11-17-2021 07:56 AM - edited 11-17-2021 08:05 AM
We have a strange proxy-bug on Monterey in Safari. Once a user connects to our corporate network, Safari can' t reach any pages. (Safari Can't Connect to the Server) If the user then opens Chrome, Safari immediately works again. Clearing the cache in Safari also solves the problem. Our proxy is configured correctly, on Big Sur everything works. Does anyone have the same Issue? Or already a solution?
Posted on 11-17-2021 10:04 AM
Can't say I've seen exactly what you describe, but I have had issues with Big Sur and Safari and our corporate proxy, where only sites or IPs that are specifically whitelisted to bypass the proxy will load in Safari, whereas Chrome works fine with all sites. So does Microsoft Edge. It's just Safari, and incidentally the App Store as well, which leads me to think it's an incompatibility with WebKit, since those 2 applications use Webkit and Chrome/Edge use the Chromium engine.
I have yet to test out Monterey with our proxy, and I'm so not looking forward to that! I get the feeling it's going to be more broken than ever.
Does your proxy require user authentication?
11-22-2021 08:59 AM - edited 11-22-2021 09:00 AM
That' s also the case for us... Whitelisted pages still work in Safari. And yes, our proxy requires authentication. Did you find solution for the issue on Big Sur?
Posted on 11-23-2021 08:10 PM
I would like to understand this better and if anyone has personal experiences to share please go ahead.
you use Kerberos to authenticate to your authenticated proxy. The pages will not load on safari.
if you whitelist the page to go direct - Kerberos will authenticate to the proxy
is the case onprem or via some sort of vpn like zpa (Zscaler)
are you using blue coat proxies?
does the same setup work for windows and not Mac?
does chrome provide additional prompts for auth that safari does not?
who has this issue how did you resolve it?
Posted on 11-24-2021 05:56 AM
In our case, the whole thing behaves exactly as you describe. (With Kerberos/whitlisted pages) Via VPN (Cisco-Anyconnect) and of course also in the corporate network. (Conifguration as Proxy .pac File.) Chrome browser doesn't provide additional proxy auth pop-ups, doing a search is enough for Safari to run again. We didn't found a solution yet, on Beta 3 (12.1) the Issue persists.
Posted on 11-24-2021 06:52 AM
Yeah, I'm seeing some real parallels here. We also use Cisco AnyConnect VPN and also use a Bluecoat proxy (with a .pac file). It seems like the combination of these items really does not work well with Safari in Big Sur/Monterey for whatever reason. Though I should note that even being in an office location and connected to company WiFi, the issue persists, which would indicate it's not a VPN problem. More of a proxy problem.
Although I'm sorry someone else is experiencing this, it's somewhat comforting to know it's not just us. It seems almost certain there is some incompatibility between these items. I just wish we were able to find a solution. But Apple support has been mostly unhelpful on this, so we've been left to our own devices to try to figure this out.
11-24-2021 08:47 AM - edited 11-24-2021 08:54 AM
11-24-2021 08:40 AM - edited 11-25-2021 09:20 AM
Concerning the combination of these elements, I would think as follows. The Anyconnect client is probably not the reason, I asked several admins with this issue, they use all different VPN clients in their company. I also believe that the proxy configuration is not the main issue. Besides the .pac file we also tried it with the direct web proxy (HTTP) and the secure web proxy (HTTPS). This doesn't make any difference for us, issue still persists. @mm2270 Do you have a guess where the cause could be?
Posted on 11-24-2021 05:12 PM
Also seeing the same behavior in Safari when utilizing authenticated (Kerberos SSO) Automatic Proxy (PAC), Chrome and Edge are not impacted
12-15-2021 06:57 AM - edited 12-15-2021 07:12 AM
Just piling on, seeing this with a different VPN, behaving exactly like everyone here is describing. Just put Monterey on this Mac, same config worked fine in Big Sur. Hope everyone is filing bugs.
Edit: Appears to only affect proxy auth; seems to work fine w/the unauthenticated proxy
Posted on 12-17-2021 02:28 PM
I just upgraded my Mac book pro to Monterey and coincidentally JAMF was pushed to my machine from our IT group.
We have Cisco VPN.
And the problem is Chrome will open any web page, but safari will not open anything. I repeat, chrome works but safari does not. So, it's not exactly as Joel_Rohland posted, but similar. Happens whether I'm logged into the VPN or not.
Apple support had me re-install Monterey from the recovery screen. That did not fix the problem.
The next apple tech had me create a new user, and the problem still is there.
I may have to send my machine back to corporate and have them wipe the hard drive and re-image with Big Sur.
Really don't want to do that. But, apple support is stumped.
Posted on 01-06-2022 02:48 AM
Has anyone found a solution ??
we use the Payload identifyer for com.apple.systemconfig for our proxy config
One Config file works fine
Same config file with more exeptions for bypass dosnt work as attented.
Posted on 01-10-2022 10:12 AM
Apple is fully aware of the issue -- now the voice of the people affected -- need to be heard
How to do that --- easy reach out to your account rep and/or open a ticket with apple through their support panels
The combination seem to be (or might be a combination of:
Authenticated proxies and/or kerberized connections vs ntlm support on proxies-- and safari
Seen more on a vpn connection - but visibility on-prem as well
Third party browsers seem to complete the authentication vs safari-- or opening both which establish the connection
Get a sysdiagnose and trace with Wireshark- be prepared to work with apple - and not against them by not reporting it
Lets get apple on top of it together --- cheers
Posted on 01-12-2022 01:33 AM
We have had the same problem since mid-November when upgrading to Monterey, a case was opened in Apple's technical support, but there is no solution to it.
I created a topic on the Apple forum, since Apple technical support does not look at information on third-party forums, please write in the topic, maybe this will push Apple engineers to solve the problem 🙂
Posted on 01-14-2022 03:07 AM
I have this problem too, using a proxy (squid) without authentication. Does anyone has a solution yet?
Posted on 01-17-2022 09:33 PM
I've been testing 12.2 b2 and this issue seems to have been resolved for us. I would conduct testing with this beta of Monterey and confirm it also resolves the issue.
Posted on 01-18-2022 02:59 AM
I just tested it as well and can confirm that the issue no longer exists for us.
Posted on 01-27-2022 10:18 AM
Can you please Confirm 12.2 Public version related today still contains the fix-- we are still experiencing the issue :/
Anyone else still see this after update that dropped today
Posted on 01-27-2022 11:07 AM
Do the people who had issues have Symantec Endpoint Protection 14.2ru2 or lower -- Network Filter being disabled seems to fix it on first tests
Posted on 03-25-2022 07:36 AM
With Monterey Apple have deprecated support for PAC files hosted on an HTTP server, which caused us the issues that have been described in this JAMF thread.
macOS Monterey 12.0.1 Release Notes | Apple Developer Documentation
We will be delivering PAC file via HTTPS going forward which we expect will resolve the issues.
Posted on 10-10-2022 02:50 PM
Our organization is not likely going to move to HTTPS PAC files. Any others find workarounds? Still facing issues running 12.6.
Posted on 10-10-2022 03:50 PM
You don't really have a choice here. If you don't upgrade the PAC to be served over https, macOS will simply change the entered PAC File URL to https://. You may then face issues if there's no cert there.