Unable to install cisco anyconnect pkg

ITTN
New Contributor III

Hi, 

I am trying to install Cisco Any Connect through jamf pro and facing a weird situation here , the logs of policies and configuration profiles show successfully installed but the app is not found anywhere on the laptop . i am sharing the install.log here for reference 
""./postinstall" in /private/tmp/PKInstallSandbox.GRMsQD/Scripts/anyconnect-4.10.5cspVc
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: PackageKit: Preparing to execute script "postinstall" in /tmp/PKInstallSandbox.GRMsQD/Scripts/anyconnect-4.10.5cspVc
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: Set responsibility to pid: 1174, responsible_path: /System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: PackageKit: Executing script "postinstall" in /tmp/PKInstallSandbox.GRMsQD/Scripts/anyconnect-4.10.5cspVc
2023-11-17 11:08:12-05 MacBook-Pro installer[2294]: PFPkg: No file found at path: /private/tmp/AnyConnect.pkg
2023-11-17 11:08:12-05 MacBook-Pro installer[2294]: PFPackage::packageWithURL - can't instantiate package: /private/tmp/AnyConnect.pkg
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: ./postinstall: installer: Error - the package path specified was invalid: '/private/tmp/AnyConnect.pkg'.
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: ./postinstall: mv: rename /tmp/anyconnect_profile.xml to /opt/cisco/anyconnect/profile/: No such file or directory
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: Responsibility set back to self.
2023-11-17 11:08:12-05 MacBook-Pro installd[1103]: PackageKit: Writing receipt for anyconnect-4.10 to /
2023-11-17 11:08:12-05 MacBook-Pro installd[1103]: Installed "AnyConnect-4.10" ()
2023-11-17 11:08:12-05 MacBook-Pro installd[1103]: Successfully wrote install history to /Library/Receipts/InstallHistory.plist
2023-11-17 11:08:12-05 MacBook-Pro install_monitor[2291]: Re-included: /Applications, /Library, /System, /bin, /private, /sbin, /usr
2023-11-17 11:08:12-05 MacBook-Pro installd[1103]: PackageKit: releasing backupd
2023-11-17 11:08:12-05 MacBook-Pro installd[1103]: PackageKit: allow user idle system sleep
2023-11-17 11:08:12-05 MacBook-Pro installd[1103]: PackageKit: ----- End install -----

1 ACCEPTED SOLUTION

aparten
New Contributor III

I've always had success with packaging both the installer pkg and the choices.xml into a temp folder (via Composer), like so:

Screenshot 2023-11-21 at 3.54.51 PM.png

 

and then installing the package with a simple script:

#!/bin/bash

## Run installer with choices XML
installer -allowUntrusted -applyChoiceChangesXML /private/tmp/Cisco/choices.xml -pkg /private/tmp/Cisco/AnyConnect.pkg -target /

## Remove files
rm -r /private/tmp/Cisco

exit 0

 

View solution in original post

16 REPLIES 16

Ehouston3
New Contributor III

Seems like the log is saying that it couldn't find the package, and the post install script continued with the commands of renaming and logging.
2023-11-17 11:08:12-05 MacBook-Pro installer[2294]: PFPkg: No file found at path: /private/tmp/AnyConnect.pkg
2023-11-17 11:08:12-05 MacBook-Pro installer[2294]: PFPackage::packageWithURL - can't instantiate package: /private/tmp/AnyConnect.pkg
2023-11-17 11:08:12-05 MacBook-Pro package_script_service[1309]: ./postinstall: installer: Error - the package path specified was invalid: '/private/tmp/AnyConnect.pkg'.

Maybe
confirm if it's packaged properly, and check the post install script.

ITTN
New Contributor III

I can confirm its packaged correctly by running the .pkg individually on the desktop, however i have repackaged it with same method again but no luck
https://hcsonline.com/images/PDFs/Deploying_Cisco_AnyConnect.pdf

AJPinto
Honored Contributor III

Rather than using Cisco's Options.xml, I found it easier and more consistent to just deploy the entire Cisco Package. Then use a post install script to remove the unnecessary components with their respective uninstallers. Cisco's method for using the Option.xml is a complete and total mess.

