Hello,
Has anyone had successful deploying the Cisco Secure Client for MacOS?
I have downloaded the DMG file, used the Workspace ONE Admin Assistant to create the plist file, uploaded both as an Internal Native App and deployed to my test device, but it hangs on installing.
When checking the device logs, I am seeing the below error:
Install Failed: Error Domain=PKInstallErrorDomain Code=112 "An error occurred while running scripts from the package “Cisco Secure Client.pkg”." UserInfo={NSFilePath=./preinstall, NSURL=file:///tmp/dmg.llfqQt/Cisco%20Secure%20Client.pkg#duo_module.pkg, PKInstallPackageIdentifier=com.duosecurity.duo-device-health, NSLocalizedDescription=An error occurred while running scripts from the package “Cisco Secure Client.pkg”.} {
NSFilePath = "./preinstall";
NSLocalizedDescription = "An error occurred while running scripts from the package \U201cCisco Secure Client.pkg\U201d.";
NSURL = "file:///tmp/dmg.llfqQt/Cisco%20Secure%20Client.pkg#duo_module.pkg";
PKInstallPackageIdentifier = "com.duosecurity.duo-device-health"
Yes I have. Just created the profiles for allowing content filter and system extensions from the Cisco website. Then get the choices xml and inserted it into the plist from admin assistant to select needed modules.
This is for jamf but it may help.
https://support.umbrella.com/hc/en-us/articles/23515921165844-How-to-deploy-Cisco-Secure-Client-via-JAMF-MacOS
I don’t know if this helps with your error to be honest. Just how I did it.
Apologies for the late reply I set a reminder but forgot to post this.
We are deploying Cisco this way (not sure if this is the best approach but has worked for us)
- Cisco Secure Client 5.0.05040 package.
- Choices.xml file
- Setup.sh file
- Post Install Script
- Package Setup Image link for Cisco Secure Client Package Content
I hope this helps.
Hi MRNordsee,
Thanks for the help! Unfortunately I am still having issues. I hope you don’t mind me asking for additional details.
Just created the profiles for allowing content filter and system extensions from the Cisco website
As far as I am aware, I have set this up correctly, but when I run systemextensionsctl list
it’s not returning any results. I am not sure if it should show the extension only after the application has been installed. I am also not sure if this should be blocking the installation right away.
Then get the choices xml and inserted it into the plist from admin assistant to select needed modules
How are you inserting the choices XML into the plist? Are you copying the dictionary values from the array of the choices XML into the the array of the plist? Are you leaving the already generated dictionary values in the array?
Also, are you using the dmg that you downloaded from cisco for the Workspace ONE Admin Assistant tool or the ‘csc-read.dmg’ that was generated from the guides to produce the choices.xml and has the choices.xml in the folder structure?
Also, just to clarify, I have tried a lot of the combinations above without success, but may be missing another step still. Also, I am looking to ideally just install the VPN client, so I did nothing with the umbrella part of the steps in the shared guides.
Thanks again for you time and I apologize, I am new to WS1 and MacOS
Hi! Thanks for sharing your solution, but I was able to setup it up correctly with the help of MRNordsee in this thread
I just share my Settings here. I hope this will help you. This will just install the VPN Client.
Note that this contains uninstall script as well. I was new a couple of month as well 
WS1 App Info: https://pastebin.com/5L1AHfXV
Autostart Profil: https://pastebin.com/0YpdKrY3
System ext and Content Filter: https://imgur.com/a/rCf8yga
systemextensionsctl list will display the Extention when its installed. (As far as i know i didnt test it)
I Add the Choices XML as a new key to the genarated XML. You can look at my post.
Details from Munki: https://github.com/munki/munki/wiki/ChoiceChangesXML
i just use the PreDeploy.dmg that is in the Admin Assist folder.
Hope you are all clear now.
Thanks again!
I was running into failures still, but noticed that it was failing right away and I couldn’t see anymore attempts of the install in the logs for a while now. I did some more digging in to the logs and found the cache location and removed the files there and the install completed! So it might have been working before, but just the cache needed to be cleared.
However, the AnyConnect VPN Service
under Login Items
is not enabling itself still. I presume this was supposed to be done through the system extension profile, but I suppose it still isn’t set correctly for whatever reason.
I also noticed that the configuration screens in your screenshots look different in mine. In fact, I have extra fields like Socket Filter Bundle ID
, Socket Requirement
and a toggle for Filter Network Packets
under Content Filter
.
Did you create two separate WS1 Profiles for the System extensions and Content Filters? I wonder if that can play a factor.
Hi bro, Can you pls share again WS1 App Info and Autostart Profil please 
I have done this in one profile. But should work in two profiles as well. Just needs to be installed before the software.
It looks different because I have a on-premise environment. The settings where reworked for macOS but not (yet) published there.
Alright! Found the solution!
I had setup a Login and Background Items
profile like suggested in this reddit thread, but had no success using BundleIdentifierPrefix
as the Rule Type
and instead used TeamIdentifier
and it worked!