Delay during blue screen before loginwindow

[scr]

Hello

I have started the arduous process of converting my application installs into pkgs for InstaDMG and have begun testing the creation of the image. I build the DMG, then use Disk Utility to restore it to my test machine (Aluminum iMac 20in). When the machine boots there is a long delay (45-90 seconds) where the screen is all blue, then finally the loginwindow appears. Once logged in everything appears ok speedwise, its just this delay before the login window that is annoying.

I have removed all application pkgs except the following which I still am tweaking. These all exist in the BaseUpdates folder:

1) MacOSX 10.5.5 Combo Updater
2) CreateUser (creating an admin user, with no other options)
3) ClearReg
4) Script to set timezone and time server
5) Script to enable ARD

I realise that is may not be an InstaDMG problem, but I’m not sure where to look to solve this issue.

Also, while I am posting, I would like to enable ARD via a pkg rather than do it on first boot. Does this look ok:

[code]
#!/bin/sh

#Enable ARD for ICT
“$3″/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk “$3” -configure -allowAccessFor -specifiedUsers
“$3″/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk “$3” -activate -configure -access -on -users “USERNAME” -privs -all -restart -agent

exit 0
[/code]

Thanks in advance

[larkost]

I don’t think that that is going to do what you want it to. While you are running the kickstart from the new volume, it is still probably going to alter files on your host OS. You are going to need to track down the files that kickstart alters, and then alter those.

[knowmad]

when you reboot a second time (you image a machine, boot it up and wait through long blue screen, then login, then reboot) do you still get the blue screen?
gut feeling….. the OS is building all the machine specific files that ibstadmg does NOT put in, and that the blue screen is a first boot issue. I have seen similar items after running applejack, the first boot afterwords is often slow.
knowmad
ps as far as I know there is no reliable way to set ard on image rather than boot….. too much is dependent on mac address and the like.

[alantrewartha]

i’ve made a script-onlyPKG which does an ARD kickstart with the params

-targetdisk “$3” -activate -configure -access -on -users admin -privs -all -restart -agent

and that’s certainly booting up with ARD on and working, but i haven’t tested it widely. we only have the one admin user anyway, so it could be granting privs to all users. not sure. but it IS working ok.

[knowmad]

its working as an install only script? ie it runs during build not boot? way cool, this I have to test.

[Patrick Fergus]

Tacking “-targetdisk $3” onto the end of the ARD setup command does indeed work to set up ARD at InstaDMG build time rather than at boot of a freshly imaged machine. Has worked for the 70 or so machines we’ve converted over the last few weeks.

You probably do not need “-restart -agent”. The ARDAgent on the target disk isn’t started and doesn’t need restarting.

– Patrick

[scr]

[QUOTE][u]Quote by: knowmad[/u][p]its working as an install only script? ie it runs during build not boot? way cool, this I have to test.
[/p][/QUOTE]

Yeah, as an install only script ARD access is enabled, it grants the privileges fine. The only part I cant get it to do is the ‘specified users’ option. No matter what I seem to set there it doesnt change the radio button selection on the ARD config screen from ‘All Users’ to ‘Only there users’. This becomes a problem for me as I only want our Admin account to have ARD access, not any other local accounts created on the machine.

As for the blue screen delay before the loginwindow, this happens even after I restart the computer. Im going to try an InstaDMG build without the 10.5.5 combo updater and see if it still happens. This kind of has me stalled at the moment, but seeing as no-one else has had the issue it must be something I am doing thats causing it. Perhaps i’ll try restoring the image to a second machine too, just to be sure.

Thanks for the replies.

[scr]

Ok, it seems as though the blue screen only starts happening after I install the 10.5.5 combo update. I performed an erase and install using my Leopard 10.5 DVD and after restarting a few times there were no delays. I then modified my build train to remove the 10.5.5 combo updater and installed the resulting dmg onto my test machine (Aluminum iMac 20″) and everything was still ok (no delays during bootup). So I then proceed to install the 10.5.5 combo update and on the subsequent restart (and all other restarts thereafter) I get a long delay before the login window.

My next test is to try a previous combo update (10.5.3) and see if the problem persists.

