Hey everyone, as of a few days ago it appears new installations of the SM agent on Mac OS (High Sierra is the only ver. I've tested) are failing to sync to Meraki. I have DEP iMacs and upon installation of the profiles, the agent appears to install correctly. Manual agent installation also, when tested, completes successfully and the device appears in the Dashboard.
However, full device details to not sync, and features requiring the Agent (like app installs, power control etc.) are not available. After creating a support case and investigating the logs, this SSL error below was pointed out as a likely culprit. The next day when I called back to discuss the case, the engineer said it was evidently a known issue and was being escalated to the development team, ETA unknown.
Does this sound familiar to any other Mac users here? Is anyone familiar with this SSL error perhaps in another context? Whatever this is, it's not impacting clients (on the same network) that already have the SM agent installed.
2018-10-01 04:30:06.658777 [0x700002707000]: TunClient::connect_to_proxy(), BIO_do_connect() = 1
2018-10-01 04:30:06.658813 [0x700002707000]: TunClient::connect_to_proxy(), BIO_do_connect success
2018-10-01 04:30:06.658924 [0x700002707000]: TunClient::connect_to_proxy(), going to SSL_connect()
2018-10-01 04:30:06.658976 [0x700002707000]: TunClient::connect_to_proxy() [localhost:14], SSL_get_error returned 5
2018-10-01 04:30:06.658991 [0x700002707000]: TunClient::connect_to_proxy() [localhost:14], r < 0, ERR_get_error = 0
2018-10-01 04:30:06.659023 [0x7fffaef95380]: ConnTracker::has_pulse()
2018-10-01 04:30:06.659059 [0x700002707000]: TunClient::connect_to_proxy() [localhost:14], r < 0, errno = 32
2018-10-01 04:30:06.659084 [0x7fffaef95380]: ConnTracker::has_pulse(), _has_pulse_last_stamp is fresh; returning true
2018-10-01 04:30:06.659103 [0x700002707000]: TunClient::connect_to_proxy() [localhost:14], unexpected SSL error 5 after SSL_connect() returned -1
2018-10-01 04:30:06.659142 [0x700002707000]: TunClient::do_backoff() sleeping 11:698
Solved! Go to Solution.
I have found the agent for Mac OS devices no longer works and have stopped deploying it, when I spoke to support it was suggested I use the profile instead even though they both do slightly different things.
This seems to be an ongoing issue that many people in the forums have mentioned. I am guessing if support are aware that it doesn't work and nothings being done to fix it then its most likely going to be dropped at some point in the future.
Out of curiosity, without the agent, how do you accomplish remote app management on your Macs? In our environment here, I have many in various locations and I have to keep them all on the same browser version. Up until this week, SM was working great in that regard.
They had better not drop support for Mac ... I'll be more than upset if they do. I have seen the same problems though as this thread is mentioning .... unfortunate.
I have had a case open since 9/21 about this same issue with 10.13.6 High Sierra. Dreading the move to Mojave:( When we were "upgraded" to agent v1.0.98 we started having the issue described above where despite the Meraki Console and the device event logs saying the agent installation was success, none of the live tools work. If you push it "by hand" from System Manager>Apps>select appropriate devices the agent will typically install and we get out Live Tools (like Remote Desktop etc) to work again. Support just keeps coming back with the same questions I have already answered earlier in the thread. I'd say the fact that my ticket has been open for almost a month indicates that Meraki has no idea how to address this issue.
I was having this problem and re-pushing the agent seems to have fixed it for me.
From the Systems Manager/Manage/Apps page click on Meraki Systems Manager Agent, (If you don't see it - you can add it.)
Select the devices you want to re-push it to,
Takes a little while, but I have remote desktop and other things back!
Hope that helps,
Having the same problem. Pushing the agent again did not help the problem. Seems to affect both Mojaves and High Sierras. I still had the link to the older version, which I've now deployed instead. It looks more functional but e.g. remote desktop does not work (also on High Sierra: this appears not to be related to the Mojave problem)
Just to close the loop on this thread, I *did* get a resolution to my issue about two weeks after opening my support case. Meraki added a fix to 1.0.98 and after re-deploying, it worked correctly.
I totally agree with your rant however, so I marked it as Solution 🙂
I have found many of the features that require the agent to be installed no longer work for me. I have spent thousands on Meraki SM licenses and dont seem to be getting any support with this.
Either Meraki needs to commit and fix the issues with the Mac agent or drop it and refund all of the customers that use it for looking after their Macs.
I am at the point of having discussions with our local supplier for JAMF.
@BlakeRichardson Fully agree. I got past this one specific issue but have a multitude of others.
With a couple hundred Macs to manage here, I too will be looking at JAMF if I don't see better support from Meraki.
I am really sorry to read about your recent frustration with Mac OS enrollment. At the end of September, we deployed a highly anticipated Agent 1.0.98 update which included a number of fixes and optimizations related to new functionality and increased stability. Shortly thereafter, we received reports of inconsistent device check-in behavior on newly enrolled Mac OS devices -- very similar to the issue you reported. Using the information you and others supplied in your support cases, we were able to identify and resolve an issue in the September Agent 1.0.98 build, and pushed a new build of the Agent in mid-October.
I noticed that you are also having a myriad of other Mac OS-related issues. If you have not already, I want to encourage you to open support cases for each problem so that our support engineers may properly log and effectively troubleshoot with you to help find you the solutions you need.
@Kevin_C Thanks for letting us know. I do have a quick question, does the agent automitcally update itself once installed?
Is it possible to support to post information about updates to such things in the forums. I dont know about everyone else but I get the impression that support isn't sharing as much information as users would like.
Here is a link to a game developers update page, Meraki support could do something similar so that people who are following a particular issue or feature can see whats happening with it, it also creates transparency.
Hi @BlakeRichardson ,
Yes, the Agent should auto-update silently.
Your suggestions to publicly post information about wide-ranging issues/updates are appreciated, and I will be sure to pass along the feedback.
On my Mac OS clients, the Meraki Systems Manager Agent is stuck on 1.0.95 and I'm unable to push the newer update...is there somewhere I can download it from to manually install it?
There are actually two methods to download the Agent manually:
@Newt Maybe you will have better luck with this approach. I followed https://documentation.meraki.com/SM/Device_Enrollment/Systems_Manager_Agent_and_MDM_Profile_Enrollme...
The silent update feature has worked on 9 machines out of roughly 800. And some of those may have been removed from the network and re-added so I cannot confirm if this worked for any of them.
The documentation says this should work, and while I doubt its something in my configuration and not just SM not working correctly, you may have better results.
@Kevin_C Thanks for the info. Unfortunately I have tried that approach both en masse (pushing the update to all users) and selecting users one by one and nothing updates.
I also have the Agent pushed to roughly 800 machines and it has silently updated a total of 9 since the update. Anything we need to do for this to work?
For me, Remote Desktop suddenly stopped working on existing SM Mac OS clients only, ranging from OS X 10.12.6 to 10.13.6. It used to work on these until around September.
Notably, Windows OS clients seem unaffected and I am still able to Remote Desktop into them.
Anyone else having similar experiences or have any suggestions? Support have just ignored when I raised a query with them.