Jamf Nation Community

ITTN · ‎11-17-2023

Hi,

I am trying to install Cisco Any Connect through jamf pro and facing a weird situation here , the logs of policies and configuration profiles show successfully installed but the app is not found anywhere on the laptop . i am sharing the install.log here for reference
""./postinstall" in /private/tmp/PKInstallSandbox.GRMsQD/Scripts/anyconnect-4.10.5cspVc
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: PackageKit: Preparing to execute script "postinstall" in /tmp/PKInstallSandbox.GRMsQD/Scripts/anyconnect-4.10.5cspVc
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: Set responsibility to pid: 1174, responsible_path: /System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: PackageKit: Executing script "postinstall" in /tmp/PKInstallSandbox.GRMsQD/Scripts/anyconnect-4.10.5cspVc
2023-11-17 11:08:12-05 MacBook-Pro installer[2294]: PFPkg: No file found at path: /private/tmp/AnyConnect.pkg
2023-11-17 11:08:12-05 MacBook-Pro installer[2294]: PFPackage::packageWithURL - can't instantiate package: /private/tmp/AnyConnect.pkg
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: ./postinstall: installer: Error - the package path specified was invalid: '/private/tmp/AnyConnect.pkg'.
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: ./postinstall: mv: rename /tmp/anyconnect_profile.xml to /opt/cisco/anyconnect/profile/: No such file or directory
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: Responsibility set back to self.
2023-11-17 11:08:12-05 MacBook-Pro installd[1103]: PackageKit: Writing receipt for anyconnect-4.10 to /
2023-11-17 11:08:12-05 MacBook-Pro installd[1103]: Installed "AnyConnect-4.10" ()
2023-11-17 11:08:12-05 MacBook-Pro installd[1103]: Successfully wrote install history to /Library/Receipts/InstallHistory.plist
2023-11-17 11:08:12-05 MacBook-Pro install_monitor[2291]: Re-included: /Applications, /Library, /System, /bin, /private, /sbin, /usr
2023-11-17 11:08:12-05 MacBook-Pro installd[1103]: PackageKit: releasing backupd
2023-11-17 11:08:12-05 MacBook-Pro installd[1103]: PackageKit: allow user idle system sleep
2023-11-17 11:08:12-05 MacBook-Pro installd[1103]: PackageKit: ----- End install -----

aparten · ‎11-21-2023

I've always had success with packaging both the installer pkg and the choices.xml into a temp folder (via Composer), like so:

and then installing the package with a simple script:

#!/bin/bash

## Run installer with choices XML
installer -allowUntrusted -applyChoiceChangesXML /private/tmp/Cisco/choices.xml -pkg /private/tmp/Cisco/AnyConnect.pkg -target /

## Remove files
rm -r /private/tmp/Cisco

exit 0

View solution in original post

Ehouston3 · ‎11-17-2023

Seems like the log is saying that it couldn't find the package, and the post install script continued with the commands of renaming and logging.
2023-11-17 11:08:12-05 MacBook-Pro installer[2294]: PFPkg: No file found at path: /private/tmp/AnyConnect.pkg
2023-11-17 11:08:12-05 MacBook-Pro installer[2294]: PFPackage::packageWithURL - can't instantiate package: /private/tmp/AnyConnect.pkg
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: ./postinstall: installer: Error - the package path specified was invalid: '/private/tmp/AnyConnect.pkg'.

Maybe confirm if it's packaged properly, and check the post install script.

ITTN · ‎11-20-2023

I can confirm its packaged correctly by running the .pkg individually on the desktop, however i have repackaged it with same method again but no luck
https://hcsonline.com/images/PDFs/Deploying_Cisco_AnyConnect.pdf

AJPinto · ‎11-20-2023

Rather than using Cisco's Options.xml, I found it easier and more consistent to just deploy the entire Cisco Package. Then use a post install script to remove the unnecessary components with their respective uninstallers. Cisco's method for using the Option.xml is a complete and total mess.