ITTN
New Contributor III

So i have removed the options and profile both from the package but still same logs .. cisco any connect installed successfully but no where to be found :/

ITTN
New Contributor III

I have followed this guide to complete the configuration . will try the above and revert . Thanks 
https://hcsonline.com/images/PDFs/Deploying_Cisco_AnyConnect.pdf

 

ITTN
New Contributor III

I cas see the package is received at /Liibrary/Application Support/JAMF/Receipts

Nicholaus
Contributor

Here's the way I have it deployed:

1. Open the AnyConnect DMG from Cisco. Drop the AnyConnect.pkg & Profiles folder in /usr/local/jamf/bin/Packages on the device where you are creating the package for use in Jamf Pro.

2. Create and drop an XML file called vpn_install_choices.xml in /usr/local/jamf/bin/Packages. I use the following to only install the VPN portion: 

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
    <dict>
        <key>attributeSetting</key>
        <integer>1</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_vpn</string>
    </dict>
    <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_websecurity</string>
    </dict>
    <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_fireamp</string>
    </dict>
    <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_dart</string>
    </dict>
    <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_posture</string>
    </dict>
    <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_iseposture</string>
    </dict>
    <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_nvm</string>
    </dict>
     <dict>
        <key>attributeSetting</key>
        <integer>0</integer>
        <key>choiceAttribute</key>
        <string>selected</string>
        <key>choiceIdentifier</key>
        <string>choice_umbrella</string>
    </dict>
</array>
</plist>

 

3. Open Composer and drag in AnyConnect.pkg, vpn_install_choices.xml and the Profiles folder from /usr/local/jamf/bin/Packages. Make sure that the permissions are set to root:wheel for all of the items and that the folder structure shows those items under /usr/local/jamf/bin/Packages in the Composer window.

4. Create a postinstall script in Composer (Right click Scripts > Shell Script > postinstall) for this package with the following: 

 

#!/bin/sh
## postinstall

installer -pkg /usr/local/jamf/bin/Packages/AnyConnect.pkg -target / -applyChoiceChangesXML /usr/local/jamf/bin/Packages/vpn_install_choices.xml

exit 0		## Success
exit 1		## Failure

 

 5. Build as PKG.

6. Upload the pkg you created to Jamf Pro.

7. Push the pkg out via a policy.

ITTN
New Contributor III

Hi Nicholaus

I dont have packages folder on that path . the only two files i see on /usr/local/jamf/bin/ are 
jamf exec and jamfAAD

Sorry for the confusion, you can create that folder on the host machine and when the pkg is pushed down it will create it on the target machine.