Heres an excerpt from the system.log incase anyone finds it helpful:

[code]Oct 20 12:23:36 Macintosh com.apple.loginwindow[24]: Shutdown NOW!
Oct 20 12:23:36 Macintosh mDNSResponder mDNSResponder-176.2 (Aug 15 2008 14:58:54)[23]: stopping
Oct 20 12:23:36 Macintosh com.apple.loginwindow[24]: System shutdown time has arrived^G^G
Oct 20 12:23:52 localhost kernel[0]: npvhash=4095
Oct 20 12:23:51 localhost com.apple.launchctl.System[2]: launchctl: Please convert the following to launchd: /etc/mach_init.d/dashboardadvisoryd.plist
Oct 20 12:23:51 localhost com.apple.launchd[1] (org.cups.cupsd): Unknown key: SHAuthorizationRight
Oct 20 12:23:51 localhost com.apple.launchd[1] (org.ntp.ntpd): Unknown key: SHAuthorizationRight
Oct 20 12:23:52 localhost kextd[10]: 405 cached, 0 uncached personalities to catalog
Oct 20 12:23:52 localhost kernel[0]: hi mem tramps at 0xffe00000
Oct 20 12:23:52 localhost kernel[0]: PAE enabled
Oct 20 12:23:52 localhost kernel[0]: 64 bit mode enabled
Oct 20 12:23:52 localhost kernel[0]: Darwin Kernel Version 9.5.0: Wed Sep 3 11:29:43 PDT 2008; root:xnu-1228.7.58~1/RELEASE_I386
Oct 20 12:23:52 localhost kernel[0]: standard timeslicing quantum is 10000 us
Oct 20 12:23:52 localhost kernel[0]: vm_page_bootstrap: 253631 free pages and 8513 wired pages
Oct 20 12:23:52 localhost kernel[0]: mig_table_max_displ = 79
Oct 20 12:23:52 localhost kernel[0]: 97 prelinked modules
Oct 20 12:23:52 localhost kernel[0]: AppleACPICPU: ProcessorApicId=0 LocalApicId=0 Enabled
Oct 20 12:23:52 localhost kernel[0]: AppleACPICPU: ProcessorApicId=1 LocalApicId=1 Enabled
Oct 20 12:23:52 localhost kernel[0]: Loading security extension com.apple.security.TMSafetyNet
Oct 20 12:23:52 localhost kernel[0]: calling mpo_policy_init for TMSafetyNet
Oct 20 12:23:52 localhost kernel[0]: Security policy loaded: Safety net for Time Machine (TMSafetyNet)
Oct 20 12:23:52 localhost kernel[0]: Loading security extension com.apple.nke.applicationfirewall
Oct 20 12:23:52 localhost kernel[0]: Loading security extension com.apple.security.seatbelt
Oct 20 12:23:52 localhost kernel[0]: calling mpo_policy_init for mb
Oct 20 12:23:52 localhost kernel[0]: Seatbelt MACF policy initialized
Oct 20 12:23:52 localhost kernel[0]: Security policy loaded: Seatbelt Policy (mb)
Oct 20 12:23:52 localhost kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
Oct 20 12:23:52 localhost kernel[0]: The Regents of the University of California. All rights reserved.
Oct 20 12:23:52 localhost kernel[0]: MAC Framework successfully initialized
Oct 20 12:23:52 localhost kernel[0]: using 5242 buffer headers and 4096 cluster IO buffer headers
Oct 20 12:23:52 localhost kernel[0]: devfs_make_node: not ready for devices!
Oct 20 12:23:52 localhost kernel[0]: IOAPIC: Version 0x20 Vectors 64:87
Oct 20 12:23:52 localhost kernel[0]: ACPI: System State [S0 S3 S4 S5] (S3)
Oct 20 12:23:52 localhost kernel[0]: mbinit: done
Oct 20 12:23:52 localhost kernel[0]: Security auditing service present
Oct 20 12:23:52 localhost kernel[0]: BSM auditing present
Oct 20 12:23:52 localhost kernel[0]: rooting via boot-uuid from /chosen: 4575079B-AD8D-3748-8AE9-C84A3E365518
Oct 20 12:23:52 localhost kernel[0]: Waiting on IOProviderClassIOResourcesIOResourceMatchboot-uuid-media
Oct 20 12:23:52 localhost kernel[0]: BTCOEXIST on
Oct 20 12:23:52 localhost kernel[0]: wl0: Broadcom BCM4328 802.11 Wireless Controller
Oct 20 12:23:52 localhost kernel[0]: 4.170.46.11Got boot device = IOService:/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/SATA@1F,2/AppleICH8AHCI/PRT0@0/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageDriver/ST3250820AS Q Media/IOGUIDPartitionScheme/Customer@2
Oct 20 12:23:52 localhost kernel[0]: BSD root: disk0s2, major 14, minor 2
Oct 20 12:23:52 localhost kernel[0]: FireWire (OHCI) Lucent ID 5901 built-in now active, GUID 001ff3fffe5f99b8; max speed s800.