ITTN · ‎11-20-2023

So i have removed the options and profile both from the package but still same logs .. cisco any connect installed successfully but no where to be found :/

ITTN · ‎11-20-2023

I have followed this guide to complete the configuration . will try the above and revert . Thanks
https://hcsonline.com/images/PDFs/Deploying_Cisco_AnyConnect.pdf

ITTN · ‎11-21-2023

I cas see the package is received at /Liibrary/Application Support/JAMF/Receipts

Nicholaus · ‎11-21-2023

Here's the way I have it deployed:

1. Open the AnyConnect DMG from Cisco. Drop the AnyConnect.pkg & Profiles folder in /usr/local/jamf/bin/Packages on the device where you are creating the package for use in Jamf Pro.

2. Create and drop an XML file called vpn_install_choices.xml in /usr/local/jamf/bin/Packages. I use the following to only install the VPN portion:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
    <dict>
        <key>attributeSetting</key>
        <integer>1</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_vpn</string>
    </dict>
    <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_websecurity</string>
    </dict>
    <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_fireamp</string>
    </dict>
    <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_dart</string>
    </dict>
    <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_posture</string>
    </dict>
    <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_iseposture</string>
    </dict>
    <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_nvm</string>
    </dict>
     <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_umbrella</string>
    </dict>
</array>
</plist>

3. Open Composer and drag in AnyConnect.pkg, vpn_install_choices.xml and the Profiles folder from /usr/local/jamf/bin/Packages. Make sure that the permissions are set to root:wheel for all of the items and that the folder structure shows those items under /usr/local/jamf/bin/Packages in the Composer window.

4. Create a postinstall script in Composer (Right click Scripts > Shell Script > postinstall) for this package with the following:

#!/bin/sh
## postinstall

installer -pkg /usr/local/jamf/bin/Packages/AnyConnect.pkg -target / -applyChoiceChangesXML /usr/local/jamf/bin/Packages/vpn_install_choices.xml

exit 0		## Success
exit 1		## Failure

5. Build as PKG.

6. Upload the pkg you created to Jamf Pro.

7. Push the pkg out via a policy.

ITTN · ‎11-21-2023

Hi Nicholaus

I dont have packages folder on that path . the only two files i see on /usr/local/jamf/bin/ are
jamf exec and jamfAAD

Nicholaus · ‎11-21-2023

Sorry for the confusion, you can create that folder on the host machine and when the pkg is pushed down it will create it on the target machine.

