50 AM by sean

From a predecessor, we had a legacy LaunchDaemon that was set to delay the loginwindow to ensure network and AD were active before the login window was. This meant it unloaded the loginwindow, waited and then re-loaded it. The weird thing here was that this caused an issue with a white screen instead of the login screen, but only on 2011 iMacs. No other hardware showed this. Of course, we didn't really need this anymore, removed it and all is well, although before doing this we were able to ssh into the machine and re launch the process.

We are running 10.10.5 throughout and we are seeing none of the above described.

With that in mind, it may be worth working through LaunchDaemons. Try shelving them and see if this makes a difference.

You may also want to, for example, check out the timings you use for sleep, standby, etc. If you try and set something that doesn't tally, perhaps this will cause something obscure like this to happen. Try and set sleep to be less than displaysleep, but not zero and you'll see something like this:

Warning: Idle sleep timings for "Battery Power" may not behave as expected.
- Display sleep should have a lower timeout than system sleep.
- Disk sleep should be non-zero whenever system sleep is non-zero.
Warning: Idle sleep timings for "AC Power" may not behave as expected.
- Display sleep should have a lower timeout than system sleep.
- Disk sleep should be non-zero whenever system sleep is non-zero.

So it may be worth testing your profiles/mcx via command line to ensure they are correct.

SOLVED Posted: 6/7/16 at 9:18 AM by amosdeane

Thanks for the suggestion, but we've already tried clearing out LaunchDaemons/Agents, StartupItems, non-standard extensions, caches, Pram, settings and pretty much everything we can think of and are yet to find a rock-solid solution that works every time. I’ve also seen this issue happen on a similar model (it mainly seems to affect iMacs) with a non-standard image, with a quite different set of software and very minimal management.

SOLVED Posted: 6/7/16 at 10:01 AM by Chuey

@amosdeane It seems to only affect iMacs in my environment. I have pretty basic software installed nothing that should be causing this to happen yet it still happens. I re-imaged a culprit iMac and the following morning it was stuck on startup, less than 10 people used. I'm lost right now as to what to do now. It seems to be my Late 2013 iMacs. . .

SOLVED Posted: 6/7/16 at 11:23 AM by rdwhitt

I feel your pain; This has been a consistent problem and happens most frequently in our high traffic public Mac labs. Usually a combination of reboot, safe boot, pram reset will allow the machine to boot, but next restart all bets are off.

We've provided Apple with diagnostic data, but sadly they have been unable to resolve the problem and I'm not convinced they are allocating many resources to solving it. Statistically it's a low number of our Macs that have been affected, but because they are in high traffic locations, the problem is highly visible.

SOLVED Posted: 6/7/16 at 1:27 PM by tcam

There allot of different reasons a computer can be stuck at boot.

Failed update, Failed OS Install, Disk Corruption, Failing HD.

There is nothing like an OS upgrade to bring existing issues to the surface.

If there is no detectable issues with the hard drive. (no IO errors about the drive in console, SMART status passes, disk has nothing to repair) Then re-installing the OS usually fixes the issue.

If it was OK on the original OS upgrade, but started having issues after an udpate, sometimes you can get away with a combo update.

If the disk constantly needs repair. Erase and install. If the disk fails to repair, erase and install.

In the earlier days of mac admin. Any major OS upgrade usually meant a mass netboot erase and install. Which avoided some of these issues. But caused other issues with user data. Any time I did a mass erase and install. I would always find out there were a couple computers with bad HDs.

SOLVED Posted: 6/8/16 at 6:18 AM by Chuey

@tcam Yeah, so many factors that could be causing it. In my situation, no updates have been applied, disk is OK, SMART checks out although I don't trust it 100%, and I've had situations where I re-image a machine and a day later it's doing it.

SOLVED Posted: 6/9/16 at 6:08 AM by amosdeane

Yes, likewise. We've done lots of tests, including hardware tests but unless physical issues are just not showing up in the existing tools (which is possible) it is not this. If it were, it would presumably always affect the same machines but part of the problem is that it appears to be random and re-imaged machines seem as likely to acquire the problem as existing ones. We can generally fix it, but it's the inconsistency in the method and the extra time that this then takes which is frustrating.

@chuey that's interesting to know that you're having it with iMacs as well. Don't know if it's more prevalent on machines with spinning hard drives?

SOLVED Posted: 6/9/16 at 6:51 AM by Chuey

@amosdeane Yes, only happening to my 21" Late 2012 iMacs with 8GB of RAM and an i5 processor, surprisingly they run like garbage with those sweet Hitatchi 1TB 5400RPM drives. I just slapped an SSD in one and have not had the issue present on it since, although it has not been getting used as much as it previously was.

What's crazier to me is I have the same image on hundreds of MacBook Airs and never seen that issue on one yet.

SOLVED Posted: 6/9/16 at 10:55 AM by amosdeane

@Chuey interesting that you say that. We've also not been aware of people having it on MBAs.

I've been experimenting booting those 2012 iMac models off an external USB 3 drive (which even being external still improves their performance quite a bit) so I will keep an eye out to see if this occurs.

SOLVED Posted: 6/9/16 at 11:48 AM by Chuey

@amosdeane Yeah, eventually I'd like to replace all my late 2012 iMacs with SSDs. They already have the caddy inside, the drive is a 2.5" 1TB which is cool BUT it's 5400RPM. I'm assuming they did this because it's a lot quieter than a 7200. Just hate they make it so much harder to take front plate glass off now and you better have some VHB strips too, LAME!

SOLVED Posted: 6/9/16 at 11:22 PM by BOBW

I know there can be many reasons for this as suggested but this has helped me

SOLVED Posted: 6/10/16 at 6:18 AM by Chuey

@BOBW Thanks for the link. I'm going to find one of the iMacs I've been having issues with and check this out.

SOLVED Posted: 7/12/16 at 4:22 AM by amosdeane

Just wondering if other people are still having issues with this? Ours are persisting, inspite of trying the various fixes that have been suggested. We've opened a case with Apple Enterprise support and are slowly working through various diagnostics.

SOLVED Posted: 7/12/16 at 9:41 AM by Chuey

@amosdeane I was still having issues only with my 2012 iMac's in June. I've recreated my 10.11.5 image and also took out some applications i thought may have been causing it but I don't think so because they ran fine on my MacBook Airs all year with no problems. Really ridiculous issue when I have labs of those 2012 iMacs and that happens. 1 thing will never fix issue either, it's either reset PRAM, or boot to single user mode, or maybe it'll just work this time or re-image and even that doesn't work. I re-imaged a machine and a day later it was doing it!

Please let me know if you find out anything from Apple.

SOLVED Posted: 7/13/16 at 9:38 AM by amosdeane

@Chuey Yes, I was hoping to be able to post something useful, but so far we haven't really learnt anything new. I will certainly post if I get anything that's conclusive.

SOLVED Posted: 8/2/16 at 7:21 PM by Maineboy22

Having the exact same issue with the same model iMac ( late 2013 ) but running the latest version of El Cap. 10.11.6. It is all 22 computers on the lab however so I'm guessing that it was most likely tied to the deployment of Office 2016 for the Mac or one of the Adobe CC Deployments. I tested all of the deployments before going all in but it didn't come up. Oh well, back to the old drawing board I guess.

SOLVED Posted: 8/3/16 at 7:21 AM by Chuey

@Maineboy22 Mine are also running Office 2016 with Adobe CS6 (Not CC). I imaged the machines but have not had anyone using them since summer kicked in. Man, I'm hoping this is not a problem going into this upcoming school year.

SOLVED Posted: 9/6/16 at 1:45 PM by LibertyJSS

I'm having this issue too on my late 2012 iMacs in a high traffic area. They seem to do well after imaging and get worse and worse as more user accounts are created. Connected to AD. They are freezing on the loginwindow as well.

SOLVED Posted: 9/15/16 at 9:49 AM by Chuey

I had no issues at the beginning of the year. Yesterday I had 3 that got stuck, all 10.11.6.

I booted to single user mode > mounted the drive > and noticed 200 accounts. I trashed them, rebooted and it worked instantly on 1.

The other 2 had similar amount of users and that did not fix the problem immediately. I removed users > rebooted > reset PRAM > ran fsck -fy and then randomly got 1 more to work.

The last 1 I was not able to do anything to get it to work. Removing users, running fsck, booted into an NBI and recovery mode, nothing, I had to re-image.

Very frustrating issue. I seen this on iMac 2012's and Late 2012 Mac Minis now

SOLVED Posted: 9/15/16 at 9:57 AM by LibertyJSS

On the machines that refuse to boot after resetting the PRAM, sometimes unplugging the ethernet will allow it to boot. When I use verbose boot ( cmd + v ) on the stuck machines I get this error:

kauth external resolver timed out (1 timeout(s) of 60 seconds).

I have also set and not seen a noticeable difference with the DSBindTimeout variable mentioned here.

SOLVED Posted: 9/27/16 at 10:52 AM by Chuey

@LibertyJSS When I verbose boot I get the same thing.

This is starting to happen more frequently now and is super frustrating. Any one find anything that seems to help this issue ?

SOLVED Posted: 10/19/16 at 3:14 AM by allanp81

We're seeing similar issues here and seems to be the same kind of setup as others:

Running El Capitan 10.11.5
Late 2012 & 2013 imacs
All AD bound
All in high use open access areas with lots of different users

The boot issue is seemingly intermittent, sometimes it will fail to boot with just the grey loading screen and the loading bar will get about half way then just go extremely slow until it gets to the end but will never actually show the login window.

