Initial Password Reset with Secure Token Not Working about macoslaps HOT 9 OPEN

I am also seeing this both when I provide firstPass via config profile and when it is provided as an argument at command line manually. The workaround I have is to create a second local admin account, delete the first, recreate the first. Only then does macOSLAPS accept the password provided. My guess is that the initial user account created on the Mac is in some weird state when first setup and is causing this.

Only seeing this issue on some Macs like GabrielKemp said. I have not tested it thoroughly but the difference may be Macs 'fresh from the factory' vs. Macs that have been wiped and re-setup.

from macoslaps.

Interesting. It seems this is happening when a new macOS device is arriving and going through ADE for the first time. How are you creating your local administrator account used with LAPS?

from macoslaps.

Not sure about the original poster but I do not utilize ADE. Macs are enrolled via user enrollment manually--the first account created via Setup Assistant is the macOSLAPS one. I guess I could create it later, but I don't have a need for more than one local admin.

from macoslaps.

Is this account a volume owner or have a secureToken?

from macoslaps.

Both. If I can reliably reproduce the issue I will contact you via Macadmins Slack but it may be a few weeks.

from macoslaps.

That's quite alright. Happy to leave this open 👍

from macoslaps.

I'm experiencing this issue as well. I have a fresh VM with a local admin account configured through Setup Assistant. It's enrolled in our Jamf instance, not using ADE. I can run macOSLAPS with the firstPass argument, but isn't able to set the password. When I include firstPass in a profile and then attempt to reset the password, macOSLAPS is able to complete the reset.

from macoslaps.

@davisbr1 you mention Jamf. I'm curious if you might have Jamf LAPS enabled which would take control of the account. I don't believe Jamf's implementation is selective and is an all or nothing checkbox.

from macoslaps.

Jamf LAPS is not enabled.

from macoslaps.