Imaging and NetBooting of 2017 iMacs

mconners
Valued Contributor

Hello Everyone,

First off, I know many of us use different processes; DEP, thin imaging and many more. We had an issue with the new iMacs coming in requiring a different build and I wanted to share what we did.

We used the standard tools to get this working utilizing AutoDMG and AutoCasperNBI.

Using the tools mentioned above, we found there was an update at Apple for these new iMacs:
https://support.apple.com/en_US/downloads/macos

We then proceeded to run AutoDMG and adding the typical Sierra download as we always have done, the required build for these 2017 Macs, we couldn't find a way to download the needed Sierra build. We added this new update package mentioned above, to AutoDMG so it would add the package to the final AutoDMG build. This created a new OS.dmg that was the correct build for the new iMacs, build 16f2073.

We then used AutoCasperNBI to build the new NetBoot image, this worked just fine to build the correct OS and it NetBoots our new iMacs.

I thought I would share this process for those that need to NetBoot, image the new iMacs.

37 REPLIES 37

bradtchapman
Valued Contributor II

Cool.

The $64,000 question: can you replicate this process using High Sierra on the same computers? And will they have HFS+ or APFS?

SGill
Contributor III

APFS=RIP imaging?:

http://www.addigy.com/apple-wwdc-completely-changes-managing-macs-apfs-prepared/

bentoms
Release Candidate Programs Tester

optional image ALT text

blackholemac
Valued Contributor III

@bentoms Now you are just showing off man...I am very eager to see what you have to say in this regard in more detail! Specifically what you have to say because my existing imaging workflow is useless without your product specifically.

P.S. yes, this post was meant to egg you on explicitly because somehow I want to see what you have come up with but I know to some degree you can't show off because of NDA issues.

bentoms
Release Candidate Programs Tester

heh.. yep NDA.. also.. who knows what will happen come 10.13 release?

blackholemac
Valued Contributor III

well...I'll put it to you this way...I am also an Apple Developer so if you wish to point me to login-walled links I'm all for it. Also if you specifically were to "wax philosophic" on the death of imaging perhaps in a post and include some waxing on the greatness of Mac-based DEP, I'm certain I could read into that how I needed to. I already am near fully DEP on the iOS side, but we never did image there.

I am already trying to get us migrated to a full DEP workflow on Macs as well. We had some pesky licensing issues with some of our Mac software that made such a migration ugly. We have since resolved that mostly, but due to summer scheduling, a migration to the new workflow isn't happening this summer. My target for full migration is June-July of 2018. I guess at that point imaging will die to us, but again that's where I like hearing from you and other creators of our imaging workflow where possible. I pride myself on keeping on open mind on such weighty matters.

bentoms
Release Candidate Programs Tester

@blackholemac See this

With that working, AutoCasperNBi just worked...

SGill
Contributor III

After some further research...it appears that imaging lives....just perhaps in an updated form.... :)

dvasquez
Valued Contributor

Sorry was posting on the wrong discussion.

Nix4Life
Valued Contributor

And JAMF even admitted in yesterday's webinar "Why DEP is Replacing Imaging (and Why it's a Good Thing)". Not sure if it's posted on the site yet. The three methods they mention are: DEP, Recovery and Total Nuke and Pave.

sepiemoini
Contributor III
Contributor III

While I am still in the process of packaging this new DMG using AutoDMG, I am super excited that I found and bookmarked this post a while back. Kudos to everyone!

