How to migrate PFSense Over to KEA DHCP Server from ISC DHCP Server

I am a PFSENSE User and I manage PFSENSE for some other organizations and the time has come to make the switch for the DHCP Server over to KEA from ISC.

Why switch to KEA from ISC?

• ISC will no longer be supported
• KEA has some nice High availability features for IPV4 & IPV6
• Robust Host Reservations which are per subnet vs global, but global reservations are supported.

ISC has some documentation and tools for migrating over to KEA from ISC.  PFSense has a warning on the firewalls which can be ignored at your own peril.

Now in PFSense if you try to just "switch" over you may encounter an error.  You can see that my ISC Server is running fine but when I switch over to KEA DHCP "Breaks"

The issue is caused by the NTP Server settings in the DHCP Server, not sure why they are there, perhaps if you wanted to setup your own linux NTP server or something for time syncing or an AD Server then you could just put in the IP of the machine.  Still with how you now setup NTP in PFSense it seems a little redundant to have that there.  At any rate you need to either remove the NTP DNS server settings from the DHCP server settings unless they are an IP address.  So for myself I setup the NTP server to the localhost 127.0.0.1 or the main ip or you can do both.  

With that setup we can modify our NTP server in PFSense located under services

It is recommended setting up 3 to 5 ntp servers to sync with.  For myself I decided to go with

1. time.apple.com
2. time.windows.com
3. time.google.com
4. time.cloudflare.com
5. time.nist.gov

I have set time.apple.com and time.windows.com as my preferred NTP Servers

With that setup and done, I ssh'd into my firewall to check the time.  

I ran the command date +"%T" 

and when you check the general setting for the time servers you see the NTP Servers we setup in our NTP Service

With these settings your KES migration should be complete and the DHCP Server should work flawlessly.  I had no issues with the migration once I removed my NTP servers using DNS.  Time has been in sync with no issues.

How to disable MDM/DEP notifications from macOS Big Sur to Sonoma

This post will allow you to disable/prevent MDM/DEP Notifications and macOS POPUPS forcing you to join an organization's MDM.  This would be handy if a computer was purchased and not removed from Apple's MDM.

Restart the mac in Recovery Mode Restart your Mac then hold down the Command + R keys together until you're in the Recovery Mode

From the menu bar Click on Utilities then select: Startup Security Utility

A popup appears with 3 choices; select (No security) and restart
NOTE:  There is no confirmation notification or button to press

When the system reboots hold down Command + R to get back into Recovery Mode.

Click on Utilities from the top menu bar then select Terminal

In terminal type: mount then press enter/return

A list of devices will show up in a list.  You will want to use the volume that specifically says "/Volumes/Macintosh HD"

In my case it is /Volumes/Macintosh HD (/dev/disk3s4) 

NOTE: it's not "/" (root), and it's NOT /Volumes/Macintosh HD - Data

In Terminal Write:

1. umount /Volumes/Macintosh\ HD
2. mkdir /Volumes/Macintosh\ HD
3. mount -t apfs -rw /dev/disk3s4 /Volumes/Macintosh\ HD
4. cd /Volumes/Macintosh\ HD/System/Library/LaunchAgents
5. mkdir xtemp
6. mv com.apple.ManagedClientAgent.* xtemp/
7. mv com.apple.mdmclient.* xtemp/
8. cd ../LaunchDaemons
9. mkdir xtemp
10. mv com.apple.ManagedClient.* xtemp/
11. mv com.apple.mdmclient.* xtemp/
12. csrutil authenticated-root disable (this will Turn off Signed System Volume SSV)
13. bless --folder /Volumes/Macintosh\ HD/System/Library/CoreServices --bootefi --create-snapshot
 (this will Save the current disk status in the boot snapshot)

Now you can restart your Mac, and DEP notifications are disabled.