Oct 20 12:23:52 localhost kernel[0]: Jettisoning kernel linker.
Oct 20 12:23:52 localhost kernel[0]: Resetting IOCatalogue.
Oct 20 12:23:52 localhost kernel[0]: Matching service count = 0
Oct 20 12:23:52: — last message repeated 5 times —
Oct 20 12:23:52 localhost kernel[0]: Previous Shutdown Cause: -128
Oct 20 12:23:52 localhost kernel[0]: ** Device in slot: SLOT–1 **
Oct 20 12:23:54 localhost kernel[0]: AppleIntelCPUPowerManagement: initialization complete
Oct 20 12:23:56 localhost bootlog[37]: BOOT_TIME: 1224476629 0
Oct 20 12:23:56 localhost rpc.statd[18]: statd.notify – no notifications needed
Oct 20 12:23:56 localhost DirectoryService[33]: Launched version 5.5 (v514.23)
Oct 20 12:23:56 localhost /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow[24]: Login Window Application Started
Oct 20 12:23:56 localhost fseventsd[28]: bumping event counter to: 0x636573304101c085 (current 0x0) from log file ‘636573304101ba9d’
Oct 20 12:23:56 localhost kernel[0]: yukon: Ethernet address 00:1f:f3:51:71:89
Oct 20 12:23:56 localhost kernel[0]: AirPort_Brcm43xx: Ethernet address 00:1e:c2:c5:58:d3
Oct 20 12:23:57 localhost blued[47]: Apple Bluetooth daemon started.
Oct 20 12:23:57 localhost kernel[0]: E:[AppleUSBBluetoothHCIController][StartInterruptPipeRead] there is alredy a pending read, skipping.
Oct 20 12:23:57 localhost kernel[0]: AirPort: Link Down on en1
Oct 20 12:23:58 Macintosh configd[35]: setting hostname to “Macintosh.local”
Oct 20 12:23:58 Macintosh mDNSResponder mDNSResponder-176.2 (Aug 15 2008 14:58:54)[23]: starting
Oct 20 12:23:58 Macintosh /usr/sbin/ocspd[60]: starting
Oct 20 12:23:59 Macintosh kernel[0]: AppleYukon2: 00000000,00000000 sk98osx_dnet – recovering from missed interrupt
Oct 20 12:23:59 Macintosh mDNSResponder[23]: WARNING: sandbox_init error Could not set Mach lookup policy for service com.apple.bsd.dirhelper err=1100Could not set Mach lookup policy for service com.apple.distributed_notifications.2 err=1100Could not set Mach lookup policy for service com.apple.ocspd err=1100Could not set Mach lookup policy for service com.apple.mDNSResponderHelper err=1100Could not set Mach lookup policy for service com.apple.SecurityServer err=1100Could not set Mach lookup policy for service com.apple.SystemConfiguration.configd er
Oct 20 12:23:59 Macintosh mDNSResponder[23]: Couldn’t read user-specified Computer Name; using default “iMac-001FF3517189” instead
Oct 20 12:24:00 Macintosh kernel[0]: AppleYukon2 – en0 link active, 1000-Mbit, full duplex, symmetric flow control enabled port 0
Oct 20 12:24:00 Macintosh mDNSResponder[23]: Couldn’t read user-specified Computer Name; using default “iMac-001FF3517189” instead
Oct 20 12:24:02 Macintosh configd[35]: subnet_route: write routing socket failed, Network is unreachable
Oct 20 12:24:02 Macintosh mDNSResponder[23]: Couldn’t read user-specified Computer Name; using default “iMac-001FF3517189” instead
Oct 20 12:24:03 Macintosh mDNSResponder[23]: Couldn’t read user-specified Computer Name; using default “iMac-001FF3517189” instead
Oct 20 12:24:04 Macintosh mDNSResponder[23]: Couldn’t read user-specified Computer Name; using default “iMac-001FF3517189” instead
Oct 20 12:24:05 Macintosh mDNSResponder[23]: Couldn’t read user-specified Computer Name; using default “iMac-001FF3517189” instead
Oct 20 12:24:32 Macintosh kextd[10]: IOKitWaitQuiet() timed out waiting to write kernel symbols
Oct 20 12:24:42 Macintosh kextd[10]: writing kernel link data to /var/run/mach.sym
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: timed out waiting for IOKit to quiesce
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: Busy services :
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: iMac8,1 [1]
