Hi all,
Since the release of macOS Catalina I have mixed feelings about using a VM to test macOS deployments. First of all there is the performance. Even on a high end Macbook Pro it feels a bit slow, but more problematic is the inconsistent behaviour I see from time to time.
A few, non-exhaustive examples are:
- Inconsistent behaviour with Setup Assistant showing or hiding screens you select in the Jamf Pro pre-stage
- Enrolment customisation not passing user info correctly to Jamf Connect
- FileVault deferral issues like deferring the _mbsetupuser
- …
Depending what you are testing, this may all be ignorable glitches, but still things to keep in mind. As general advise I’d always crosscheck your testing on a physical machine before putting anything into production, especially when you see some weird behaviour.
That said, I still wanted to test the creation of a Big Sur VM, and to do so I started with VMWare Fusion 12.
I basically followed the exact same workflow as my earlier post on VM’s and Automated Enrolment, which all seems to work fine. Except one glitch which I think VMWare is aware of: Fusion 12 fails to create the installation medium when you select the macOS Big Sur Installer:
I’ve ran into this issue in the past, where are reboot of the host Mac fixed it, but not this time. To work around this I had to create an ISO file from the installer and use that to create the VM in Fusion 12:
hdiutil create -o /tmp/BigSur -size 17000m -volname BigSur -layout SPUD -fs HFS+J
hdiutil attach /tmp/BigSur.dmg -noverify -mountpoint /Volumes/BigSur
sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/BigSur --nointeraction
sudo hdiutil detach /Volumes/Install\ macOS\ Big\ Sur -force
==> Or force eject the mounted installer volume in Finder (Thanks Kevin for reminding me about the -force option)
hdiutil convert /tmp/BigSur.dmg -format UDTO -o ~/Desktop/BigSur.cdr
mv ~/Desktop/BigSur.cdr ~/Desktop/BigSur.isoNow, use that .iso instead of selecting the original installer:
Do NOT click ‘Finish’, click ‘Customize Settings’ instead and save the VM where you want. This will make sure that the VM does not automatically boot when it’s fully created.
Once the VM is created you will be presented with the following window, do not click ‘play’, do not boot the VM yet!
Instead go to the location of the VM file in Finder and ctrl-click to select ‘Show Package Content’:
Next, edit the .vmx file with your preferred text editor:
And just like in my previous post (and also for macOS Catalina), I only had to add the following keys to make a VM which can do Automated MDM Enrolment and enrol correctly into Jamf Pro:
serialNumber.reflectHost = "FALSE"
serialNumber = "C02N49ZVXXXX"
hw.model.reflectHost = "FALSE"
hw.model = "MacBookAir6,1"
smbios.reflectHost = "FALSE"Replace the serialNumber with an existing serialnumber in your ABM/ASM, and match the hw.model. Make sure not to leave any empty lines, and check for typo’s!
Save the file.
At this point you are ready to boot the VM for the first time, but let’s first disable network connectivity!
To avoid issues with assigning the VM to a different prestage later, put your host Mac offline or disable the Network Adapter in the network settings of the VM before proceeding. This to avoid the VM talking to Apple when it reaches the 'select your country' screen with internet connectivity.
Once network connectivity has been disabled we can proceed and start our VM again:
To be 100% sure it all worked fine, I did wipe the virtual drive via Disk Utility, but it should not be required.
Next, I installed macOS, waited till the VM rebooted and presented me the first setup screen to select my country…
STOP ! Here we SHUT DOWN the VM again: VMWare Fusion>Menu>Virtual Machine>Shut Down
This to make sure the Serial Number is retained.
Make a snapshot here! This will allow you to re-use the same VM again, and because we disabled the network connectivity you should also be able to re-assign it easily to another prestage!
After shutting it down and taking a snapshot, re-enable network connectivity now and start the VM again. Now it should pickup the prestage as it will immediately talk to Apple. Make sure to set the network adapter to ‘bridge’ mode! This to avoid double-NAT, as this made my VM skip the automated enrolment… Obviously, also make sure the serial number you used is correctly assigned to a prestage in Jamf Pro and the prestage has synced with Apple.
That’s it! A VM with macOS Big Sur doing Automated MDM enrolment!
As always, if you liked the post, hit the like button, tell your friends about it and leave a comment down below!
Brgds,
TTG
Apple ecosystem enthusiast, geek, tech gadget freak, Belgian living in the Netherlands
Enterprise Support Engineer II | Jamf
Your guide was spot on but can you explain in a bit more detail about the commands that created the ISO and what exactly they did? Thanks
Hi Matt! Oh yeah that’s basically nothing more than:
– create a new Volume in tmp folder
– mount the new empty volume
– use macOS createinstallmedia command to install macOS in that empty volume
– unmount the volume
– create an image of the volume to use in parallels later
– change the extension to .iso to allow parallels to use it
Thank you for posting this (and previous) versions – this has helped me on a number of occasions.
Most welcome… I learn by doing and it’s just taking some screenshots + adding some text to share it with all of us. Happy it’s useful for other people from time to time!
Is anyone else running into a blocker when attempting to uncheck the Connect Network Adapter option? This is happening on macOS Catalina with Fusion Pro 12. The checkbox simply refuses to uncheck.
The “Unable to create an installation medium” error appears to be fixed in VMWare Fusion 12.1, released today (11/20/2020). Also, I was unable to run the createinstallmedia command, which failed during the erase operation after 20%.
That’s good! Thanks for sharing! The createinstallmedia issue must be something on your Mac however as it worked fine for me on multiple runs
I had this issue initially and learned that it was because of a syntax mistake on my .vmx file. I learned it by trying to remove my network adapter and receiving a more verbose warning from the application.
I haven’t tackled 11.x just yet (going to that this afternoon with any luck), but in the past Apple’s MDM didn’t care about the serial – so you could leave that with the default VMWare generated one (which made these vm’s easier to find in inventory).
The core issue is that JAMF puts the machine into the mobile device section of the app if you don’t fake the model number.
I think this is a JAMF bug, but its been with us for years now.
For Automated MDM Enrolment (DEP) you need the serial number.
But the model, indeed, that is Jamf specific. Need for all VM’s to enroll correct in Jamf. DEP, also serial needed.
I don´t know it it is just me, but If I want to work with the jamf connect package I have added in pre-stage. I upload everything is in scope, but booting up the VM it is just random if it works or not. Don´t know if you have testet it, but it is really frustrating, that it sometimes just seem to skip the pre-stage information in VM
Hi Peder, yeah I have been seeing that as well, and this (amongst other things) made me 100% stop using VM. I have lost too much time troubleshooting the wrong things with VM’s only to realise that it all worked on a physical machine. For me, with the exception of some basic tests, Only physical test machine. No more VM’s. Erase install of my Test Macbook Air takes 15 min max. i prefer that over loosing hours troubleshooting and chasing ghosts
15 minutes ? – I am doing something wrong then. I boot up in recovery mode, wipe disk, and re-install – it takes about 30-40 minutes at least for big sur ?
Hi Peder. I change to using an external hard drive with all my installers and the Prowarehouse Erase Install app. It is a little GUI for the startosinstall command but saves me a lot of time. Run the App and 15, what’s in a name, 25 min later max I have my Mac ready. Will time it next time but for me this saves me a lot of time. By the time I check my setup, reconfigure my profiles etc I can test again
Timed it. 25 min 🙂