Tried disconnecting network cable, removing usb devices (keyboard, mouse etc) but it makes no difference.

once it does boot successfully you can keep clicking reboot and it will probably boot every time, there's no obvious pattern to it.

SOLVED Posted: 10/19/16 at 7:59 AM by Chuey

@allanp81 Yeah, very intermittent issue.

On 10.11.6 I was seeing this issue daily.

I've rolled machines back to 10.11.4 and have not seen the issue on the same machine that was previously running 10.11.6 so I'm hoping it continues to work with that image.

SOLVED Posted: 10/19/16 at 8:06 AM by allanp81

@Chuey that's annoying as 10.11.6 was my next test! It mentions a fix to slow AD authentication times.

SOLVED Posted: 10/19/16 at 8:11 AM by Chuey

@allanp81 Yeah, it is super annoying. They fix one issue and causes another. I'm not seeing many slow login issues just that issue where it hangs on startup.

SOLVED Posted: 10/19/16 at 10:29 AM by amiller6

I've seen this issue as well. I was testing 10.11 in a public area and some machines would randomly not complete the boot. Summer time rolled around and the problems went away. Problem is, the students went away for the summer so machine use was very limited. I even had my staff try to login to machines over and over and couldn't re-produce the problem. Sure enough, students came back after the summer and the problem has appeared again. Same types of fixes, sometimes single user mode boot works, sometimes resetting PRAM, sometimes I need to fully re-image the machine.
These are AD bound in high turnover public use areas. Only thing I have been able to find is that the previous shutdown seems to be dirty. Not sure how it is being shutdown, but I always catch error messages about this.

SOLVED Posted: 10/19/16 at 10:33 AM by Chuey

@amiller6 Yeah it's tough. Like you said there's never an overall fix. One time resetting PRAM another time I'm unplugging ethernet, then I may delete all the user accounts under the users folder and it will work, another time I netboot and restart and it works, other times I just have to re-image completely.

If you can, I'd make a 10.11.4 and see if that helps. Since re-imaging some machines that were 10.11.6 to 10.11.4 I've seen the issue less.

SOLVED Posted: 10/20/16 at 4:10 AM by allanp81

Is anyone doing account cleanups as part of the boot process?

We have a launch daemon that runs on bootup that clears all accounts except administrator etc. so wondered if that might be a factor. It's hard to test based on the fact it's so intermittent.

As far as I can tell the machines we're seeing the issue on are late 2012 and late 2013 imacs but that might just be coincedence.

SOLVED Posted: 10/20/16 at 7:14 AM by Chuey

@allanp81 If I have a machine that is stuck on startup I will boot single user mode and remove accounts. However, I am not removing accounts with a LaunchD. Are you seeing this issue less since you have been doing that ?

SOLVED Posted: 10/20/16 at 9:06 AM by allanp81

We're seeing the issue regardless of whether we clean up accounts or not.

It's now getting quite serious for us, it's totally intermittent but affecting pretty much all of the macs we have in our main open access areas.

All of these are late 2012 or late 2013 imacs. Can anyone confirm if they are seeing the issue on newer macs as at the moment we're thinking the only fix is going to be to replace this with newer models.

SOLVED Posted: 10/20/16 at 9:13 AM by rdwhitt

We do account cleanups on all the machines that were affected by this issue and it had no affect. Unfortunately the only thing that has alleviated this was when we moved to the newer 2015 hardware. We're still seeing the issue on 2011 iMacs, but the 2015's do not seem to have this problem (yet).

Apple is aware of this and we have an open ticket with them. We continue to gather and submit diagnostics with each OS release, but the extraordinarily random nature of the issue makes it very difficult to really decide what is and is not working.

SOLVED Posted: 10/20/16 at 9:14 AM by Chuey

@allanp81 I use to only see it with 2013 iMacs but now seeing issue with 2012 Mac Minis as well.

If you have a 10.11.4 image around or can create one I would do that and see if issue continues.

I have an open area with roughly 20 Macs and 17 of them are 2013 iMacs 3 are 2012 Mac Minis. About a week ago I re-imaged 10 of them from 10.11.6 to 10.11.4 and have not seen the issue back on EITHER os when previously I was seeing 5-10 startup issues a day. At another building we have about 20 or so 2013 iMacs. The technician re-imaged using 10.11.4 on a few of them and has not seen the issue on either OS either. Kind of weird . . . .

SOLVED Posted: 10/20/16 at 9:33 AM by amiller6

Doesn't help much, but all my issues are with the late 2012 iMacs. I'm going to try to find a new one to put in and see if that makes a difference. Unfortunately, I have some machines that have no issues so I really won't have a great feel as to if that resolves the issue(and upgrading all the machines isn't a fix either).

We do not purge users at all on the machines if that helps any troubleshooting. Also, has anyone tried Sierra at all to see if that resolves it? I'm hesitant to downgrade the machines to 10.11.4 as that wouldn't be a good long term fix.

SOLVED Posted: 10/20/16 at 9:45 AM by Chuey

@amiller6 I have not even entertained the idea of Sierra. . .

SOLVED Posted: 10/20/16 at 9:45 AM by allanp81

Clutching at straws here, but could it be something to do with user configuration profiles?

I've noticed that when I run "sudo profiles -P" on an affected machines it returns well over 100 user configuration profiles. An unaffected machine is generally about half of this.

Doing a "sudo jamf removemdmprofile" only clears the 2 computer level profiles, all of the user profiles remain. I can't find any combination of commands to remove these, it either complains they don't exist anymore in DS (if we're doing account cleanup) or that it can't be removed as it's non-removable.

The only method I've found to clear them is to trash the /var/db/ConfigurationProfiles directory and then re-apply MDM. Sadly all of the local macs to me that have the issue are all in use currently so I can't put this theory to the test to see if it solves anything.

SOLVED Posted: 10/21/16 at 2:48 AM by allanp81

Deleting the config profiles made no difference sadly, was worth a shot though. It really is a bizarre issue.

One of the machines I was looking at wouldn't boot at least 20 times in a row yesterday and then just randomly did. This morning it booted fine 2-3 times fine after logging in with AD accounts and then on the 4th boot it refused to boot.

There literally is no pattern to it!!! I'm just going to reimage it with 10.11.3 instead of 10.11.5 and wait and see. Failing to see what else we can do at this point.

SOLVED Posted: 10/24/16 at 3:27 AM by allanp81

Still trying to figure out what the issue could be.

Looking at our affected machines one of the main differences is that we install xcode 7.3.1 and then make all users part of the developers group so they can compile stuff.

Anyone else running xcode in an affected area?

SOLVED Posted: 10/24/16 at 6:11 AM by Chuey

@allanp81 No, I am not running xCode on any of these machines.

SOLVED Posted: 10/24/16 at 8:02 AM by allanp81

I've now got some of the technical staff imaging them back to 10.11.3 to see if the issue goes away, if yes then we'll have to look at rolling them all back to that version.

SOLVED Posted: 10/24/16 at 9:03 AM by Chuey

@allanp81 Seems when I reverted back to 10.11.4 issue stopped. I don't like rolling back but I'm also not prepared for Sierra yet without some good testing. When I see issue on 10.11.6 I just re-image it back to 10.11.4. Let me know if reverting helps your issue out too.


SOLVED Posted: 10/26/16 at 1:42 PM by Chuey

Has anyone seen this issue on MacBook Airs? I've seen a few MacBook Airs with stuck on startup but not sure if it is related to the same issue with the iMacs / Mac Minis. . .

SOLVED Posted: 10/26/16 at 2:51 PM by allanp81

We don't have any macbook airs, only seen it on imacs so far and only late 2012/2013 models. That might be pure coincidence though as they're the only models we have in large usage areas.

SOLVED Posted: 10/27/16 at 6:05 AM by draeconis

We were seeing this issue on 10.11.5, Apple advised we upgrade to 10.11.6, and the issue seemed to go away. They wouldn't explain what the issue was.

More recently it's come back, and is instantly a problem if we do an upgrade from 10.10.5 to 10.11.6.

Newly imaged 10.11.6 (15G1004) machines also experience this issue, but only after 2-3 weeks of heavy use.

All the standard stuff doesn't seem to help. Even insane stuff like trashing the contents of /var/folders/ or /var/db/spindump/

Upgrading to 10.12 doesn't help, same issue. Can't test 10.12.1 yet as the Sierra installer in the App Store is still 10.12 for some reason.

Most machines (though not all, and not consistently) show the following when booting verbosely.

kauth external resolver timed out (1 timeout(s) of 60 seconds)

Even Safe Boot doesn't work properly any more on these machines. Very perplexing.

SOLVED Posted: 10/27/16 at 7:40 AM by allanp81

Interesting, seems to me like Apple have no interest in fixing this issue.

SOLVED Posted: 10/27/16 at 7:56 AM by Chuey

@draeconis Thanks for the information. I too am seeing the kauth external resolver error a lot.

@allanp81 Why would they care? They only care about 1-1 and not enterprise environments. Sierra is out but I haven't even entertained the idea because I've had zero time to test thoroughly.

SOLVED Posted: 11/3/16 at 8:08 AM by allanp81

Has anyone made any progress on this? We're in the middle of a reading week so mac use has been lower than normal.

Interestingly, we're currently trying Nexthink monitoring solution and it's highlighted that all of ours that are AD bound throw up regular connection failures to our AD controllers. I've enabled more verbose logging on the opendirectoryd service but so far nothing jumps out.

SOLVED Posted: 11/3/16 at 9:42 AM by Chuey

@allanp81 No progress here, actually gotten worse and started seeing on a lot of MacBook Airs.

What's odd though is if you leave the MacBook Air stuck on the startup, it will go to sleep, then when you restart it, will come back on just fine.