ITTN · ‎11-21-2023

No luck , actioned as you mentioned but same result

policy logs says successfully installed

but app is no where to be founf

ITTN · ‎11-21-2023

2023-11-21 16:03:59-05 TN01018 installd[2133]: PackageKit: prevent user idle system sleep
2023-11-21 16:03:59-05 TN01018 installd[2133]: PackageKit: suspending backupd
2023-11-21 16:03:59-05 TN01018 installd[2133]: PackageKit: Using trashcan path /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/PKInstallSandboxTrash/938F9EA9-0103-4F49-B6E3-04528AA7401E.sandboxTrash for sandbox /Library/InstallerSandboxes/.PKInstallSandboxManager/938F9EA9-0103-4F49-B6E3-04528AA7401E.activeSandbox
2023-11-21 16:03:59-05 TN01018 installd[2133]: PackageKit: Shoving /Library/InstallerSandboxes/.PKInstallSandboxManager/938F9EA9-0103-4F49-B6E3-04528AA7401E.activeSandbox/Root (1 items) to /
2023-11-21 16:03:59-05 TN01018 install_monitor[2134]: Temporarily excluding: /Applications, /Library, /System, /bin, /private, /sbin, /usr
2023-11-21 16:03:59-05 TN01018 installd[2133]: PackageKit (package_script_service): Preparing to execute script "./postinstall" in /private/tmp/PKInstallSandbox.puyvVF/Scripts/vpninstallchoices.xml.c4PDim
2023-11-21 16:03:59-05 TN01018 package_script_service[2136]: PackageKit: Preparing to execute script "postinstall" in /tmp/PKInstallSandbox.puyvVF/Scripts/vpninstallchoices.xml.c4PDim
2023-11-21 16:03:59-05 TN01018 package_script_service[2136]: Set responsibility to pid: 1049, responsible_path: /System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
2023-11-21 16:03:59-05 TN01018 package_script_service[2136]: PackageKit: Executing script "postinstall" in /tmp/PKInstallSandbox.puyvVF/Scripts/vpninstallchoices.xml.c4PDim
2023-11-21 16:04:00-05 TN01018 installer[2138]: PFPkg: No file found at path: /usr/local/jamf/bin/Packages/AnyConnect.pkg
2023-11-21 16:04:00-05 TN01018 installer[2138]: PFPackage::packageWithURL - can't instantiate package: /usr/local/jamf/bin/Packages/AnyConnect.pkg
2023-11-21 16:04:00-05 TN01018 package_script_service[2136]: ./postinstall: installer: Error - the package path specified was invalid: '/usr/local/jamf/bin/Packages/AnyConnect.pkg'.
2023-11-21 16:04:00-05 TN01018 package_script_service[2136]: Responsibility set back to self.
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: Writing receipt for vpninstallchoices.xml to /
2023-11-21 16:04:00-05 TN01018 installd[2133]: Installed "vpn_install_choices.xml" ()
2023-11-21 16:04:00-05 TN01018 installd[2133]: Successfully wrote install history to /Library/Receipts/InstallHistory.plist
2023-11-21 16:04:00-05 TN01018 install_monitor[2134]: Re-included: /Applications, /Library, /System, /bin, /private, /sbin, /usr
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: releasing backupd
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: allow user idle system sleep
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: ----- End install -----
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: 1.0s elapsed install time
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: Cleared responsibility for install from 2132.
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: Running idle tasks
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: Removing client PKInstallDaemonClient pid=2132, uid=0 (/usr/sbin/installer)
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: Done with sandbox removals
2023-11-21 16:04:01-05 TN01018 installer[2132]: Running install actions
2023-11-21 16:04:01-05 TN01018 installer[2132]: Removing temporary directory "/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//Install.2132jPkmTi"
2023-11-21 16:04:01-05 TN01018 installer[2132]: Finalize disk "Macintosh HD"
2023-11-21 16:04:01-05 TN01018 installer[2132]: Notifying system of updated components
2023-11-21 16:04:01-05 TN01018 installer[2132]:
2023-11-21 16:04:01-05 TN01018 installer[2132]: **** Summary Information ****
2023-11-21 16:04:01-05 TN01018 installer[2132]:   Operation      Elapsed time
2023-11-21 16:04:01-05 TN01018 installer[2132]: -----------------------------
2023-11-21 16:04:01-05 TN01018 installer[2132]:        disk      0.00 seconds
2023-11-21 16:04:01-05 TN01018 installer[2132]:      script      0.00 seconds

Nicholaus · ‎11-21-2023

What is generating this log? Is the package being pushed via a standard Jamf policy? I see PackageKit and reference to a sandbox in the logs. I'm unfamiliar with using PackageKit, so I can't be of much help there.

aparten · ‎11-21-2023

I've always had success with packaging both the installer pkg and the choices.xml into a temp folder (via Composer), like so:

and then installing the package with a simple script:

#!/bin/bash

## Run installer with choices XML
installer -allowUntrusted -applyChoiceChangesXML /private/tmp/Cisco/choices.xml -pkg /private/tmp/Cisco/AnyConnect.pkg -target /

## Remove files
rm -r /private/tmp/Cisco

exit 0

TwoCentsforFree · ‎10-04-2024

I am in the same boat as OP, but this did not work for me. All my files are in /private/tmp/CiscoInstall and that's how it is built in Composer. I used the "Apply permissions to all enclosed items" with root/wheel and 1777 permissions from the parent folder (/private) down in Composer. I've checked and double-checked my script for typos and every time, I get a nearly identical error as OP: PackageKit: Error Domain=NSPOSIXErrorDomain Code=2 "No such file or directory"

I swear it has something to do with "Temporarily excluding: /Applications, /Library, /System, /bin, /private, /sbin, /usr" but it seems others get that and it works for them.

