We have a strange proxy-bug on Monterey in Safari. Once a user connects to our corporate network, Safari can' t reach any pages. (Safari Can't Connect to the Server) If the user then opens Chrome, Safari immediately works again. Clearing the cache in Safari also solves the problem. Our proxy is configured correctly, on Big Sur everything works. Does anyone have the same Issue? Or already a solution?
Can't say I've seen exactly what you describe, but I have had issues with Big Sur and Safari and our corporate proxy, where only sites or IPs that are specifically whitelisted to bypass the proxy will load in Safari, whereas Chrome works fine with all sites. So does Microsoft Edge. It's just Safari, and incidentally the App Store as well, which leads me to think it's an incompatibility with WebKit, since those 2 applications use Webkit and Chrome/Edge use the Chromium engine.
I have yet to test out Monterey with our proxy, and I'm so not looking forward to that! I get the feeling it's going to be more broken than ever.
Does your proxy require user authentication?
I would like to understand this better and if anyone has personal experiences to share please go ahead.
you use Kerberos to authenticate to your authenticated proxy. The pages will not load on safari.
if you whitelist the page to go direct - Kerberos will authenticate to the proxy
is the case onprem or via some sort of vpn like zpa (Zscaler)
are you using blue coat proxies?
does the same setup work for windows and not Mac?
does chrome provide additional prompts for auth that safari does not?
who has this issue how did you resolve it?
In our case, the whole thing behaves exactly as you describe. (With Kerberos/whitlisted pages) Via VPN (Cisco-Anyconnect) and of course also in the corporate network. (Conifguration as Proxy .pac File.) Chrome browser doesn't provide additional proxy auth pop-ups, doing a search is enough for Safari to run again. We didn't found a solution yet, on Beta 3 (12.1) the Issue persists.
Yeah, I'm seeing some real parallels here. We also use Cisco AnyConnect VPN and also use a Bluecoat proxy (with a .pac file). It seems like the combination of these items really does not work well with Safari in Big Sur/Monterey for whatever reason. Though I should note that even being in an office location and connected to company WiFi, the issue persists, which would indicate it's not a VPN problem. More of a proxy problem.
Although I'm sorry someone else is experiencing this, it's somewhat comforting to know it's not just us. It seems almost certain there is some incompatibility between these items. I just wish we were able to find a solution. But Apple support has been mostly unhelpful on this, so we've been left to our own devices to try to figure this out.
Concerning the combination of these elements, I would think as follows. The Anyconnect client is probably not the reason, I asked several admins with this issue, they use all different VPN clients in their company. I also believe that the proxy configuration is not the main issue. Besides the .pac file we also tried it with the direct web proxy (HTTP) and the secure web proxy (HTTPS). This doesn't make any difference for us, issue still persists. @mm2270 Do you have a guess where the cause could be?
Just piling on, seeing this with a different VPN, behaving exactly like everyone here is describing. Just put Monterey on this Mac, same config worked fine in Big Sur. Hope everyone is filing bugs.
Edit: Appears to only affect proxy auth; seems to work fine w/the unauthenticated proxy
I just upgraded my Mac book pro to Monterey and coincidentally JAMF was pushed to my machine from our IT group.
We have Cisco VPN.
And the problem is Chrome will open any web page, but safari will not open anything. I repeat, chrome works but safari does not. So, it's not exactly as Joel_Rohland posted, but similar. Happens whether I'm logged into the VPN or not.
Apple support had me re-install Monterey from the recovery screen. That did not fix the problem.
The next apple tech had me create a new user, and the problem still is there.
I may have to send my machine back to corporate and have them wipe the hard drive and re-image with Big Sur.
Really don't want to do that. But, apple support is stumped.
Has anyone found a solution ??
we use the Payload identifyer for com.apple.systemconfig for our proxy config
One Config file works fine
Same config file with more exeptions for bypass dosnt work as attented.
Apple is fully aware of the issue -- now the voice of the people affected -- need to be heard
How to do that --- easy reach out to your account rep and/or open a ticket with apple through their support panels
The combination seem to be (or might be a combination of:
Authenticated proxies and/or kerberized connections vs ntlm support on proxies-- and safari
Seen more on a vpn connection - but visibility on-prem as well
Third party browsers seem to complete the authentication vs safari-- or opening both which establish the connection
Get a sysdiagnose and trace with Wireshark- be prepared to work with apple - and not against them by not reporting it
Lets get apple on top of it together --- cheers
We have had the same problem since mid-November when upgrading to Monterey, a case was opened in Apple's technical support, but there is no solution to it.
I created a topic on the Apple forum, since Apple technical support does not look at information on third-party forums, please write in the topic, maybe this will push Apple engineers to solve the problem 🙂
With Monterey Apple have deprecated support for PAC files hosted on an HTTP server, which caused us the issues that have been described in this JAMF thread.
We will be delivering PAC file via HTTPS going forward which we expect will resolve the issues.