SOLVED Posted: 11/4/16 at 10:37 AM by allanp81

We've noticed here that ours that are seeing the issue return different IP addresses depending on whether we look up hostname versus FQDN.

Having done the verbose boot we see the same thing about the kauth timeout, which is the last thing that appears and then it loads no further.

Could the disparity between the IPs be causing this? A lookup on our AD domain returns 5 IP addresses so maybe it's hitting a different AD server each time and that's causing the randomness in startup?

SOLVED Posted: 11/8/16 at 8:22 AM by amosdeane

Just to say that we had this problem in the summer and then with the 10.11.6 update it suddenly went away. In the last weeks it has returned and we are also seeing it on some laptops, where previously it was pretty much just iMacs.

SOLVED Posted: 11/8/16 at 9:19 AM by allanp81

I got one of our trouble machines up on the workbench and it failed to boot several times so we plugged in an external usb 3 drive with a 10.11.6 install of OSX on that is our new netboot image. This is obviously a very stripped down image, not enrolled with Casper or joined to AD etc. This failed to boot, with pretty much the same symptoms.

Plugged same usb 3 drive into a newer macbook and it booted instantly (you could say even faster than the internal drive!).

Looking at our inventory information it does appear that all of the EFI/SMCs versions are out of date compared to what Apple say are the latest ( but they make this almost impossible to update them as you need the version of OSX that came with the machine to be able to do this!!!

I'm pulling out what little hair I have left over this issue now as I'm getting a lot of flack for something that's pretty much totally out of my control.

SOLVED Posted: 11/8/16 at 11:45 AM by Chuey

@amosdeane Issue went away for us for some time too and then came back on iMacs and Mac Minis only.

Now the issue has caught fire and spread to MacBook Airs.

@allanp81 What make / model were you using for your test with the outdated EFI ?

I'm seeing this mainly on Early 2014 MacBook Airs running the MBA61.0099.B22 Boot ROM Version.

SOLVED Posted: 11/8/16 at 12:16 PM by Chuey

@amosdeane @allanp81 I wonder if it has something to do with the Security Update 2016-002 for MacBook Airs. That was released on Oct. 24, 2016 and that is the same time we started seeing this issue on MacBook Airs which previously never had this issue. . . .

SOLVED Posted: 11/8/16 at 12:23 PM by allanp81

Perfectly possible. We haven't applied any security updates to any our affected macs. They're pretty much all running 10.11.5.

SOLVED Posted: 11/9/16 at 4:00 AM by allanp81

So... this morning I dug out the firmwareupdate.pkg that comes with the 10.11.5/10.11.6 updates that was available on local SUS server. Ran this on some of our late 2012 and late 2013 models and so far so good.

The late 2012 model I have on our workbench that pretty much refused to boot the majority of the time is now booting successfully every time.

I also noticed that on the late 2013 models it changes the boot screen from grey to black so potentially a major change to EFI and SMC (the versions number have jumped quite a bit).

Before I get my hopes up I'm assuming others have gone down this route? It seems that unless you don't do a proper install of El Capitan or at least an update from 10.11.5 to 10.11.6 etc. that it's almost impossible to do any firmware updates.

SOLVED Posted: 11/9/16 at 4:47 AM by amosdeane

It sounds worth looking into the firmware issue again. We did check this out previously and I think we ran an update when doing 10.11.5-6 but we could double check this in case there were issues with it. @Chuey, I haven't seen the boot issue on a Macbook Air yet, as we've mainly got MacBooks here, but we'll check for any recent updates.

SOLVED Posted: 11/9/16 at 5:14 AM by allanp81

Looks like my excitement was short lived. The late 2012 mac here is still exhibiting the same completely random boot hang.

It literally doesn't matter what you're doing, could be logged in as admin, logged in as an AD user or even just restart from the login screen after a successful boot. It will just randomly not boot some of the time.

None of the system logs reveal anything useful. A verbose boot doesn't uncover anything useful either :(

We're literally staring at replacing these macs as the only solution!!!

SOLVED Posted: 11/9/16 at 9:32 AM by Chuey

@amosdeane Thanks for the update, let me know if you find anything else out.

@allanp81 Lame, not what I wanted to hear. Replacing machines with new ones is not an option in our environment due to the amount of MacBook Airs / iMacs we have that are showing this issue. We are an Apple Certified Repair Center maybe I can contact Apple directly about this issue we are seeing a lot of . . .

SOLVED Posted: 11/9/16 at 9:42 AM by allanp81

Please do contact Apple if you can!!!

SOLVED Posted: 11/14/16 at 8:43 AM by allanp81

1 of our older 2012 imacs is actually failing the Apple Hardware Test consistently with memory errors but in true Apple fashion they've taken something that was useful and removed it from newer models. All you can do now is run the Apple diagnostics check which seems to finish checking in under 2 minutes so can't be particularly thorough.

SOLVED Posted: 11/18/16 at 5:02 AM by amosdeane

Can I just ask that if anyone else is experiencing this issue, even if you don't have anything to add to the discussion, you just put a brief post to confirm that you have it.

SOLVED Posted: 11/18/16 at 9:50 AM by allanp81

We've been going round the machines where we're seeing the issues and so far it looks like:

Firmware update doesn't fix the issue
Firmware update then a reimage and so far haven't seen the issue

We've created a matrix to compile when a machine was last imaged, has it had its firmware updated, when was the issue last seen. We've also got a daemon running on the machines that constantly sends us this info so we can actively monitor it (mostly to appease management).

Only time will tell as a reimage seems to work for a period of time but the main thing we've seen so far is that all of our problem machines clearly haven't had a firmware update for a long time. Prior to us rolling out casper they would've been imaged using deploy studio so will have been distributed with an image created on a mac. The guy that used to do it here always used whatever was the newest model at the time to build his images. Our problem macs are 2012 and 2013 so I'm guessing would've originally come with Mavericks or maybe even older than that?

I would imagine that most of us here are in a similar situation where we're applying an image (whether old fashioned way or using autodmg). Either way I don't think the macs will get a firmware update as normally this would get done when either installing a version of OSX or performing an update.

SOLVED Posted: 11/18/16 at 11:33 AM by PeterClarke

It seems like we are having the same issue on some machines - particularly the busy ones in library areas.
The Macs are: 21.5 inch iMac 14,1 running OS X 10.11.6
I haven't yet looked at this issue myself - my collegues have.
Though I can't think of anything that I would have tried - that they have not already tried...

Personally I have a suspicion that it's related to logouts not happening correctly - getting stuck,
and then then machines being crashed, in order to log in..

Quite why logout sometimes does not complete (apart from applications still being open, with unsaved documents) is unclear.
I did think of writing my own logout routine to 'force' a full logout - even if that did result in loosing unsaved documents..
but haven't yet done this since I've been busy with other things.
besides implementing such a thing should not be necessary..

But it would be interesting to see if this then began to resolve the startup issue..

If the problem was related to 'corrupted boot caches' - then the "safe boot" followed by restart and "normal boot" may sometimes resolve this - and I think on occasion has for some people. Although that method is not always 100% reliable.

What we know is that 'something' or several different 'somethings' are on some machines, causing the system startup to not follow a normal pathway - resulting in a startup freeze.. And at this point no-one seems to know exactly what is causing this.

Reformatting and Re-imaging the machines affected - does resolve the problem - for a while, and then it occurs again.
Although above I said re-imaging - we are thin imaging using Casper, and installing an OS from deploy Studio (which we didn't do last year)
but last year we saw this problem too - though less frequently. The OS is built using the AutoDMG tool..
So it's not an old-style 'clone' image.

The main 'pattern' so far - is that we are only seeing this happening in especially busy areas - where lots of different logins are occurring..
i.e. - in excess of 100 different users logging in..

Incidentally, in casper Vn 9.96 the number of: "MDM Capable Users" (Machine Record : General ;MDM Capable Users)
does not seem to get reset after reimaging - it just increases with occasional ,, entries which makes me think that might be a casper bug ?
But even if so, that unlikely to be related to this startup issue..

SOLVED Posted: 11/18/16 at 1:03 PM by Brad_G

Thanks to @PeterClarke for posting much of what i wanted to say. We're having issues in our heavily traveled areas as well. These are iMac16,2 machines (2015, 4K Retina, 21.5" 16GB/1TB) machines purchased this summer. Had they been older machines we may have reverted back to our 10.10.5 image that was rock solid last academic year.

I opened a ticket with Apple and called it "Stuck on Startup" as well. But in my observation in one of our teaching labs I noticed upon logout that I got the same Apple logo with slider on it just like you would upon boot before the login window reappeared. This makes more sense as our users "shouldn't" be rebooting those machines and the Shutdown feature is removed via Config. Profile.

However, once they're hung it's a crap shoot if they'll reboot. We've got several machines that we've re-imaged at what seems about a two week interval. Of course I have an identical piece of hardware in my office that I can't reproduce the problem on. Guess I need to invite a few hundred students in to use it.

SOLVED Posted: 11/19/16 at 5:03 AM by allanp81

That's not good to hear that you're seeing exactly the same issue on a 16,2 as we're about to swap out some of older machines with these to see if it cured the issue.

Like @PeterClarke we have machines in the office on the workbench with same spec, same software setup that we can't reproduce the issue on so it's definitely a problem when you pass a certain amount of usage/number of users.

SOLVED Posted: 11/19/16 at 10:46 AM by Chuey

@allanp81 @amosdeane Is anyone deleting mobile accounts on logout ? I thought about setting that feature in my config profile in a select few high traffic areas or carts of MacBook Air that have been having this issue. I too think it has something to do with amount of usage and wondering if deleting every mobile account on logout would help the issue?

