a week ago
Seeing inconsistent deployment of a Config Profile that is required for use of CISCO Secure Client.
"the current system configuration does not allow the requested operation"
My device it installed fine (15.1) on another device (15.1), it gets the above message in the JAMF device record.
The config profile does have one kernel extension being deployed
Kernel Extension Bundle ID | ||
---|---|---|
com.cisco.kext.acsock |
Solved! Go to Solution.
a week ago
Knowing Cisco, the configuration profile they provide still has the KEXT in it. I know it did 2 years ago when we dumped AnyConnect which was a year after Apple retired KEXTs, I had to manually add the system extension stuff as Cisco's support had no idea how to do it. Their documentation was really emberrising for a company their size.
a week ago
It's been a while since I had the misfortune of dealing with Cisco. However, did you remove the KEXT from their config profile as those are deprecated. Also is the device supervised or just managed?
a week ago
You should not be using Kernel extensions. Cisco moved away from those around macOS 11 timeframe.
I removed them from my environment, maybe four years ago.
You should be using system extensions instead, the screenshots should help.
a week ago
Knowing Cisco, the configuration profile they provide still has the KEXT in it. I know it did 2 years ago when we dumped AnyConnect which was a year after Apple retired KEXTs, I had to manually add the system extension stuff as Cisco's support had no idea how to do it. Their documentation was really emberrising for a company their size.
a week ago
So, removing worked for my test device, but does not explain why my device had no issues with the config profile. We are both macOS 15.1, mine M3 MBP, the other M2 MBA
a week ago
We also created new profile for management notifications. Bundle ID: com.cisco.secureclient.gui as Cisco update in I believe 5.1.3. to "secureclient"
a week ago
Thanks ya'll. I have been using this guide, I am thinking it is now outdated?
https://hcsonline.com/support/white-papers/how-to-deploy-cisco-anyconnect-with-jamf-pro
a week ago
It is but I essentially used the same setup for 5.1.3 and have deployed to almost 300 users and so far, so good. Install script
/usr/sbin/installer -verbose -pkg /private/tmp/Cisco-Secure-5.1.3.62/Cisco\ Secure\ Client.pkg -applyChoiceChangesXML /private/tmp/install_choices.xml -target /
a week ago
Our devices are all Supervised and running 14.4 or greater. All Silicon
a week ago
I have a separate Config with the Managed login items
a week ago
Removing the KEXT fixed the issue on the device in question. Still not clear why it installed on my device with no issues.