ITTN
New Contributor III

No luck , actioned as you mentioned but same result 

policy logs says successfully installed 

but app is no where to be founf

ITTN
New Contributor III

2023-11-21 16:03:59-05 TN01018 installd[2133]: PackageKit: prevent user idle system sleep
2023-11-21 16:03:59-05 TN01018 installd[2133]: PackageKit: suspending backupd
2023-11-21 16:03:59-05 TN01018 installd[2133]: PackageKit: Using trashcan path /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/PKInstallSandboxTrash/938F9EA9-0103-4F49-B6E3-04528AA7401E.sandboxTrash for sandbox /Library/InstallerSandboxes/.PKInstallSandboxManager/938F9EA9-0103-4F49-B6E3-04528AA7401E.activeSandbox
2023-11-21 16:03:59-05 TN01018 installd[2133]: PackageKit: Shoving /Library/InstallerSandboxes/.PKInstallSandboxManager/938F9EA9-0103-4F49-B6E3-04528AA7401E.activeSandbox/Root (1 items) to /
2023-11-21 16:03:59-05 TN01018 install_monitor[2134]: Temporarily excluding: /Applications, /Library, /System, /bin, /private, /sbin, /usr
2023-11-21 16:03:59-05 TN01018 installd[2133]: PackageKit (package_script_service): Preparing to execute script "./postinstall" in /private/tmp/PKInstallSandbox.puyvVF/Scripts/vpninstallchoices.xml.c4PDim
2023-11-21 16:03:59-05 TN01018 package_script_service[2136]: PackageKit: Preparing to execute script "postinstall" in /tmp/PKInstallSandbox.puyvVF/Scripts/vpninstallchoices.xml.c4PDim
2023-11-21 16:03:59-05 TN01018 package_script_service[2136]: Set responsibility to pid: 1049, responsible_path: /System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
2023-11-21 16:03:59-05 TN01018 package_script_service[2136]: PackageKit: Executing script "postinstall" in /tmp/PKInstallSandbox.puyvVF/Scripts/vpninstallchoices.xml.c4PDim
2023-11-21 16:04:00-05 TN01018 installer[2138]: PFPkg: No file found at path: /usr/local/jamf/bin/Packages/AnyConnect.pkg
2023-11-21 16:04:00-05 TN01018 installer[2138]: PFPackage::packageWithURL - can't instantiate package: /usr/local/jamf/bin/Packages/AnyConnect.pkg
2023-11-21 16:04:00-05 TN01018 package_script_service[2136]: ./postinstall: installer: Error - the package path specified was invalid: '/usr/local/jamf/bin/Packages/AnyConnect.pkg'.
2023-11-21 16:04:00-05 TN01018 package_script_service[2136]: Responsibility set back to self.
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: Writing receipt for vpninstallchoices.xml to /
2023-11-21 16:04:00-05 TN01018 installd[2133]: Installed "vpn_install_choices.xml" ()
2023-11-21 16:04:00-05 TN01018 installd[2133]: Successfully wrote install history to /Library/Receipts/InstallHistory.plist
2023-11-21 16:04:00-05 TN01018 install_monitor[2134]: Re-included: /Applications, /Library, /System, /bin, /private, /sbin, /usr
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: releasing backupd
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: allow user idle system sleep
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: ----- End install -----
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: 1.0s elapsed install time
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: Cleared responsibility for install from 2132.
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: Running idle tasks
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: Removing client PKInstallDaemonClient pid=2132, uid=0 (/usr/sbin/installer)
2023-11-21 16:04:00-05 TN01018 installd[2133]: PackageKit: Done with sandbox removals
2023-11-21 16:04:01-05 TN01018 installer[2132]: Running install actions
2023-11-21 16:04:01-05 TN01018 installer[2132]: Removing temporary directory "/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//Install.2132jPkmTi"
2023-11-21 16:04:01-05 TN01018 installer[2132]: Finalize disk "Macintosh HD"
2023-11-21 16:04:01-05 TN01018 installer[2132]: Notifying system of updated components
2023-11-21 16:04:01-05 TN01018 installer[2132]:
2023-11-21 16:04:01-05 TN01018 installer[2132]: **** Summary Information ****
2023-11-21 16:04:01-05 TN01018 installer[2132]:   Operation      Elapsed time
2023-11-21 16:04:01-05 TN01018 installer[2132]: -----------------------------
2023-11-21 16:04:01-05 TN01018 installer[2132]:        disk      0.00 seconds
2023-11-21 16:04:01-05 TN01018 installer[2132]:      script      0.00 seconds

What is generating this log? Is the package being pushed via a standard Jamf policy? I see PackageKit and reference to a sandbox in the logs. I'm unfamiliar with using PackageKit, so I can't be of much help there.

aparten
New Contributor III

I've always had success with packaging both the installer pkg and the choices.xml into a temp folder (via Composer), like so:

Screenshot 2023-11-21 at 3.54.51 PM.png

 

and then installing the package with a simple script:

#!/bin/bash

## Run installer with choices XML
installer -allowUntrusted -applyChoiceChangesXML /private/tmp/Cisco/choices.xml -pkg /private/tmp/Cisco/AnyConnect.pkg -target /

## Remove files
rm -r /private/tmp/Cisco

exit 0

 

I am in the same boat as OP, but this did not work for me. All my files are in /private/tmp/CiscoInstall and that's how it is built in Composer. I used the "Apply permissions to all enclosed items" with root/wheel and 1777 permissions from the parent folder (/private) down in Composer. I've checked and double-checked my script for typos and every time, I get a nearly identical error as OP: PackageKit: Error Domain=NSPOSIXErrorDomain Code=2 "No such file or directory"

I swear it has something to do with "Temporarily excluding: /Applications, /Library, /System, /bin, /private, /sbin, /usr" but it seems others get that and it works for them.