SOLVED Posted: 11/19/16 at 11:22 AM by allanp81

We don't delete on logout, we have a launch daemon that deletes at startup but it doesn't seem to make any difference whether we run this or not. It looks like the macs hang before even getting that far into the boot process anyway.

SOLVED Posted: 11/21/16 at 10:40 AM by amosdeane

We have found that it occurs in areas where we do delete accounts (also on startup) and we have tried various different variations in how we do it, but not with any success I am afraid. It does seem to occur on machines that have a large volume of users, and @PeterClarke 's suggestion of it being related to failed logouts seems possible.

We had a suspicion that it begun to occur on machines that hung on logout, and were then forcibly shutdown. This then caused them to (sometimes) get stuck on startup, causing more forced shutdowns, which made the problem progressively worse until a large percentage of the time they would get stuck on startup, and so on.

We have not found that it occurs solely on a particular make or makes, although until recently it didn't seem to affect laptops. Now it is happening on both MBP and MBAs, however!

SOLVED Posted: 11/21/16 at 1:00 PM by ssrussell

Just thought I'd chime in and say we are seeing this in our district with Late-2013 iMacs 21.5 running 10.11.6 in high traffic areas like Library Labs. There are likely hundreds of accounts on these Macs. There are also reports of it happening on 2012 MacBooks Pros in a shared cart that get used regularly.

SOLVED Posted: 11/21/16 at 1:50 PM by prichards

I've had this happen in all 3 of our iMac labs (Late 2015 21.5 iMacs and Late 2013 27 iMacs). I completely reimaged the Late 2015 labs with 10.11.6 and this seems to have solved the issue. Haven't had any boot up issues in weeks. They were all running 10.11.6 previously however so I don't really know what solved it.

SOLVED Posted: 11/21/16 at 10:24 PM by Malcolm

safeboot and check disk usually fixes the issue, but why it occurs, appears to be a disk permission issue I think.

SOLVED Posted: 11/22/16 at 4:07 AM by allanp81

We're still hoping that we're seeing positive results by ensuring that the efi and smc are up to date and then reimaging.

For reference, these appear to be the latest:

Late 2012 iMac13,1
Boot rom IM131.010A.B09
SMC 2.9f8

Late 2013
Boot rom IM143.0118.B13
SMC 2.17f7

We've imaged pretty much imaged all of them over the 2.5 weeks and so far haven't seen the issue again on any, having made sure we did the firmware update first.

Can anyone else confirm if they're seeing the issue on machines with up to date firmware?

SOLVED Posted: 11/22/16 at 1:23 PM by aporlebeke

Just to chime in here, we are experiencing this issue as well. We have 6 x iMac Intel (21.5-Inch, Late 2015) 16,1 w/ firmware passwords all running 10.11.6 in our Middle School. We are not running the latest security updates on these machines. They are running SMC 2.31f36 ; Boot ROM IM161.0207.B03

I've been looking at our system logs and I'm seeing a lot of forced shutdowns and power disconnects. We actually saw several of our students unplugging the power from these machines.

Going over the thread though it appears my initial thought that these improper shutdowns were the cause are in fact symptoms of a larger problem. As of yet, we haven't seen this issue on any of other iMacs or Mac computers.

SOLVED Posted: 11/23/16 at 8:35 AM by Chuey

I put a ticket in with Apple through my GSX account and uploaded a log file from a troubled machine. They get back to me 4 days later and say:

There is nothing hardware related that stood out after review of the log files attached, however if you are still having the issue in a a clean known good OS, please initiate a technical support chat if you do require any further assistance troubleshooting the issue.

Thanks Apple

SOLVED Posted: 11/24/16 at 4:01 AM by allanp81

So far ours have been looking ok. I've now added the EFI/SMC update to the imaging workflow and tested it in a few places and it successfully updates the mac before it boots into the OS for the first time.

We've still got a few machines with the issue but these were imaged about 3 weeks ago and were prior to the firmware update.

We're still kinda of pinning all our hopes on the firmware update then a reimage fixing it but sadly only time will tell.

As expected Apple's reply is useless and I'm sure their "fix" will just to be to update to Sierra which of course is really simple...

Has anyone actually logged a ticket with Jamf about it other that post on this thread? I'm not classing this as a Casper issue as I think the boot issue kicks in long before anything Casper related is loaded but it might be interesting to hear their take on it.

SOLVED Posted: 11/28/16 at 7:42 AM by aporlebeke

@allanp81 I was going to try and give the upgrade a try on at least one machine this week.

I also found this thread from Apple's threads back from February about an hp_io_enabler_compound.kext preventing startup. In our environment this appears to be the only Apple kext on our computers, so I was also going to try messing with this as well.

SOLVED Posted: 11/28/16 at 7:49 AM by allanp81

@aporlebeke I'd be very surprised if that kext has anything to do with.

We've just had a few of us do it again, although they had their firmware updates done after they were last imaged.

The most recent time these were imaged was the 8th of November. We've reimaged them again and will see.

SOLVED Posted: 11/28/16 at 8:02 AM by Chuey

@aporlebeke @allanp81 I was seeing huge issues in carts of MacBook Airs and also iMacs / Mac Minis. These machines were running Operating System Build: 15G31

After I created a new image with all patches / security updates the new build is Operating System Build: 15G1108

Since creating a new image and re-deploying things have been quiet.

SOLVED Posted: 11/28/16 at 8:11 AM by allanp81

@Chuey How long ago were they imaged?

SOLVED Posted: 11/28/16 at 8:17 AM by Chuey

@allanp81 I piloted this image to 1 cart of 30 MacBook Airs that were having major issues about 3 weeks ago. Since imaging that cart not 1 peep from them.

I just re-imaged 5 carts of 30 MacBook Airs on Wednesday and Friday of last week.

SOLVED Posted: 11/28/16 at 8:51 AM by allanp81

@Chuey If you're going to see the issue then it would be any day based on our experiences here.

SOLVED Posted: 11/28/16 at 8:58 AM by Chuey

@allanp81 Are you using Operating System Build: 15G1108 and still seeing the issue?

SOLVED Posted: 11/28/16 at 9:04 AM by allanp81

@Chuey No we're still using 10.11.5 as our base image. We did manually update some of the machines to 10.11.6 when we first started seeing the issues but it didn't seem to help, they were still randomly getting stuck on boot.

SOLVED Posted: 11/28/16 at 9:52 AM by kayzlot1

Just chiming in here to report that we are having the same exact issue. High usage area, common lab, lots of user accounts. It is all iMacs in our environment (Retina 5K, Late-2014, Running 10.11.6, 1TB Hybrid drives).

In our environment repetitive single-user or verbose boots will eventually get them to boot. I've looked very closely at the verbose logs and I'm not really seeing any red flags. There is this which shows up almost every time, seems it can't delete the dyld caches.

Oct 11 16:19:17 localhost kernel[0]: Sandbox: launchd(1) System Policy: deny(1) file-write-unlink /private/var/run/dyld_shared_cache_x86_64h Oct 11 16:19:17 localhost[1]: Failed to remove file or directory: name = dyld_shared_cache_x86_64h, error = 1: Operation not permitted. Further logging suppressed. When it stalls in verbose boot it tends to stall right after "SDXC: pause". System.log shows this coming up after that (not displayed in Verbose boot) Oct 11 16:17:45 localhost kernel[0]: Sandbox: launchd(1) System Policy: deny(1) file-write-unlink /private/var/run/

I re-imaged the entire lab about ~1 month ago and just now the issue started cropping up again. We deploy lots of Adobe CC apps, as well as Office 16. I do have quite a lot of unofficial kext's loading - that will be my next thing to look at.

My other thought was that it could be related to the Hybrid drives in some way, but I have no evidence for that. Just know how much we've struggled deploying to them or having them 'unfuse' themselves. Maybe firmwmare related to CoreStorage?

Eager to hear if Apple has responded with anything useful - it's getting to be the end of the semester and we really can't have this many machines out of order.

SOLVED Posted: 11/28/16 at 10:05 AM by allanp81

@kayzlot1 The machines we've seen the issue originally had fusion drives in them but were all upgraded with Samsung 850 Pro SSDs. On some machines the Apple SSD portion of the fusion drive is still present but not on all of them (I guess different people did the upgrades?). The drives are separate though, they haven't been "joined" with the new drives.

We also deploy Adobe CC and Office 2016.

We too see the same errors about the dyld caches that you're seeing but I couldn't find anything useful as to what this meant and also how to fix it.

SOLVED Posted: 11/28/16 at 10:12 AM by Chuey

@kayzlot1 Can you tell me what Operating System Build version you are using to image your machines with?

SOLVED Posted: 11/28/16 at 10:15 AM by allanp81

Has anyone tried:

sudo update_dyld_shared_cache -force

In theory that could be run from single user mode.

Holding down shift on boot will also clear this cache at the same time as performing a safe boot.

SOLVED Posted: 11/28/16 at 10:16 AM by kayzlot1

@Chuey 15G31
Edit: Should clarify, that's the original image. Post-deploy after all security updates applied they are sitting on 15G1108.

@allanp81 I'm pretty sure iMac's have a mini-PCIE or m.2 SSD that works in conjunction with the standard SATA hard drive. Sounds like whoever did the installs forgot to pull the SSDs.

SOLVED Posted: 11/28/16 at 12:02 PM by Chuey

@kayzlot1 Ok, I used the latest and AutoDMG to create our image. I applied all updates to the image before compiling this way it was up to date before I shipped it out to computers.