I wasn't using -allowUnstrusted before. So, I tried that, but it didn't make a difference for me. When this fails, I will copy and paste the same exact command into Terminal, run with sudo in front, and it works no problem. So, the paths are right. SIP should not be a problem. I can't figure out why I keep getting "no such file or directory" except maybe because /private is excluded temporarily, just before the script runs for some reason. It is as if the root/wheel permission is not being applied to the postinstall script. Here is mine that is simplified for troubleshooting the install:

#!/bin/zsh

# Run the PKG with selections from csc_choices.xml (VPN only) to install the selected modules

installer -allowUntrusted -applyChoiceChangesXML /private/tmp/CiscoInstall/csc51565_choices_Jay1.xml -pkg /private/tmp/CiscoInstall/CiscoSecureClient.pkg -target /

Any ideas?

Here's a bit more of the log:

2024-10-04 16:16:17-07 Jays-MacBook-Pro installd[840]: PackageKit: Shoving /Library/InstallerSandboxes/.PKInstallSandboxManager/35DBFBC3-0E99-4C39-8DEA-39E75963C02A.activeSandbox/Root (1 items) to /
2024-10-04 16:16:17-07 Jays-MacBook-Pro install_monitor[2181]: Temporarily excluding: /Applications, /Library, /System, /bin, /private, /sbin, /usr
2024-10-04 16:16:17-07 Jays-MacBook-Pro installd[840]: PackageKit (package_script_service): Preparing to execute script "./postinstall" in /private/tmp/PKInstallSandbox.fPvtyZ/Scripts/ciscosecureclient51565.opHsGJ
2024-10-04 16:16:17-07 Jays-MacBook-Pro package_script_service[1907]: PackageKit: Preparing to execute script "postinstall" in /tmp/PKInstallSandbox.fPvtyZ/Scripts/ciscosecureclient51565.opHsGJ
2024-10-04 16:16:17-07 Jays-MacBook-Pro package_script_service[1907]: Set responsibility to pid: 2177, responsible_path: /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer
2024-10-04 16:16:17-07 Jays-MacBook-Pro package_script_service[1907]: PackageKit: Executing script "postinstall" in /tmp/PKInstallSandbox.fPvtyZ/Scripts/ciscosecureclient51565.opHsGJ
2024-10-04 16:16:17-07 Jays-MacBook-Pro package_script_service[1907]: PackageKit: Error Domain=NSPOSIXErrorDomain Code=2 "No such file or directory"
2024-10-04 16:16:17-07 Jays-MacBook-Pro package_script_service[1907]: PackageKit: Failed task attributes: {
NSFileAppendOnly = 0;
NSFileCreationDate = "2024-10-04 23:12:03 +0000";
NSFileExtendedAttributes = {
"com.apple.TextEncoding" = {length = 15, bytes = 0x7574662d383b313334323137393834};
};
NSFileExtensionHidden = 0;
NSFileGroupOwnerAccountID = 0;
NSFileGroupOwnerAccountName = wheel;
NSFileHFSCreatorCode = 0;
NSFileHFSTypeCode = 0;
NSFileImmutable = 0;
NSFileModificationDate = "2024-10-04 23:12:03 +0000";
NSFileOwnerAccountID = 0;
NSFileOwnerAccountName = root;
NSFilePosixPermissions = 493;
NSFileProtectionKey = NSFileProtectionCompleteUntilFirstUserAuthentication;
NSFileReferenceCount = 1;
NSFileSize = 274;
NSFileSystemFileNumber = 598904;
NSFileSystemNumber = 16777220;
NSFileType = NSFileTypeRegular;
}
2024-10-04 16:16:17-07 Jays-MacBook-Pro package_script_service[1907]: Responsibility set back to self.
2024-10-04 16:16:17-07 Jays-MacBook-Pro install_monitor[2181]: Re-included: /Applications, /Library, /System, /bin, /private, /sbin, /usr
2024-10-04 16:16:18-07 Jays-MacBook-Pro installd[840]: PackageKit: releasing backupd

ITTN · ‎02-13-2024

hey @aparten

Thanks so much for providing the above script i finally tasted success by running it however if you can assist on how to embed profiles.xml in the script i would really appreciate that .

ITTN · ‎02-13-2024

Also how can i run the same script for other computers , this has worked like a charm on local computer but path is not valid for other computer through jamf policy. please assist as i am super excited to get over it completely. Thanks in advance

Jamf Nation Community

Unable to install cisco anyconnect pkg