@mark.mahabir Hi Mark, sorry. I have now added the screenshots. Thanks!

Are there different installers for Intel/Arm, and trying to install one on the other? If this is for an M1, is Rosetta 2 installed?

@Jason33 Hi Jason, this is on an Intel machine. There are very few M1s in the business at the moment, but as part of our enrolment policy Rosetta is installed. Cheers!

I would recommend instead of capturing the installation, create a post install script in Composer. Then before installing, create a conditional statement to check if the CPU is Intel or Arm. If it's arm64, install the rosetta and then the package. If not then continue with the installation. Makes this a smarter installer

@TMPlatform what's the full version of AnyConnect you're trying to install? Big Sur support for AnyConnect started on 4.9.04xxx. You may want to validate the version

Cisco 4.8 installs fine on my primary Mac with Big Sur. No compatibility issues.

@junjishimazaki unless Cisco has changed their AnyConnect application to be compatible with System Extensions in any version below 4.9.04xxx, then I'm not sure how that's working on Big Sur, based on this and from experience dealing with multiple issues with Big Sur and AnyConnect

@JustDeWon , I'm aware of the compatibility advisory. I'm just stating I don't have any issues with Cisco 4.8 on my Mac. Anyways, my situation is irrelevant to the OP's topic. The screenshot he provided shows TM is installing 4.9. So, which is why instead of capturing the installation, it's easier to create a package with a pre-install script.

@JustDeWon If I install the pkg from the DMG then it installs fine but I am trying to create the package that includes the company profile. So what I am doing taking a snapshot inside of Composer, installing Cisco AnyConnect, adding the profile and then export that as a pkg. It is this PKG which is having issues.

@junjishimazaki Thanks for the advice. I'll be honest I am not a packager and learning this stuff for the first time. Are you able to provide any resources I could work through?

I have found that when packaging AnyConnect you need to do it this way
Expand the AnyConnect.pkg
Pkgutil --expand AnyConnect.pkg ~/Documents/AnyConnectVPN

then I opened the Distribution file inside of the expanded package and look for these type entries
<choices-outline> <line choice="choice_vpn"/>

Leave what you want and delete the ones you don't. I only package vpn, posture, and dart
After saving the Distribution file, I flattened the package.
pkgutil --flatten ~/Documents/AnyConnectVPN ~/Desktop/AnyConnect.pkg

I have also found that changing the name to add the version number it will fail to open. Package it first ands then change the name if needed.

I have this working on the latest version of Anyconnect.

I create a folder called "anyconnect_4_9" (you call it whatever you want it to be) in the private/tmp . I have 3 files in that folder, the Cisco AnyConnect package, the anyconnect choice xml file, and the my vpn portal profile. I drag/drop that folder into Composer, make the necessary folder permission, and then create post-install script that I attached to this post. Make sure to digitally sign the package when you create the package.

@junjishimazaki Thanks for your last post. I tried looking for your attachment but you may have not attached it?

How about now?

!/bin/sh

postinstall

installer ‑showChoicesXML -pkg /private/tmp/anyconnect_4_9/AnyConnect.pkg -target / > ~/Desktop/showchoices.xml

Get computer architecture type

arch_name="$(uname -m)"

check condition if type is Intel

if [ "$arch_name" = "x86_64" ]; then installer -applyChoiceChangesXML /private/tmp/anyconnect_4_9/anyconnect_choices.xml -pkg /private/tmp/anyconnect_4_9/AnyConnect.pkg -target / cp /private/tmp/anyconnect_4_9/ACManifestVPN.xml /opt/cisco/anyconnect/profile/ACManifestVPN.xml
elif [ "$arch_name" = "arm64" ]; then # install rosetta first /usr/sbin/softwareupdate --install-rosetta --agree-to-license # install anyconnect package installer -applyChoiceChangesXML /private/tmp/anyconnect_4_9/anyconnect_choices.xml -pkg /private/tmp/anyconnect_4_9/AnyConnect.pkg -target / cp /private/tmp/anyconnect_4_9/ACManifestVPN.xml /opt/cisco/anyconnect/profile/ACManifestVPN.xml
else echo "Unknown architecture"
fi

rm -rf /private/tmp/anyconnect_4_9

exit 0 ## Success
exit 1 ## Failure

<?xml version="1.0" encoding="UTF-8"?>
<vpn rev="1.0"> <file version="4.8.00175" id="VPNCore" is_core="yes" type="dmg" action="install"> <uri>binaries/anyconnect-macos-4.8.00175-core-vpn-webdeploy-k9.dmg</uri> <display-name>AnyConnect Secure Mobility Client</display-name> <ServerList> <HostEntry> <HostName>HOSTNAME</HostName> <HostAddress>VPN PORTAL ADDRESS/HostAddress> <UserGroup></UserGroup> </HostEntry>
</ServerList> </file>
</vpn>

@junjishimazaki Got it, thank you.

@junjishimazaki Am I copying this script verbatim or do I have to amend this in any way?

!/bin/sh postinstall installer ‑showChoicesXML -pkg /private/tmp/anyconnect_4_9/AnyConnect.pkg -target / > ~/Desktop/showchoices.xml Get computer architecture type arch_name="$(uname -m)" check condition if type is Intel if [ "$arch_name" = "x86_64" ]; then installer -applyChoiceChangesXML /private/tmp/anyconnect_4_9/anyconnect_choices.xml -pkg /private/tmp/anyconnect_4_9/AnyConnect.pkg -target / cp /private/tmp/anyconnect_4_9/ACManifestVPN.xml /opt/cisco/anyconnect/profile/ACManifestVPN.xml elif [ "$arch_name" = "arm64" ]; then # install rosetta first /usr/sbin/softwareupdate --install-rosetta --agree-to-license # install anyconnect package installer -applyChoiceChangesXML /private/tmp/anyconnect_4_9/anyconnect_choices.xml -pkg /private/tmp/anyconnect_4_9/AnyConnect.pkg -target / cp /private/tmp/anyconnect_4_9/ACManifestVPN.xml /opt/cisco/anyconnect/profile/ACManifestVPN.xml else echo "Unknown architecture" fi rm -rf /private/tmp/anyconnect_4_9 exit 0 ## Success exit 1 ## Failure

You can copy/paste the whole thing and add # in front of my comments or you can remove my comments

@junjishimazaki What do I enter in the brackets in the script?

arch_name="$(uname -m)"

@junjishimazaki I get this error...