I'm not 100% positive or anything but it seems like machines running 10.11.6 OS Build 15G31 had an issue when they applied the security update from Oct. 24th. That is when all our MacBook Airs started doing this startup issue. Since upgrading our image to the latest build with all updates and re-imaging MacBook Airs I have not seen the issue.

SOLVED Posted: 11/28/16 at 4:12 PM by allanp81

Seems unlikely as we're seeing the issue on older versions of osx

SOLVED Posted: 11/29/16 at 7:35 AM by Chuey

@allanp81 What other versions besides 10.10.X and 10.11.X are you seeing this on?

SOLVED Posted: 11/29/16 at 7:37 AM by allanp81

@Chuey we've seen it on 10.11.5 and 10.11.3 base images and 10.11.6 that were upgraded from 10.11.5.

SOLVED Posted: 11/29/16 at 7:46 AM by Chuey

@allanp81 I'd create a clean image that is patched and up to date as possible with the system build and re-image the entire machine. That is the only thing I've seen help the issue in my environment on any flavor of 10.11.X

SOLVED Posted: 11/29/16 at 7:48 AM by allanp81

@Chuey Well as per my previous posts, since we firmware upgraded and then reimaged the machines affected we haven't seen a reoccurence and some of the machines have gone 3 weeks without showing the issue.

SOLVED Posted: 11/29/16 at 9:12 AM by Zeek

Its because the hard drive on 2010-2013 Computer doesn't support the latest OS x unless its a Solid State Drive. We was having the same problem and Apple told us to change the hard drive to SSD and we have no more problem.

SOLVED Posted: 11/29/16 at 9:17 AM by Chuey

@Zeek I've had 2012 Mac Minis with SSDs and upgraded RAM get stuck on startup but they had System Build 15G31. Since upgrading them to System Build 15G1108 I've not seen the issue on them. Just my experience though.

SOLVED Posted: 11/30/16 at 2:36 AM by allanp81

@Zeek where did you hear that? It definitely works fine on spinning or fusion drives (albeit slow).

SOLVED Posted: 11/30/16 at 4:35 AM by allanp81

Sigh, one of our imaged 2 weeks ago to the day has started locking up on boot with no warning. Updated to 10.11.6 and the latest security update to bring it up to 15G1108 and same issue.

Literally nothing fixes it, even removing all MDM remnants and still intermittent boot. No local accounts, nothing.

SOLVED Posted: 11/30/16 at 11:31 AM by Chuey

@allanp81 The only thing I can think of is completely re-imaging the machine with the 15G1108 build and not doing an in place upgrade.

On November 8 I imaged a cart of 30 mac book airs that were having major startup issues with an image that was 15G1108 and I have not had 1 issue from that cart since.

SOLVED Posted: 11/30/16 at 4:35 PM by davidhiggs

@kkt @LibertyJSS @rdwhitt and others. We had issues with our high use areas, hanging on boot or login window after about 2 weeks of heavy use. This happened on 10.10 and 10.11, rebuilding the machine was the only fix that worked. There was a kauth hangup for us in the logs. Then one day I went back to basics and looked at my AD binding config and realised I had overlooked a setting which could be related to the issue:

Create mobile account at login

I'd always had this option enabled for 1 to 1 setups and never gave it a thought in shared use computing. Once I rebuilt my Macs with this binding option off, 4 weeks later I knew it had worked. We've been ticking along nicely without failure for 6 months now.

There's definitely a bug there. We don't really have a use for this option and most people shouldn't for shared use desktop Macs. So give it a go if you have it enabled. I think that once the machine had hit a certain number of mobile account users, it just crapped out.

SOLVED Posted: 12/1/16 at 7:53 AM by allanp81

@davidhiggs That's definitely something we'll try as we have mobile accounts enabled. I've noticed that in our dev environment it doesn't seem to then apply user level configuration profiles if we disable using mobile accounts, not sure if that's by design or just a totally separate issue.

SOLVED Posted: 12/1/16 at 9:27 AM by allanp81

@davidhiggs I've tried this but once I untick the option to use mobile accounts it seems to stop any user level configuration profiles from being applied. Not sure why.

SOLVED Posted: 12/1/16 at 12:14 PM by SGill

Will have to test this setting, too. We've had Create Mobile Accounts on for many years, and apparently it only started being a problem in high traffic labs as of 10.10+. I'm wondering if high numbers of /Users accounts or high numbers of /var/folders/ directories are the actual problem, too.

Our pain point seems to be when the number exceeds 50 or so local profiles.

Really odd that this number isn't limited only by the size of your local storage and not some undocumented "handful" number.

SOLVED Posted: 12/1/16 at 2:21 PM by jrippy

@davidhiggs I've talked to Apple Education Support and they've said the same thing. Essentially, Mobile Accounts were never meant to service more than a handful of people on a machine. Turning that setting off has fixed the issues we were having as well.

SOLVED Posted: 12/1/16 at 3:14 PM by allanp81

Once you've disabled mobile accounts are you applying user level configuration profiles as well?

SOLVED Posted: 12/1/16 at 3:46 PM by Chriskmpruitt

We have this same issue. Our library machines are the ones that have heavy use and over a hundred managed mobile accounts. I have one machine with me right now that would lock up on boot 8 out of 10 times. The machine had 114 MM accounts on it. I have reduced that count to 30 MM accounts, now the machine is 10 for 10 on NOT locking up on startup.

We have been doing Manged mobile accounts for years, what changed?

SOLVED Posted: 12/1/16 at 3:59 PM by jrippy


We have been doing Manged mobile accounts for years, what changed?

Yosemite and El Capitan.
No idea on what really changed in the underlying code but you know Apple. Just like with their AD plugin or wifi, they have to break everything sometimes.

SOLVED Posted: 12/1/16 at 4:18 PM by davidhiggs

We were initially using JAMF AD binding options, but I switched to using config profiles while troubleshooting. Even though it didn't fix the kauth timeout at the time, I preferred this method.

@Chriskmpruitt 10.10 and 10.11 must be not be coping with a large number of cached credentials
@allanp81 we don't have any user level profiles currently. if i have some time, i'll see if i get the same issue you do

SOLVED Posted: 12/2/16 at 3:21 AM by allanp81

@Chriskmpruitt how did you clear the mobile accounts? We're clearing all users on each boot already.

SOLVED Posted: 12/2/16 at 8:41 AM by allanp81

Also I suppose the question then becomes was it building up on a machine that uses mobile accounts to make it eventually start failing to boot.

We use a script run by a launch daemon that runs on each startup to clear out any accounts that aren't admin so we're not getting a build up of local accounts. Clearly this isn't enough so something else is getting broken/filled up that then causes the intermittent boot issue.

I've tried clearing all caches I can think of etc. but obviously there has to be something.

SOLVED Posted: 12/2/16 at 10:18 AM by kayzlot1

I just got done re-imaging our entire space again. One machine started acting up about ~3 weeks after the last re-image, and afterward it spread like wildfire. It is definitely affecting the most heavily used machines first, which makes the mobile account theory make a lot of sense.

We are going to implement the mobile account change ASAP and see if that helps.

SOLVED Posted: 12/2/16 at 10:20 AM by ssrussell

@allanp81 are you just removing the home folder or are you removing them from the local directory? Are you running something like dscl . -delete /users/student_account in your script?

SOLVED Posted: 12/2/16 at 11:12 AM by Chriskmpruitt

@allanp81 since we are still testing, I am just deleting the accounts one by one. If someone has a script to delete accounts (last login older than a month or something) I would give it a try on a cart or two.

SOLVED Posted: 12/3/16 at 1:20 PM by allanp81

@ssrussell We're doing pretty much exactly that.

SOLVED Posted: 12/5/16 at 11:17 AM by Rocky

@ssrussell Here is the simple version of the script we have been using to delete mobile accounts. We are deleting every 7 days in places and still having the hanging at startup.

userList=`dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}'`
# Deleting account and home directory for the following users...
for a in $userList ; do
#To change timefrme to a different number of days adjust the parameter, for instance, -mtime +3 is three days since modification
find /Users -type d -maxdepth 1 -mindepth 1 -not -name "*.*" -mtime +21 | grep "$a";
if [[ $? == 0 ]]; then
dscl . delete /Users/"$a"; #delete the account
rm -r /Users/"$a"; #delete the home directory
SOLVED Posted: 12/5/16 at 12:31 PM by ssrussell

@Rocky Thanks! I'm going to test this out. Some of our Macs are full to the brim with student accounts. Its nice that his will expire out old stale accounts while leaving the fresher ones on the Macs instead of just wiping all students at startup.

SOLVED Posted: 12/5/16 at 1:55 PM by SGill

@Rocky I think they are saying that you have to both clear out old mobilized AD accounts and de-mobilize new ones in the AD Bind settings (on desktops only) to see relief from the random startup failures. Many of the computers seeing the issue will show a "kauth" error at startup.

I'll be testing turning off Mobile accounts in the AD-plugin on desktops soon, but haven't yet. In my testing, it only becomes an issue on Macs with a large buildup of mobilized AD accounts.

SOLVED Posted: 12/6/16 at 5:33 AM by allanp81

I've tested turning off mobie accounts but unfortunately it seems to stop user level config profiles stop working. I've logged a ticket with jamf about this but haven't heard anything back since sending screenshots of the issue.

The main question still is what is getting clogged etc. when a load of mobile accounts have been logged into a mac? Clearing the accounts using the dscl command as above doesn't fix it as we're routinely doing that anyway. If you "sudo profiles -P" from terminal you'll see all of the config profiles still there for all of the users that have used the machine, whether the account still exists or not and there's no simple way to clear these but even when you do clear them it doesn't change anything.

