Fleet Desktop missing on MDM enrolled macOS host after reset all settings

[ksatter]

Fleet version: v4.50.2

Operating system: macOS Sonoma Version 14.5 (23F79)

---

💥  Actual behavior

After using "Reset all settings" to wipe my macOS host and continuing through automatic enrollment, Fleet Desktop is not running.

Orbit is seen in running processes, and the host can communicate with Fleet, including live queries:

ksatter@Kathys-MacBook-Air ~ % ps -ax | grep orbit
  839 ??         1:28.65 /opt/orbit/bin/orbit/orbit
  855 ??         0:24.14 /opt/orbit/bin/osqueryd/macos-app/stable/osquery.app/Contents/MacOS/osqueryd --pidfile=/opt/orbit/osquery.pid --extensions_socket=/opt/orbit/orbit-osquery.em --logger_path=/opt/orbit/osquery_log --enroll_secret_env ENROLL_SECRET --tls_hostname=dogfood.fleetdm.com --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=60 --disable_distributed=false --distributed_plugin=tls --distributed_tls_max_attempts=10 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls,filesystem --logger_tls_endpoint=/api/v1/osquery/log --disable_carver=false --carver_disable_function=false --carver_start_endpoint=/api/v1/osquery/carve/begin --carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=8000000 --tls_server_certs /opt/orbit/certs.pem --augeas_lenses /opt/orbit/lenses --force --flagfile /opt/orbit/osquery.flags --host-identifier uuid --database_path /opt/orbit/osquery.db
  857 ??        16:44.01 /opt/orbit/bin/osqueryd/macos-app/stable/osquery.app/Contents/MacOS/osqueryd    

Orbit is also not added to PATH:

ksatter@Kathys-MacBook-Air ~ % sudo orbit shell
sudo: orbit: command not found

Launch Daemon configuration :

ksatter@Kathys-MacBook-Air LaunchDaemons % cat com.fleetdm.orbit.plist 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>EnvironmentVariables</key>
    <dict>
        <key>ORBIT_USE_SYSTEM_CONFIGURATION</key>
        <string>true</string>
        <key>ORBIT_ORBIT_CHANNEL</key>
        <string>stable</string>
        <key>ORBIT_OSQUERYD_CHANNEL</key>
        <string>stable</string>
        <key>ORBIT_UPDATE_URL</key>
        <string>https://tuf.fleetctl.com</string>
        <key>ORBIT_FLEET_DESKTOP</key>
        <string>true</string>
        <key>ORBIT_DESKTOP_CHANNEL</key>
        <string>stable</string>
        <key>ORBIT_UPDATE_INTERVAL</key>
        <string>15m0s</string>
    </dict>
    <key>KeepAlive</key>
    <true/>
    <key>Label</key>
    <string>com.fleetdm.orbit</string>
    <key>ProgramArguments</key>
    <array>
        <string>/opt/orbit/bin/orbit/orbit</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>StandardErrorPath</key>
    <string>/var/log/orbit/orbit.stderr.log</string>
    <key>StandardOutPath</key>
    <string>/var/log/orbit/orbit.stdout.log</string>
    <key>ThrottleInterval</key>
    <integer>10</integer>
</dict>
</plist>

Orbit logs:

orbit.stderr.log

I have not done anything to attempt to remediate the issue in case there's additional information we'd like to grab.

🧑‍💻  Steps to reproduce

1. TODO
2. TODO

🕯️ More info (optional)

N/A

[ghernandez345]

@ksatter I cannot repo this locally. Is this issue still occurring?

Can we get the fleet desktop stderr logs from the host that is having this error?

I can see there is a device token error in the provided orbit logs, and I am looking into that atm.

[lucasmrod]

Hi @ksatter!

If you are still experiencing this issue, please set:

<key>ORBIT_DEBUG</key>
<string>true</string>

in /Library/LaunchDaemons/com.fleetdm.orbit.plist

Then do:

 sudo launchctl unload /Library/LaunchDaemons/com.fleetdm.orbit.plist
 sudo launchctl load /Library/LaunchDaemons/com.fleetdm.orbit.plist

PS: I came across this issue as possibly related to https://github.com/fleetdm/fleet/issues/19172 which I also cannot reproduce.

[ksatter]

@lucasmrod reloading the launch daemon seems to have resolved the issue.

I am able to try wiping this machine again to see if the issue pops back up if you'd like.

[lucasmrod]

We'll be attempting to reproduce this issue with Reed tomorrow. I'll ping you if we can't reproduce. Thanks!

[dantecatalfamo]

Orbit is also not added to PATH

I don't think orbit is normally in the path

[ghernandez345]

@ksatter @lucasmrod is this still an issue? Are we able to close this?

[lucasmrod]

I've seen Fleet Desktop tray icon missing after installation when the device cannot connect to the Fleet server. But I'm not sure if that was the case here.

[ksatter]

Everything else was working properly in my case. It was checking in fine, but Desktop was not launching.

[zayhanlon]

@lucasmrod this is being reported now by a community user on macos version 14.4.1 as well, not just 14.5

Here is some new information: Happened with first time fleet enrolls

• Device running 14.4.1, required the user to have to restart their machine 3 times before Fleet Desktop launched in the menu bar.
• Device running 14.5, required the user a restart to get Fleet Desktop to show up in the menu bar.

For a new hire, we had to tailor the instruction, after they run the fleet installer, we ask them to restart their machines because Fleet will 100% not launch. But then some users after doing the restart will still be unable to launch Fleet Deskop

[lucasmrod]

@zayhanlon Any chance we can get fleetd logs from the user? (/var/log/orbit/)

[zayhanlon]

Requested @lucasmrod

[ghernandez345]

@zayhanlon @ksatter any luck with getting the logs @lucasmrod requested? is this still an issue or can we close at this point?

[zayhanlon]

i'm pretty sure the community member sent kathy logs, but shes out today. please stand by @ksatter to update tomorrow