Help

CISCO Secure Client - Config Profile issue

Go to solution
MPHEGGELO
New Contributor

Thursday

Seeing inconsistent deployment of a Config Profile that is required for use of CISCO Secure Client.

"the current system configuration does not allow the requested operation"

My device it installed fine (15.1) on another device (15.1), it gets the above message in the JAMF device record.

 

The config profile does have one kernel extension being deployed

Kernel Extension Bundle ID    
  com.cisco.kext.acsock

 

Screenshot 2024-11-14 at 4.54.21 PM.png

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
AJPinto
Honored Contributor III
In response to dmccluskey

Friday

Knowing Cisco, the configuration profile they provide still has the KEXT in it. I know it did 2 years ago when we dumped AnyConnect which was a year after Apple retired KEXTs, I had to manually add the system extension stuff as Cisco's support had no idea how to do it. Their documentation was really emberrising for a company their size.

View solution in original post

0 Kudos
Reply
10 REPLIES 10

Go to solution
AJPinto
Honored Contributor III

Thursday

It's been a while since I had the misfortune of dealing with Cisco. However, did you remove the KEXT from their config profile as those are deprecated. Also is the device supervised or just managed?

0 Kudos
Reply

Go to solution
dmccluskey
Contributor II

Thursday

You should not be using Kernel extensions. Cisco moved away from those around macOS 11 timeframe.

I removed them from my environment, maybe four years ago.

You should be using system extensions instead, the screenshots should help.

Screenshot 2024-11-14 at 9.44.45 PM.pngScreenshot 2024-11-14 at 9.44.55 PM.png

Reply

Go to solution
AJPinto
Honored Contributor III
In response to dmccluskey

Friday

Knowing Cisco, the configuration profile they provide still has the KEXT in it. I know it did 2 years ago when we dumped AnyConnect which was a year after Apple retired KEXTs, I had to manually add the system extension stuff as Cisco's support had no idea how to do it. Their documentation was really emberrising for a company their size.

0 Kudos
Reply

Go to solution
MPHEGGELO
New Contributor
In response to AJPinto

Friday

So, removing worked for my test device, but does not explain why my device had no issues with the config profile. We are both macOS 15.1, mine M3 MBP, the other M2 MBA

0 Kudos
Reply

Go to solution
duff2481-1
Contributor

Friday

We also created  new profile for management notifications. Bundle ID: com.cisco.secureclient.gui as Cisco update in I believe 5.1.3. to "secureclient"  

0 Kudos
Reply

Go to solution
MPHEGGELO
New Contributor

Friday

Thanks ya'll. I have been using this guide, I am thinking it is now outdated?

https://hcsonline.com/support/white-papers/how-to-deploy-cisco-anyconnect-with-jamf-pro

0 Kudos
Reply

Go to solution
duff2481-1
Contributor
In response to MPHEGGELO

Friday

It is but I essentially used the same setup for 5.1.3 and have deployed to almost 300 users and so far, so good. Install script 

/usr/sbin/installer -verbose -pkg /private/tmp/Cisco-Secure-5.1.3.62/Cisco\ Secure\ Client.pkg -applyChoiceChangesXML /private/tmp/install_choices.xml -target /

 

0 Kudos
Reply

Go to solution
MPHEGGELO
New Contributor

Friday

Our devices are all Supervised and running 14.4 or greater. All Silicon

0 Kudos
Reply

Go to solution
MPHEGGELO
New Contributor

Friday

I have a separate Config with the Managed login items

Screenshot 2024-11-15 at 9.09.44 AM.png

0 Kudos
Reply

Go to solution
MPHEGGELO
New Contributor

Friday

Removing the KEXT fixed the issue on the device in question. Still not clear why it installed on my device with no issues.

0 Kudos
Reply