What other caches could there be that need clearing or is it just something we'll never get to the bottom of without Apple's assistance? (fat chance of Apple helping as they'll just say upgrade to Sierra).

SOLVED Posted: 12/6/16 at 8:57 AM by SGill

If upgrading to Sierra fixes this...I'm in! :)

SOLVED Posted: 12/6/16 at 9:00 AM by amiller6

Upgrading to Sierra does not fix this issue. I hadn't seen the problem in a while, but just had to re-load a Sierra test machine to resolve the issue.

SOLVED Posted: 12/6/16 at 9:04 AM by SGill

@amiller6 Were you able to retest with "Create Mobile Accounts" set to Off ?

SOLVED Posted: 12/6/16 at 9:12 AM by amiller6

I just reloaded the machine and am using that configuration now. I see that has caused some issues for others though, so not sure how that will work. Unfortunately, the machine went a couple of weeks without showing the issue, so it may be some time before I would see the issue again.

SOLVED Posted: 12/6/16 at 9:31 AM by allanp81

I think it's when you get around 100+ accounts. That seems to be when we start to see the issue. I could in theory make 100 temporary guest accounts and start going through the laborious process of logging in and out with each of them.

SOLVED Posted: 12/6/16 at 4:42 PM by davidhiggs

when creating mobile accounts, i'm not sure where Apple keeps the user cached credentials. it's possible they're separated and might not be cleaned up when the dscl delete command is used, which sounds like what @allanp81 is experiencing.

to be sure, i would re-image the machine if possible. when i made this AD config change, i didn't find it necessary to delete/reset the machines in the JSS.

SOLVED Posted: 12/7/16 at 4:29 AM by Kong

Hello, we have the same issues as posted in this post. Have re-imaged our affected Macs, roll back the OS and we have different models of Macs, after a few weeks of heavy usage, same issues again.

David Higgs was right, it was the CreateMobile Account setting that is enabled that is causing this issue.
If you do not wish to re-build/re-image your existing affected Macs, you can apply the fixes below manaully that I have applied and tested on all our affected Macs.

  1. Disable CreatedMobile Account.

  2. Enable the root account.

  3. Logon as root and delete these AD cached user files below;
    / var/db/dslocal/nodes/default/groups and delete all with - = number of user
    (you can spot these easily as that are listed in numerical order.)

/var/db/dslocal/nodes/default/groups/sharepoint and delete USERNAME public folder.plist (all your AD users actual Names will be listed here)

  • var/db/dslocal/nodes/default/groups/Users and delete all USERNAME.plist
    (all your AD users will be listed depending on how you have assigned these e.g. our students are registered by the year they start so 16000000 etc.) (Deleting the affected users' plist here will also automatically removes them from System Preferences Users & Groups section.)

  • Empty the Recycled bin.

  • Must restart the Mac. The first boot will take awhile as it needs to rebuild the databases.
    We have a script that deletes User's local home folders and Users' folders in /Library/Managed Preferences. So if you do not allow users to save work on the local Mac, if you wish, you can delete these manaually. So it's nice and clean,

If you do get a Mac that just refuse or take ages to boot even after reseting the SMC, PRAM, Safemode fixes etc. Target disk mode the affected Mac with another Mac. Must ensure that all Hidden/System Files are enabled so that you can see the affected files. I have a nice App that I found on the web that does this nicely. Then follow the steps above.

Hope this helps.

SOLVED Posted: 12/7/16 at 6:47 AM by allanp81

@Kong I'm assuming if you regularly cleaned up those locations you could leave mobile accounts enabled?

SOLVED Posted: 12/7/16 at 8:04 AM by Kong

Hi allap81. If you leave the CreateMobile accounts enabled after my cleanup, after heavy AD usage you will ge the same issues again. Unless you are know how to write a script to does the cleanup on startup or maybe once a week of these hidden AD users cached credentials. In our case, we have no need to use the CreateMobile aacount enabled as these are Student Macs and most of them are in open access areas. We never have this option enabled over the last few years but it was a mistake that this option was enabled that's when we start to get the stuck at booting issues.

SOLVED Posted: 12/7/16 at 8:36 AM by allanp81

@Kong we run a script on startup to clear the accounts so in theory I could just clear those locations at the same time

SOLVED Posted: 12/7/16 at 11:55 AM by Chriskmpruitt

@allanp81 do you mind sharing that script?

We have been using Rockys script to delete accounts on startup. We are deleting all accounts that have not been modified in 5 days. This machine is still locking up with only 8 accounts on it.

I just manually deleted the / var/db/dslocal/nodes/default/groups and delete all with - = and my test machine just booted 10/10 with no lock ups.

Some of our machines go home with students so we need Managed mobile accounts turned on.

SOLVED Posted: 12/8/16 at 3:01 AM by allanp81

Interestingly I have noticed that if you remove a mobile account via the gui, it removes those references under the /var/db/dslocal/nodes/Default location...

SOLVED Posted: 12/8/16 at 9:43 AM by amosdeane

Hi, can I just ask who uses Autodmg when building your base image? Has anyone had this issue when thin imaging?

SOLVED Posted: 12/8/16 at 9:53 AM by SGill

Yes, I'm seeing it in thin Autodmg in the loop.

Happens on busy lab macs with about 100 or more AD-mobilized accounts.

I think I'll be moving forward with turning off mobilization soon (via a Configuration Profile--the Mobilize choice is also in the Directory payload).

Still not sure why there seems to be an upper limit here other than local storage--it could be an Apple bug that began around 10.10.3. This one is difficult to recreate due to the conditions that must be present in order to see it.

SOLVED Posted: 12/8/16 at 10:00 AM by PeterClarke

Yes, we do - Although i did wonder about that, we were seeing this issue - less often - before we started using AutoDMG built images.

But previously, we had an old-account removal script running, where as presently we don't.
When we were using the old-account removal script, it had bug, that caused some accounts not to be removed.
I was going to re-write it - without the bug. (The original version was copied from elsewhere)
The 'bug' by the way, was technically a 'feature' - the original script made use of the unix mtime function - which actually works differently to the way that everyones expects to work !

i am thinking that, because the number of (mobile) accounts, were mostly, kept limited (though in busy areas, even with the account culling script, we sometimes got to over 300 accounts a a library computer) we rarely saw this issue.

It seems to be happening more since we have used OS X 10.11 (OSX 10.11.6 currently)
we also saw it more rarely in OS X 10.10.x, and it almost never happened in OS X 10.9.x..
- But that's just my observation..

Busy areas with lots of account churn - such as in library areas, seem most prone to this problem

SOLVED Posted: 12/8/16 at 10:27 AM by allanp81

We cleared out the groups and sharepoints directories on over 15 today and it fixed all of them instantly. We've added it to our cleanup scripts so will see what happens from this point so fingers crossed.

I'm also going to use composer to do a snapshot to see what deleting a mobile account via the gui actually does.

SOLVED Posted: 12/8/16 at 11:21 AM by Zeek

I use the Autorun Data to re-image a computer with a different name and for some reason every time I change the name its goes to the old one. Any idea how to fix it?

I also went to the sharing option on the device and change the name but when I run sudo jamf recon it change it to the preview name.

SOLVED Posted: 12/8/16 at 5:37 PM by Rocky

Incomplete solution deleted.

SOLVED Posted: 12/9/16 at 9:53 AM by allanp81

It appears that this has now fixed our issue based on our testing today. It has fixed all machines with the issue.

We are just running the following script on each boot of a student machine:


UserList=`ls /Users | grep -v "Shared" | grep -v ".localized"`

Dansarray=( $UserList )
#printf "%s\n" "${Dansarray[@]}"

for u in ${Dansarray[@]} ; do
    if [ "$u" = "administrator" ] || [ "$u" = "admin" ] ||  [ "$u" = "kingston" ] ||  [ "$u" = "Administrator" ]  || [ "$u" = "arduser" ] ;
        echo "$u -- detected skipping..."
        echo "$u -- Deleting..."
        `/usr/bin/dscl . delete /Users/$u && /bin/rm -rf /Users/$u`
        find /private/var/db/dslocal/nodes/Default/sharepoints -name "*" -type f -delete
        find /private/var/db/dslocal/nodes/Default/groups -name "*" -type f -delete

This was written by a colleague about 18 months ago so I have just appended the 2 lines to remove the references to sharepoint.

SOLVED Posted: 12/9/16 at 12:53 PM by amosdeane

Interesting to see that it's occurring without Autodmg in thin images. We currently have a support case with Apple and they insisting that we build an image without any 3rd party to tools to remove them from the equation. We are doing this but it sounds like this is a red herring.

SOLVED Posted: 12/9/16 at 1:57 PM by amiller6

Details are fuzzy, but I recall using internet restore on a machine and still seeing the issue. I don't believe this is an Autodmg issue(although that is what I'm using to create my base image).

SOLVED Posted: 12/9/16 at 2:02 PM by allanp81

@amosdeane @amiller6 look above, it's essentially been solved by Kong and from my testing looks like a fix has been found. No need to disable mobile accounts etc, just do a proper cleanup of them and bob's your mother's husband's brother.

SOLVED Posted: 12/12/16 at 4:49 AM by amosdeane

Ok, that sounds very positive. I'm just slightly cautious as we've thought that we've fixed this one a few times and then it's come back! We're going to test this out. Thanks all for the suggestion!

SOLVED Posted: 12/12/16 at 5:27 AM by allanp81

@amosdeane It is looking promising. Our main affected room has 47 macs in it and so far we've never had a morning where all of them would power on successfully.

