Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
418
Views
0
Helpful
1
Replies

CSCwf38793 - ENH: Make the CSC installer for MacOS deployable Intune

Schwedti
Level 1
Level 1

‎07-02-2024 07:29 AM

We've tried the mentioned workaround and downloaded the "cisco-secure-client-macos-5.1.4.74-webdeploy-k9.pkg" to get the individual module installer for AnyConnect. Even opening this pkg is failing with "(com.apple.installer.pagecontroller-Fehler -1.)". Also, unpacking via "xar -xf cisco-secure-client-macos-5.1.4.74-webdeploy-k9.pkg" fails.

Someone found a workaround to only deploy the AnyConnect module via Intune?

Labels:
0 Helpful
1 Reply 1

Peter Davis
Cisco Employee
Cisco Employee

‎07-30-2024 08:35 AM - edited ‎07-30-2024 08:38 AM

The information in this bug ID was inaccurate. We have updated the bug ID with accurate information, but it may take a day or two for this information to show up publicly.

 

CSCwf38793

InTune/MDM deployment failure due to incorrect use of predeploy pkg after moving to 5.1 client 

Symptom:

Customers who were incorrectly using the pre-deploy pkg of Secure Client as part of EMM / MDM configurations find that the setup no longer installs "Successfully" with version 5.1. The pre-deploy package will "Fail" to deploy with a silent installation process. The root cause for this is a known limitation of the 5.1 installer where the Duo module (used only for ZTA) does not presently support silent installation. This particular limitation will be resolved, but the linked cases uncovered that customers were setting up EMM / MDM scripted deployments incorrectly and resulting in modules being deployed to their endpoints which are not actually in use in their environments. The correct way to EMM/MDM script is to extract the individual module installers from the web deploy image (this is actually a zip file even though it has a pkg extension). The desired individual modules to install are located in the binaries directory in that zip file, the core installation package is mandatory. The way that customers who ran in this issue were doing their deployment, they were accidentally installing modules on endpoints which they were not using in their environments because there was no control over what was actually installed since this package was never intended to be used for this purpose.

Conditions:

Secure Client 5.1 Pre-deploy package macOS Silent install, i.e. triggered by EMM / MDM.

Root cause: Incorrect setup chosen by customers for EMM/DMM deployments. Duo module (used only with ZTA) does not presently support silent installation and isn't required by these customers. Method being used to install for these customers was causing numerous modules to be deployed to endpoints which were not in use in their environment.

Note: Even in the Web-deploy package, the Duo module for ZTA does not support a silent installation, but the customers who hit this particular issue were not intending to install this module.

Workaround:

Customers are supposed to extract individual module installers from the Cisco Secure Client/AnyConnect macOS webdeploy package (it has a pkg extension, but it is a zip file and should be renamed .zip to obtain the correct module binaries). The correct installation files for the desired modules are in the binaries sub directory of the web-deploy (zip) file. As long as the Duo module is not installed, which is only used for ZTA, the other modules all support silent installation and can be used with EMM/MDM deployment.

0 Helpful
Customers Also Viewed These Support Documents