M1 Secure Token Issues on Agent 39
This guide helps address secure token malfunctions on macOS devices following an Agent 39 upgrade.
Symptoms
- Devices fail to apply OS patches due to secure token issues.
Steps to Resolution
Step 1: Delete the Automox Service Account
Run the following command to remove the service account:
sudo /usr/bin/dscl . -delete /Users/_automoxserviceaccount
Step 2: Remove the Automox Agent
Remove the Automox Agent using either manual steps or an MDM provider.
Run the command to manually remove the agent:
sudo launchctl unload /Library/LaunchDaemons/com.automox.agent.plist
sudo /usr/local/bin/amagent --deregister
sudo rm -f /usr/local/bin/amagent
sudo rm -rf "/Library/Application Support/Automox/"
Step 3: Reinstall the Automox Agent
Follow the official Automox documentation to install the agent on macOS.
Step 4a: Command Line method
- Execute the commands below to re-enable the service account:
sudo /usr/local/bin/amagent --automox-service-account enable
- Replace the admin username and password credentials within the quotes to create a service account and grant token access.
sudo /usr/local/bin/amagent --adminuser '<admin_username>' --adminpass '<admin_password>'
Step 4b: User Prompt Method
- Execute the commands below to re-enable the service account:
sudo /usr/local/bin/amagent --automox-service-account enable
- If the logged-in user must enter the credentials, enter this command to send the user a prompt to enter the device password.
sudo /usr/local/bin/amagent --automox-user-prompt enable
- A prompt will appear requesting the end-user to enter the local administrator password in the pop-up box. If entered correctly, the service account is successfully enabled with the secure token. If the end-user entered the password incorrectly or ignored it, the prompt will continue to appear every time the device is scanned.
Resources
Automox University: Secure Token Troubleshooting