This morning I watched using our custom availability tool and all 47 came on first time without any hitches so it really is looking good so far.

Usage will drop off in the run up to Christmas so I'm not going to call it properly until we reconvene after the break in January but so far every mac that wouldn't boot worked fine after clearing those obsolete plists.

I find it ridiculous that just a build of ~100 plists can stop a whole OS from booting if this does turn out to be the fix.

SOLVED Posted: 12/12/16 at 10:21 AM by amosdeane

allanp81 that sounds encouraging. If we could finally crack this problem I feel like just starting the christmas festivities right away....

SOLVED Posted: 12/13/16 at 9:02 AM by allanp81

I did a quick compare of a file system, before and after deleting a mobile account via the gui compared to deleting an account using the dscl command. And the main differences appears to be that deleting via the gui removes the following (along with the /Users/account directory):

/private/var/db/dslocal/nodes/Default/groups/ (this increments for each new user)
/private/var/db/dslocal/nodes/Default/sharepoints/user, name's Public Folder.plist

Using the dscl command only removes the last of those 3 lines and leaves the other 2 files. Over time you could end up with 100s of these and this seems to be what causes the intermittent boot issues. All of our machines now appear to be working fine since adding those 2 lines to our account cleanup script.

I don't know if this is a bug in the way the dscl command works but you can manually clear these easy enough by removing them all or making something more complicated if you wanted to.

The and public folder.plist are to do with user shares and the public directory that exists within a user's home directory. If you are deleting all local mobile accounts then there's no harm in doing this.

SOLVED Posted: 12/13/16 at 9:10 AM by aporlebeke

Just to be clear @allanp81 , you have not modified your script as posted here in this thread?

SOLVED Posted: 12/13/16 at 9:15 AM by Chuey

@allanp81 @amosdeane We had 4 MacBook Airs that were stuck on startup this morning. We booted to an external hard drive and then browsed to the troubled computers partition and ran these two commands suggested by allanp81 above:

find /private/var/db/dslocal/nodes/Default/sharepoints -name "*" -type f -delete
find /private/var/db/dslocal/nodes/Default/groups -name "*" -type f -delete

Once we rebooted the machine, BOOM, it worked and even seemed to boot faster. I think this is definitely the fix. We did not delete the Users home folder or the dscl record. All we did was delete those plist files and it instantly booted. Thanks so much. I think we are going to create a script with those commands and apply it as a LaunchDaemon.

SOLVED Posted: 12/13/16 at 9:24 AM by allanp81

@aporlebeke Yes that is correct, we've been running that script now for over a year and I just added the 2 find commands to the script. We have always cleared local mobile accounts on our student machines to prevent build ups.

@Chuey I'm assuming you put in the path to the local disk though and not the external hard drive that you booted from?

SOLVED Posted: 12/13/16 at 9:35 AM by Chuey

@allanp81 Correct, we made sure we deleted them on the local hard drive and not our external drive.

SOLVED Posted: 12/13/16 at 9:37 AM by allanp81

@Chuey Excellent, well it's looking good then. I might see if I can try and streamline it a bit as those 2 commands will also delete the files associated to the admin account, although I'm not sure it matters unless you've changed any sharing settings to do with that user.

SOLVED Posted: 12/13/16 at 10:07 AM by Chuey

@allanp81 I noticed if you do not delete home folders associated to users that it will not re-build those files in private/var/folders. I was able to login and browse mounted shares no problem.

Not sure if that is an issue or what ?

SOLVED Posted: 12/13/16 at 10:08 AM by allanp81

Yes not sure. We're only going to clear those sharepoint files at the same time as deleting the users.

SOLVED Posted: 12/13/16 at 10:34 AM by draeconis

From what we can tell, it looks like an area that handles the user's local 'Public Folders' and sharing rights for these folders specifically.

It seems to reliably resolve this issue, although we've seen many things fix it, only for the issue to come back without reason, so we'll keep testing it for now.

Since you're deleting these files without using $u in your script, you could always put this outside the do loop, since after the first time it runs it'll be redundant :).

SOLVED Posted: 12/13/16 at 11:35 AM by allanp81

@draeconis haha,yes good point. Will update it once we roll it out properly.

SOLVED Posted: 12/16/16 at 6:05 AM by allanp81

How are people getting on with this now? Does it look like it's fixed it for everyone?

SOLVED Posted: 12/16/16 at 11:01 AM by Rocky

It's been a week now since the first machines I did (end of last week), other machine about 4 days (beginning of this week) and have seen no recurrence thus far. It's finals week at the university I'm at, so pretty heavy use at the beginning of the week tapering off towards the end. I'm very optimistic this is working.

SOLVED Posted: 12/20/16 at 2:01 PM by chadwau

After reading the above comments and info our district is seeing the same issue. We have tried the same troubleshooting techniques to resolve, no resolve as of yet.

We currently tried the deleting of the two below directories. After that the machine after many hard shut downs were not able to get the machine to boot at all. find /private/var/db/dslocal/nodes/Default/sharepoints -name "" -type f -delete
find /private/var/db/dslocal/nodes/Default/groups -name "
" -type f -delete

The only difference I saw before deleting any directories was unchecking the "create mobile account" box in the directory utility. The machine then would boot at 1:20 seconds slower than our typical average time of 44 seconds. After rechecking the box the machine would not boot.

Will post any new information when I can.

SOLVED Posted: 12/22/16 at 7:44 AM by Jalves

This has been a fun one... I have been using the script posted by @allanp81 and for the most part it's working perfectly. I have it set to run ongoing at startup with my management accounts excluded. We use google school, so deleting all accounts isn't a huge deal. I am however intermittently getting calls about "OS X Library needing repair" which I know is resulting from people logging in while the script is still running. Is there anyway I can delay the process of the user logging in until the script has completed? Not a huge deal, this eventually goes away once all accounts get erased. I was just hoping to prevent a few help desk calls.

Thank You

SOLVED Posted: 12/22/16 at 8:10 AM by allanp81

@Jalves how are you running the script? Looks like via a Casper policy.

Try running it via a launch daemon on the machine itself and see what happens. That's how we are doing it, probably means it runs earlier than via a Casper policy.

SOLVED Posted: 12/22/16 at 8:00 PM by Chuey

@Jalves Right now I've implemented a script that just removes the necessary files on logout.

SOLVED Posted: 12/26/16 at 6:54 PM by ssrussell

@Chuey One thing to be aware of (which might not be an issue for your environment) is that part of the problem from what I've read is that some students (or adults) are force shutting down the Mac which would bypass the cleanup script at log out.

SOLVED Posted: 1/3/17 at 12:28 PM by Jalves

@Chuey So your getting by with the two lines listed below while retaining the home folder? That may make more sense for us, since us deleting the home folders was only a reaction to this issue.

find /private/var/db/dslocal/nodes/Default/sharepoints -name "" -type f -delete
find /private/var/db/dslocal/nodes/Default/groups -name "
" -type f -delete

SOLVED Posted: 1/3/17 at 2:24 PM by Chuey

@Jalves Correct. I have a logout script that removes the necessary files every time a user logs out. BUT. . . I did notice if a user already logged in before, files were removed and they log into the same computer again those files are not recreated. I'm not sure what types of issues it may cause or what but I've seen no issues from doing that.

SOLVED Posted: 1/6/17 at 12:04 PM by Chriskmpruitt

Has anyone opened a case with apple to see what the long term effects are when deleting these files?

SOLVED Posted: 1/12/17 at 10:18 AM by allanp81

How are things looking for everyone now things are back in the swing? We haven't had a complaint now for weeks so all is looking good.

SOLVED Posted: 1/12/17 at 10:39 AM by Chriskmpruitt

I have not had a complaint in about a week. But it scares me that we are deleting a file that does not come back, nor do we know what the long term effect is.

SOLVED Posted: 1/13/17 at 2:09 AM by allanp81

I don't see there's any effect from it, especially if accounts are being cleaned up automatically.

SOLVED Posted: 1/16/17 at 3:05 AM by neil.martin83

Just to chime in - When I started in my role in September, I noticed some of our lab Macs being stuck at the loading bar. But because we were in the process of re-imaging them anyway I didn't pay too much attention. We are AD bound with mobile homes. Also, I know an in-place upgrade from OS X 10.10 to OS X 10.11 was attempted on some of them (Casper Admin generated pkg AFAIK) so I put it down to that being a possible factor.

Fast forward to December and a few Macs that were imaged in September in the open access area of our library, start doing this again. We also received reports of slow/poor performance of those library Macs in general. I went the PRAM/SMC reset/Apple Hardware Diagnostic route on them which didn't reveal any problems, then re-imaged. It's also worth noting that we delete cached user homes on these Macs every day.

Thanks to this thread, I'm trying out those 2 find commands in a recurring logout script to see how we get on this semester. Time will tell! We don't use the File Sharing service and removing those ~/Public folder sharepoints is good for us from a security perspective. :)

SOLVED Posted: 1/16/17 at 5:49 AM by allanp81

@neil.martin83 Do let us know how you get on, it seems to have definitely fixed it for us.

SOLVED Posted: 1/17/17 at 4:59 PM by Chriskmpruitt

I am about to pull the trigger on applying this "fix" on all student machines.

I just wanted to verify that everyone is just running this

find /private/var/db/dslocal/nodes/Default/sharepoints -name "*" -type f -delete

We have some state wide testing starting next week and would just like to have a "fix" in place

SOLVED Posted: 1/18/17 at 3:02 AM by allanp81

@Chriskmpruitt We are running the 2 commands:

find /private/var/db/dslocal/nodes/Default/sharepoints -name "*" -type f -delete
find /private/var/db/dslocal/nodes/Default/groups -name "*" -type f -delete
SOLVED Posted: 1/18/17 at 8:55 AM by SGill

so is the asterisk in the quotes or not?