6e808833ad0e4461b98d96c56e319888

sepiemoini
Contributor III
Contributor III

UPDATE: It worked, naturally. It's also worth noting that it's imperative to include the newly created DMG with the 16F2073 build in Casper Admin as the DMG used during imaging if you're wiping the macOS device first.

eaf21a5539d2475ebd8650de99dfcd78
13f4134df81a4ce29821e3655424efa2
c35e3461c6944da9848809f2fb8bce08

mapurcel
Contributor III

@sepiemoini keep in mind that if you erase the drive on a 2017 MacBook and image with that build then the recovery partition won't be compatible (boots to prohibit when trying to access the Recovery Partition)

nkalister
Valued Contributor

@mapurcel have you found a way to get a compatible recovery partition installed with the 2073 build or included with the autoDMG image?
It's interesting that FileVault works even though booting to recovery does not . . .I wonder if that means the only problem is that the board ID for the 2017 MBP's is not included since the 2073 build comes from the 2017 iMac update.
I'm doing an internet recovery on a 2017 13" right now, then going to try to build a recovery partition installer from the installESD that comes down- if that works, then that can be deployed to any 2017 MBPs that get imaged before 10.12.6 comes out and unifies everything again.

mapurcel
Contributor III

@nkalister I did not, we moved to thin imaging, leaving the OS untouched out of the box, until 10.12.6 comes out, good luck

nkalister
Valued Contributor

double post!

nkalister
Valued Contributor
  1. use internet recovery on a 13" or 15" 2017 MBP. Grab the installESD.
  2. Download the current Sierra installer from the App Store. Replace the InstallESD.dmg inside with the one from your IR download.
  3. Run Mager Valp's create recovery partition installer with the frankenstein'd Sierra app.

That produces a package that can be included in imaging or deployed and will install a recovery HD that will boot all models including the 2017 MBP's.

geoffrepoli
Contributor

///

nkalister
Valued Contributor

@grepoli that will result in a build with a recovery HD that will not boot the 2017 MBP's like @mapurcel said above. It'll boot to the OS and enable FileVault, but attempting to boot to recovery gives the prohibit sign.

antoinekinch
New Contributor III

What I had to do was:

  • Use Disk Utility to Capture a 10.12.5 image from the never been booted 2017 MacBook Pro (no recovery partition)

  • Use AutoCasperNBI to create a bootable USB stick image

  • Boot to the USB

  • Copy System Image Utility from a 10.12.5 machine to the USB

  • Run System Image utility to create a NetRestore Image of the never-been booted Macintosh HD of the 2017 MacBook Pro (16F2073 image that includes the recovery partition) so that any other machines that are imaged can also be encrypted.

  • Then take that image and create Netboot and AutoDMG images.

jeandelgadoc
New Contributor

@sepiemoini How were you able to get build 16F2073. I did this and still got the same build 16F73 and it doesn't work with MBP 2017. Any guess? 85884c60bb6e4ac1b2d8badc1b34d2a4

jeandelgadoc
New Contributor

[link text](link URL)
@sepiemoini How were you able to get build 16F2073. I did this and still got the same build 16F73 and it doesn't work with MBP 2017. Any guess? d3fbf235af08462ba23feb970fb13b99

sepiemoini
Contributor III
Contributor III

@jeandelgadoc I grabbed the 10.12.5 from here and completed the above steps using AutoDMG. The result of that DMG was a 10.12.5 DMG with the 16F2073 build. Only difference is that I did not opt for the "apply updates" section in AutoDMG but I can't imagine that having an impact on the DMG itself.

jeandelgadoc
New Contributor

@sepiemoini This worked I was able to get 16F2073 build, THANKS! The problem now is that 10.11.4 didn't work on MBP 2017 from Casper Admin. I was able to install that configuration to old MBPs but not new ones. I have the Prohibited Symbol. Any tips on how to install macOS Sierra on Casper Admin?

nkalister
Valued Contributor

@jeandelgadoc @sepiemoini If you started with the 16F73 installer, your 2017 MBP's will not boot into the recovery partition with that autoDMG procedure. The recovery HD is not updated and will still be 16F73.

rqomsiya
Contributor III

So we just got one new 2017 iMac. What are the best steps to take to grab a working image so I can deploy to the rest of my iMacs when they arrive?

Thanks,
R.

neilmartin83
Contributor II

@rqomsiya I had to deal with my first 2017 iMac yesterday...