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: iMac8,1/AppleACPIPlatformExpert [1]
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: iMac8,1/AppleACPIPlatformExpert/PCI0 [1]
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: iMac8,1/AppleACPIPlatformExpert/PCI0/AppleACPIPCI [1]
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: iMac8,1/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/RP04@1C,3 [1]
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: iMac8,1/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/RP04@1C,3/IOPCI2PCIBridge [1]
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: iMac8,1/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/RP04@1C,3/IOPCI2PCIBridge/FRWR@0 [1]
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: iMac8,1/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/RP04@1C,3/IOPCI2PCIBridge/FRWR@0/AppleFWOHCI [1]
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: iMac8,1/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/RP04@1C,3/IOPCI2PCIBridge/FRWR@0/AppleFWOHCI/IOFireWireController [1]
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: iMac8,1/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/RP04@1C,3/IOPCI2PCIBridge/FRWR@0/AppleFWOHCI/IOFireWireController/IOFireWireDevice@30e006e0506010 [1]
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: iMac8,1/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/RP04@1C,3/IOPCI2PCIBridge/FRWR@0/AppleFWOHCI/IOFireWireController/IOFireWireDevice@30e006e0506010/IOFireWireUnit [1]
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: iMac8,1/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/RP04@1C,3/IOPCI2PCIBridge/FRWR@0/AppleFWOHCI/IOFireWireController/IOFireWireDevice@30e006e0506010/IOFireWireUnit/IOFireWireSBP2Target [1]
Oct 20 12:24:56 Macintosh configd[35]: InterfaceNamer: iMac8,1/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/RP04@1C,3/IOPCI2PCIBridge/FRWR@0/AppleFWOHCI/IOFireWireController/IOFireWireDevice@30e006e0506010/IOFireWireUnit/IOFireWireSBP2Target/IOFireWireSBP2LUN [1]
Oct 20 12:28:07 Macintosh ARDAgent [76]: ********ARDAgent Launched********
Oct 20 12:28:08 Macintosh ARDAgent [76]: call logout from LoginLogoutProxyCallBackFunction
Oct 20 12:28:08 Macintosh com.apple.launchd[1] (com.apple.RemoteDesktop.agent): Throttling respawn: Will start in 9 seconds
Oct 20 12:28:09 Macintosh loginwindow[24]: Login Window Started Security Agent
Oct 20 12:28:17 Macintosh authorizationhost[81]: MechanismInvoke 0x123660 retainCount 2
Oct 20 12:28:17 Macintosh SecurityAgent[82]: MechanismInvoke 0x101660 retainCount 1
Oct 20 12:28:17 Macintosh SecurityAgent[82]: NSSecureTextFieldCell detected a field editor ((null)) that is not a NSTextView subclass designed to work with the cell. Ignoring…
Oct 20 12:28:17 Macintosh SecurityAgent[82]: MechanismDestroy 0x101660 retainCount 1
Oct 20 12:28:17 Macintosh authorizationhost[81]: MechanismDestroy 0x123660 retainCount 2
Oct 20 12:28:17 Macintosh loginwindow[24]: Login Window – Returned from Security Agent
Oct 20 12:28:17 Macintosh loginwindow[24]: USER_PROCESS: 24 console
Oct 20 12:28:17 Macintosh ARDAgent [83]: ********ARDAgent Launched********
Oct 20 12:28:17 Macintosh com.apple.launchd[1] (com.apple.UserEventAgent-LoginWindow[77]): Exited: Terminated
Oct 20 12:28:17 Macintosh com.apple.launchd[1] (com.apple.RemoteDesktop.agent[83]): Stray process with PGID equal to this dead job: PID 86 PPID 1 AppleVNCServer
Oct 20 12:28:17 Macintosh com.apple.launchd[1] (com.apple.RemoteDesktop.agent[83]): Exited: Terminated
Oct 20 12:28:18 Macintosh ARDAgent [90]: ********ARDAgent Launched********
Oct 20 12:28:18 Macintosh ARDAgent [90]: ********ARDAgent Ready********
Oct 20 12:28:19 Macintosh mDNSResponder[23]: Couldn’t read user-specified Computer Name; using default “iMac-001FF3517189” instead[/code]