"" or "*"

SOLVED Posted: 1/18/17 at 12:57 PM by allanp81

@SGill Yes, not sure why it removed it when I copied and pasted.

Edit In fact, I've noticed that if I edit that post it shows the asterisk but not when I save it for some reason.

SOLVED Posted: 1/18/17 at 1:01 PM by SGill

Paste it into the Command field - use the ">_" button above

SOLVED Posted: 1/18/17 at 3:25 PM by allanp81

@SGill Done

SOLVED Posted: 1/20/17 at 8:15 AM by Chuey

@Chriskmpruitt Just wanted to let you know I have applied this fix to over 100+ Macbook Airs & Mac Mini's or iMacs.

Seems to be working great since implementing. Before rolling this out we were seeing mass amount of issues per day in our high usage areas.

SOLVED Posted: 1/20/17 at 1:25 PM by Chriskmpruitt

Today is testing day! and 0!! let me say it again 0!!!!! reports of computers locking up on startup!!!!


SOLVED Posted: 1/20/17 at 7:49 PM by davidhiggs

been away for a while, good to see some traction with this and some happy results!

FYI i reported this to Apple a while back with 10.10.5 and 10.11.0, they acknowledged the issue with no resolution. At that time I wasn't aware of the mobile account bug, and they never asked about my config either. I couldn't get any internal bug report number from them, but they were happy for me to share this (limited) information.

SOLVED Posted: 1/24/17 at 9:07 AM by Jalves

I have had this running for about a month now, and since then all machines have been starting up as expected. I haven't seen any issues related to deleted those files on our machines either. So far so good.

SOLVED Posted: 1/25/17 at 1:44 PM by Zeek

Can I have help with this script please?
I have this VPN application (AppleScript) to redirect students's traffic to our Watch Guard from home but the application pop up every minutes for some students. Anyone knows why the pop up or what I am missing? I have the application located /User/Library/ApplicationSupport/Jamf. And the same application is located in the login Items.

SOLVED Posted: 2/11/17 at 7:12 AM by neil.martin83

@allanp81 So far so good, no issues since we deployed it and no hanging Macs. :)

SOLVED Posted: 2/12/17 at 2:32 PM by allanp81

@neil.martin83 Sounds good, looks like the issue is sorted then. We've had reports from varying locations around our uni that login times have improved since we rolled this out.

SOLVED Posted: 3/7/17 at 3:57 AM by nigelg

@allanp81 @neil.martin83 This is a great topic - I had the same issue myself with our high traffic workstations running 10.11.x. I was able to get them all to boot consistently after adding the script to a logout policy. I made some minor adjustments to stop the deletion of the users home folder (specific to our environment) and also moving the find/delete commands out of the for loop as it didn't need to run multiple times on each script execution.

I did have 2 workstations that wouldn't reboot at all so I had to log in single-user mode and run the 2 find/delete commands after following the on-screen instructions to make the disk r/w. After that they rebooted consistantly.


UserList=`ls /Users | grep -v "Shared" | grep -v ".localized"`

Dansarray=( $UserList )
#printf "%s\n" "${Dansarray[@]}"

for u in ${Dansarray[@]} ; do
    if [ "$u" = "administrator" ] || [ "$u" = "admin" ] ||  [ "$u" = "adobeinstall" ] ||  [ "$u" = "Administrator" ] ;
        echo "$u -- detected skipping..."
        echo "$u -- Deleting..."
        /usr/bin/dscl . delete /Users/$u
find /private/var/db/dslocal/nodes/Default/sharepoints -name "*" -type f -delete
find /private/var/db/dslocal/nodes/Default/groups -name "*" -type f -delete

Maybe someone can confirm whether there is benefit to removing the user record from the default local mode using the following line if I am not removing the users home directory

/usr/bin/dscl . delete /Users/$u

as the find/delete commands on their own seemed to do the job well enough.

SOLVED Posted: 3/14/17 at 9:43 PM by eholtam

Instead of using dscl to remove an account take a look at sysadminctl (goes back to at least OS X 10.10) for removing accounts cleaner.

This removes any running processes by that user, the home folder, the public share, the cached credentials, and disabling Back To My Mac for that user if set.


bash-3.2# ls /var/db/dslocal/nodes/Default/sharepoints/ Tester's Public Folder.plist eholtam's Public Folder.plist admin's Public Folder.plist bash-3.2# sysadminctl -deleteUser tester 2017-03-14 21:28:05.241 sysadminctl[2093:60392] Killing all processes for UID 503 2017-03-14 21:28:05.242 sysadminctl[2093:60392] Removing tester's home at /Users/tester 2017-03-14 21:28:05.877 sysadminctl[2093:60392] Deleting Public share point for tester 2017-03-14 21:28:05.903 sysadminctl[2093:60392] Deleting record for tester 2017-03-14 21:28:05.930 sysadminctl[2093:60392] AOSKit INFO: Disabling BTMM for user, no zone found for uid=503, usersToZones: { 502 = ""; } bash-3.2# ls eholtam's Public Folder.plist admin's Public Folder.plist
SOLVED Posted: 3/16/17 at 10:27 AM by allanp81

Will definitely have a look. Currently building Sierra images for next academic year so will move to that process if it works better as it looks simpler.

SOLVED Posted: 3/16/17 at 10:28 AM by allanp81

@eholtam Tried this and on Sierra it doesn't seem to remove the problem entries from /var/db/dslocal/nodes/Default/groups and sharepoints even though the results of the command said it did.

Edit it DOES work, but only if the machine was rebooted first, which is fine as that's when we run our cleanup script.

SOLVED Posted: 4/26/17 at 5:28 PM by rlegge

Is it possible (probably, but my noob is showing), to edit the script posted by @nigelg to only delete AD users that have not logged in for "X" days?

The script works, as is, but we would only like to delete user accounts that haven't been used in 30 - 60 days

SOLVED Posted: 4/27/17 at 9:14 AM by SGill

Alrighty it on hundreds of macs with no trouble but you're right that I never run it on a logged-in user ...use it for labs but probably better not to tempt 1-1 managers with it. Also it's not my script and it's posted elsewhere here by others.

SOLVED Posted: 4/27/17 at 10:54 AM by rlegge

@sgill That script is dangerous, and not consistent, and can delete logged in users. I want to stick with using sysadminctl.

Thanks, though

SOLVED Posted: 4/28/17 at 11:46 AM by rlegge

I'm trying to modify this script to only delete accounts older than "X" days



Requires Mac OS X 10.10 or newer

If run as root, deletes all AD accounts

If user is logged in, asks to verify login ID and will not delete that account


adusers=$(dscl . list /Users UniqueID | awk '$2 > 1000 {print $1}')
currentuser=$(stat -f "%Su" /dev/console)
response="2" # Presume confirmation failure

if [[ "$currentuser" != "root" ]]; then # If we're not root, ask user to verify their login ID response=$(/Library/Application\ Support/JAMF/bin/ -windowType utility -title "Verify login ID" -heading "Verify login ID" -description "Please verify that $currentuser is your login ID" -button1 "That's Me" -button2 "Not Me") if [ "$response" != "0" ]; then echo "Did not get confirmation from user, no accounts will be deleted" fi
else echo "Running as root, so all AD accounts will be deleted" response="0" # Always set confirmation response when root

if [ "$response" == "0" ]; then echo "Deleting AD user accounts..."

for user in $adusers ; do if [ "$user" != "$currentuser" ]; then /usr/sbin/sysadminctl -deleteUser "$user" echo "$user deleted" fi done

SOLVED Posted: 5/15/17 at 8:04 AM by allanp81

I've revised my script a bit, removed some of the duplicated commands etc.

I've tried using the sysadminctl method and although it always deletes the accounts, it sometimes leaves the Sharepoint files behind which is the exact problem that ends up stopping a Mac from booting.

It will also now only run if there are any accounts to actually be cleaned up, whereas before it would always run.

#This Script will remove all accounts that are not
#specified below (e.g. Administrator, etc.)
#Accounts are case sensitive

UserList=`ls /Users | grep -v "Shared" | grep -v -i "admin" | grep -v -i ".localized" | grep -v -i "kingston" | grep -v -i "administrator" | grep -v -i "arduser"`

Dansarray=( $UserList )
#printf "%s\n" "${Dansarray[@]}"

if [ ${#Dansarray[@]} -eq 0 ]; 
        echo "Nothing to do, exiting"
        exit 0
        for u in ${Dansarray[@]} ; do
            echo "$u -- Deleting..."
            `/usr/bin/dscl . delete /Users/$u && /bin/rm -rf /Users/$u`
        #Remove sharepoints and groups
        find /private/var/db/dslocal/nodes/Default/sharepoints -name "*" -type f -delete
        find /private/var/db/dslocal/nodes/Default/groups -name "*" -type f -delete
SOLVED Posted: 8/10/17 at 7:37 AM by smkolins

@rlegge I happen to have spent some time finding ways to delete account folders after a time delay so adding here. These commands remove the targets after 40days of no activity one layer below their account( i.e. something in any of the Desktop, Library, etc., was touched in the last 40 days.)

This does NOT deal with the /private/var/db/dslocal/nodes/Default/sharepoints and groups folder problems if you have them. But the command process might be integrated into that process. We happen to be in a situation where we want to delete user folders after a period of inactivity rather than all at once.

find -x /(path)/ \( -mtime +40 -and -maxdepth 1 -and -type d \) -print -exec rm -rf \{\} \