Posted on 01-24-2024 08:55 AM
The last two versions of Cisco Secure have had caused a weird issue in our environment. On random machines, we're getting a popup message (that locks up Finder until acknowledged) with the text "The VPN client agent was unable to create the interprocess communications depot" every 30 seconds. Looking around online, we found this was caused by Internet Connection Sharing (ICS) being enabled. Thing is, we don't enable ICS, and the machines we're seeing it on don't have ICS enabled.
My first thought was our installer was bad, but we're just doing the standard choices.xml for the install and applying their provided temp workaround for the macOS 14.2+ launchagent issue.
/usr/sbin/installer -pkg ./Cisco\ Secure\ Client.pkg -target / -applyChoiceChangesXML ./Cisco-Secure_choices.xml
# Temp fix for macOS 14.2 and 5.1.0.136
if [[ "$( sw_vers -productVersion | awk -F '.' '{print $1}' )" == "14" ]] && \
[[ $( sw_vers -productVersion | awk -F '.' '{print $2}' ) -ge 2 ]] && \
[ ! -f /Library/LaunchDaemons/com.cisco.secureclient.vpnagentd.plist ]; then
echo "Applying workaround for macOS 14.2 and higher"
cp /opt/cisco/secureclient/bin/Cisco\ Secure\ Client\ -\ AnyConnect\ VPN\ Service.app/Contents/Resources/com.cisco.secureclient.vpnagentd.plist /Library/LaunchDaemons/
launchctl bootstrap system /Library/LaunchDaemons/com.cisco.secureclient.vpnagentd.plist
else
echo "macOS 14.2 workaround not needed"
fi
I'm not sure where that could go wrong on our end of things. Making things weirder, sometimes just uninstalling and reinstalling the exact same package on the machine with the exact same settings fixes the issue.
We reached out to Cisco support on the issue, and they keep bouncing between sending us Windows only troubleshooting and telling us to disable the already disabled ICS. Has anyone else been seeing this? If so, were you able to figure out the cause or a potential fix?
Posted on 01-24-2024 03:34 PM
I am in the testing phase of that same deployment (5.1.0.136). Your explanation about steps taken match my process. We only have the basics enabled with the choices.xml. VPN is hidden. We use Global Protect for VPN.
I have successfully installed the application with zero interaction for our standard users.
Our director while on a plane "hopefully not a 737" was receiving this error this error. I verified with a script that the MacBook did not have ICS enabled. I also tried to recreate the error on my test mac by enabling ICS. I was unable to recreate the issue.
I have not been able to get my hands on the device yet.
This means I cannot test the basics like reinstalling again yet.
Do you know the last time the Macbooks had been restarted?
This one is going on over 90 without a restart.
This issue is seen way back in 2019 in posts I find. Commonly they all get zero real help from Cisco on any post.
I am not allowed access to the portal so I cannot make a ticket.
I will keep you updated on if I find something on the machine.
Posted on 01-25-2024 06:45 AM
We're seeing it on newly enrolled machines on both 5.1.0.136 and 5.1.1.42, but frustratingly no way to force it to happen. Even on the exact same machine with the exact same settings and exact same package, it may or may not happen. One test machine went like this
First install of Cisco Secure > Error happens > Uninstall
Second install with same package > No error > Uninstall
Third install with same package > Error happens
Posted on 02-20-2024 11:03 AM
@Travistie you have any idea how solve this problem?
I encounter the same problem on MacOS Sonoma 14.3 when installing Cisco Secure Client version 5.1.1.42 (only umbrella module)
Posted on 02-20-2024 12:28 PM
@alpochinok I actually just got off a webex with a cisco engineer on this issue. They're thinking it's tied to this bug and its workaround. They also emphasized that they couldn't find other people having the same issue, so please please please contact Cisco support so they know I'm not crazy.
Posted on 02-29-2024 01:37 AM
@McAwesome have any idea how solve this problem? Cisco Support didn't answer anything((((
Posted on 02-29-2024 06:11 AM
Unfortunately no. I'm stuck trying to get them to acknowledge there is a problem and that despite them closing that CSCwi20597 ticket it still happens on version 5.1.2.42. I can absolutely relate though since it's been about two months of this back and forth with Cisco support, and even getting an official Apple support ticket added did nothing.