[Patrick Fergus]

What are you installing [i]after[/i] the 10.5.5 combo update? The 10.5.5 combo update rolls up many standalone updates (such as security updates) that came before it.

– Patrick

[scr]

Ok, so apparently its all my fault.

Unplugging the Firewire cable from the back of the machine stopped the delay before the loginwindow! I dont know how or why, but I’m glad it has nothing to do with my build train.

Still working on the ‘specified users’ option in ARD though.

[Rusty Myers]

[QUOTE][u]Quote by: scr[/u][p]Ok, so apparently its all my fault.

Unplugging the Firewire cable from the back of the machine stopped the delay before the loginwindow! I dont know how or why, but I’m glad it has nothing to do with my build train.

Still working on the ‘specified users’ option in ARD though.[/p][/QUOTE]

Hi scr,

Did you get the “specified users” option working? I tried for a hour but didn’t get it.

[scr]

[QUOTE][u]Quote by: thespider[/u][p]
Hi scr,

Did you get the “specified users” option working? I tried for a hour but didn’t get it.
[/p][/QUOTE]

No, it assigns the permissions to the user but it doesn’t select the “only these users” option. Thats where I gave up. 🙂

[Rusty Myers]

Scr,

I tried using the script in the OP and it doesn’t seem to work for me. It enables Remote Management, but doesn’t enable any options and leaves it on all users.

[code]#!/bin/sh

#Enable ARD for etcadmin
“$3″/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk “$3” -configure -allowAccessFor -specifiedUsers
“$3″/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk “$3” -activate -configure -access -on -users “etcadmin” -privs -all -restart -agent

exit 0[/code]

The commands work on a booted volume, with the $3 fully qualified. I have not seen anything in the logs that would make me think it’s failing during InstaDMG install.

In my package, I made the script a pre-install script on a empty folder. I am now trying a post-install script instead. Would that make that much of a difference?

If you could post your updated script again, I would appreciate it. Thanks!

[Patrick Fergus]

Silly question (but boy did this one get me for a few hours), have you created your admin’s user record (/var/db/dslocal/nodes/Default/users/etcadmin.plist) [i]before[/i] trying to set the ARD rights? The record has to be there first. After that, you should be able to set the privileges and read them back:[code]defaults read /var/db/dslocal/nodes/Default/users/etcadmin naprivs
(
“-2147483395″
)[/code]”naprivs” would mean “Network Assistant privileges” for those unlucky enough to remember Apple Network Assistant. Maybe ARDAgent horks if you’re “specifying users” but you don’t have any users enabled? Also, I created a custom installer, and the postflight_kickstart_entries file here:

~/Desktop/Custom\ Remote\ Desktop\ Installer.mpkg/Contents/Installers/RemoteDesktopClient.pkg/Contents/Resources

Has the “specifiedUsers” command [i]after[/i] the privilege-granting command (backslashed for readability):[code]-configure -users ‘etcadmin’ -access -on -privs -DeleteFiles -TextMessages -OpenQuitApps \
-GenerateReports -RestartShutDown -SendFiles -ChangeSettings
-configure -allowAccessFor -specifiedUsers[/code]Perhaps order of operations is important?

– Patrick

[knowmad]

ok, silly/dumb questions because I am not awake yet….. (maybe I should wait and read after coffee…. nah I’ll just ask)
1) you are referring to etcadmin ….. is that because your account is named etcadmin or because your account is hidden (why you would put it there I don’t know) in the etc folder….?

Am I correct in assuming it would read something like this if my account was named ACCOUNTNAME: (grabbed code from an earlier example in the thread but it should suffice to understand the situation)
[code]
#!/bin/sh

#Enable ARD for ACCOUNTNAME
“$3″/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk “$3” -configure -allowAccessFor -specifiedUsers
“$3″/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk “$3” -activate -configure -access -on -users “ACCOUNTNAME” -privs -all -restart -agent

exit 0[/code]

2) creating the permissions you are referring to is done separately from creating the accounts in dslocal?

3) Please break this down into a time line of when your doing what…. ie something like adding events to this list:
a) instadmg
b) reboot/firstboot
c) boot script
d) login script
because I am am not following something and I think it is in that time line.

Thank you,
Knowmad – asking the dumb questions so you don’t have to.

[Author]

Posts