I wasn't using -allowUnstrusted before. So, I tried that, but it didn't make a difference for me. When this fails, I will copy and paste the same exact command into Terminal, run with sudo in front, and it works no problem. So, the paths are right. SIP should not be a problem. I can't figure out why I keep getting "no such file or directory" except maybe because /private is excluded temporarily, just before the script runs for some reason. It is as if the root/wheel permission is not being applied to the postinstall script. Here is mine that is simplified for troubleshooting the install:

 

#!/bin/zsh

# Run the PKG with selections from csc_choices.xml (VPN only) to install the selected modules

installer -allowUntrusted -applyChoiceChangesXML /private/tmp/CiscoInstall/csc51565_choices_Jay1.xml -pkg /private/tmp/CiscoInstall/CiscoSecureClient.pkg -target /

 


Any ideas?

Here's a bit more of the log:

2024-10-04 16:16:17-07 Jays-MacBook-Pro installd[840]: PackageKit: Shoving /Library/InstallerSandboxes/.PKInstallSandboxManager/35DBFBC3-0E99-4C39-8DEA-39E75963C02A.activeSandbox/Root (1 items) to /
2024-10-04 16:16:17-07 Jays-MacBook-Pro install_monitor[2181]: Temporarily excluding: /Applications, /Library, /System, /bin, /private, /sbin, /usr
2024-10-04 16:16:17-07 Jays-MacBook-Pro installd[840]: PackageKit (package_script_service): Preparing to execute script "./postinstall" in /private/tmp/PKInstallSandbox.fPvtyZ/Scripts/ciscosecureclient51565.opHsGJ
2024-10-04 16:16:17-07 Jays-MacBook-Pro package_script_service[1907]: PackageKit: Preparing to execute script "postinstall" in /tmp/PKInstallSandbox.fPvtyZ/Scripts/ciscosecureclient51565.opHsGJ
2024-10-04 16:16:17-07 Jays-MacBook-Pro package_script_service[1907]: Set responsibility to pid: 2177, responsible_path: /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer
2024-10-04 16:16:17-07 Jays-MacBook-Pro package_script_service[1907]: PackageKit: Executing script "postinstall" in /tmp/PKInstallSandbox.fPvtyZ/Scripts/ciscosecureclient51565.opHsGJ
2024-10-04 16:16:17-07 Jays-MacBook-Pro package_script_service[1907]: PackageKit: Error Domain=NSPOSIXErrorDomain Code=2 "No such file or directory"
2024-10-04 16:16:17-07 Jays-MacBook-Pro package_script_service[1907]: PackageKit: Failed task attributes: {
NSFileAppendOnly = 0;
NSFileCreationDate = "2024-10-04 23:12:03 +0000";
NSFileExtendedAttributes = {
"com.apple.TextEncoding" = {length = 15, bytes = 0x7574662d383b313334323137393834};
};
NSFileExtensionHidden = 0;
NSFileGroupOwnerAccountID = 0;
NSFileGroupOwnerAccountName = wheel;
NSFileHFSCreatorCode = 0;
NSFileHFSTypeCode = 0;
NSFileImmutable = 0;
NSFileModificationDate = "2024-10-04 23:12:03 +0000";
NSFileOwnerAccountID = 0;
NSFileOwnerAccountName = root;
NSFilePosixPermissions = 493;
NSFileProtectionKey = NSFileProtectionCompleteUntilFirstUserAuthentication;
NSFileReferenceCount = 1;
NSFileSize = 274;
NSFileSystemFileNumber = 598904;
NSFileSystemNumber = 16777220;
NSFileType = NSFileTypeRegular;
}
2024-10-04 16:16:17-07 Jays-MacBook-Pro package_script_service[1907]: Responsibility set back to self.
2024-10-04 16:16:17-07 Jays-MacBook-Pro install_monitor[2181]: Re-included: /Applications, /Library, /System, /bin, /private, /sbin, /usr
2024-10-04 16:16:18-07 Jays-MacBook-Pro installd[840]: PackageKit: releasing backupd

ITTN
New Contributor III

hey @aparten 

Thanks so much for providing the above script i finally tasted success by running it however if you can assist on how to embed profiles.xml in the script i would really appreciate that . 

ITTN
New Contributor III

Also how can i run the same script for other computers , this has worked like a charm on local computer but path is not valid for other computer through jamf policy. please assist as i am super excited to get over it completely. Thanks in advance