  1. Boot the iMac to Internet Recovery.
  2. Connect an external drive (HFS+ formatted).
  3. Choose the Reinstall macOS option.
  4. After the license agreement, select the external drive as the install destination.
  5. When the first stage of installation completes (before the Mac restarts), switch the Mac off and disconnect your external drive.
  6. On the external drive, there's a folder - macOS Install Data - and inside that is a file, InstallESD.dmg - drag InstallESD.dmg onto AutoDMG like you would with the macOS installer application.
  7. Profit with your pristine never-booted image - feed it to AutoCasperNBI to get your NetBoot set and use it as a base to image new Macs.

N.B. 16F2073 boots on older Macs too, not just the 2017 iMacs - BUT Apple do tell you not to use forked builds with Macs other than those they're created for. 10.12.6 will be with us soon and this mess will hopefully be over. :-)

ant89
Contributor

@sepiemoini Nice work! Your method worked for me.

We dont use Casper imaging here. We use DEP. But instead of using internet recovery to get a laptop back to the stock image, we use deploy studio. Casper imaging enrolls the device which we dont want. DEP will handle enrollment.
Deploy studio images it back to the out of the box condition.

Adding the 16F73 sierra + macosupd10.12.5 to autoDMG worked perfectly. --- Note: AutoDMG does not rename it... if you add it back to autodmg, you will see the correct build after its created.

I used DeployStudio assistant on the 2017 macbook to create the updated Netboot image.

sepiemoini
Contributor III
Contributor III

@ant89 Woo-hoo! Glad that it worked for you. Now for a 10.12.6 update :)

nkalister
Valued Contributor

10.12.6 came out today.
Also, @ant89 , your build's recovery partition will not boot 2017 MBP's. Don't use it.

sgorney
New Contributor III

I am now using an AutoDMG build of 10.12.6 for my NetBoot and OS Image. NetBoots the 2017 MacBook Pros' just fine. However after imaging and booting into the adobeinstall user for post-imaging tasks, it is not recognizing the ethernet interface. Hence, no enrollment and it skips all my triggers, dummy receipts, etc. I have tried it with the Belkin USB-C adapter as well as the Thunderbolt 2 to 3 plugged into an ethernet adapter.

I am on 9.98 FYI. Anyone else having this issue?

mohlmag
New Contributor II

Believe we are seeing the same issue here . ASR image of 10.12.6 gets applied, quickadd should install at reboot. Instead the system comes up to the login window and the quickadd doesn't seem to apply as there is no SSH access and the cooresponding policy doesn't kick off.

mohlmag
New Contributor II

Believe we are seeing the same issue here . ASR image of 10.12.6 gets applied, quickadd should install at reboot. Instead the system comes up to the login window and the quickadd doesn't seem to apply as there is no SSH access and the corresponding policy doesn't kick off.

NealIV
Contributor

Im also seeing this using the 10.12.6 OS on my new Macbook Pro's and iMac.

mohlmag
New Contributor II

Got this to work in our environment by specifying paths more fully in our imaging script. Noticed that the quickadd installation needed the full path to internal HDD.

deej
New Contributor III

No luck here. NetSUS 4.1.0, macOS 10.12.6 in both the AutoCasperNBI and the AutoDMG-created OS package. All created fresh, recreated, and recreated again, multiple times.
Pick the NetBoot image from the Startup Manager (Option key), it thinks for a while, then gives up and boots back to the internal drive. No crossed-out circle, no spinny globe, no (visible) kernel panic.
Works on other Macs -- except the Touch Bar MBPs.
However, it does work if I attach a "USB-C to USB-A"+"USB-A to Ethernet" piggybacked adapter. Not only can it be NetBooted, but fully imaged and 100% setup successfully. But obviously, that's completely infeasible across 350 lab Macs that we want to zero-touch refresh.

bentoms
Release Candidate Programs Tester

Just circling back to this.. should have a 10.13 AutoCasperNBI release our in the next couple of days... but with some outstanding issues:

  1. NetBooting take 8-9 mins to complete
  2. Auto-login fails the majority of the time.

1) is an Apple thing & not much I can change.

2) seems worse in GM than B9.. to see if I can fix, but again a bug open with Apple.