Mac OS: new SM agent installs non-functional

Solved
MumenRider
Here to help

Mac OS: new SM agent installs non-functional

Hey everyone, as of a few days ago it appears new installations of the SM agent on Mac OS (High Sierra is the only ver. I've tested) are failing to sync to Meraki.  I have DEP iMacs and upon installation of the profiles, the agent appears to install correctly.  Manual agent installation also, when tested, completes successfully and the device appears in the Dashboard.

 

However, full device details to not sync, and features requiring the Agent (like app installs, power control etc.) are not available.  After creating a support case and investigating the logs, this SSL error below was pointed out as a likely culprit.  The next day when I called back to discuss the case, the engineer said it was evidently a known issue and was being escalated to the development team, ETA unknown.

 

Does this sound familiar to any other Mac users here?  Is anyone familiar with this SSL error perhaps in another context?  Whatever this is, it's not impacting clients (on the same network) that already have the SM agent installed.

 

Thanks!

 

2018-10-01 04:30:06.658777 [0x700002707000]: TunClient::connect_to_proxy(), BIO_do_connect() = 1
2018-10-01 04:30:06.658813 [0x700002707000]: TunClient::connect_to_proxy(), BIO_do_connect success
2018-10-01 04:30:06.658924 [0x700002707000]: TunClient::connect_to_proxy(), going to SSL_connect()
2018-10-01 04:30:06.658976 [0x700002707000]: TunClient::connect_to_proxy() [localhost:14], SSL_get_error returned 5
sigpipe_handle
2018-10-01 04:30:06.658991 [0x700002707000]: TunClient::connect_to_proxy() [localhost:14], r < 0, ERR_get_error = 0
2018-10-01 04:30:06.659023 [0x7fffaef95380]: ConnTracker::has_pulse()
2018-10-01 04:30:06.659059 [0x700002707000]: TunClient::connect_to_proxy() [localhost:14], r < 0, errno = 32
2018-10-01 04:30:06.659084 [0x7fffaef95380]: ConnTracker::has_pulse(), _has_pulse_last_stamp is fresh; returning true
2018-10-01 04:30:06.659103 [0x700002707000]: TunClient::connect_to_proxy() [localhost:14], unexpected SSL error 5 after SSL_connect() returned -1
2018-10-01 04:30:06.659142 [0x700002707000]: TunClient::do_backoff() sleeping 11:698

1 Accepted Solution
jared_f
Kind of a big deal

You guys are not the only one seeing this problem. Things are just becoming ridiculous with Meraki. We don't have plenty of Mac devices, but a decent amount of iOS. Jamf is sounding better and better each day for out use case even though it comes with a hefty price tag. I understand bugs; but the amount of them is ridiculous and support's response is either a sham work around or to submit a wish. Why bother updating the SM UI when other features are needed and the community shows interests in them? For example, the automated naming of iOS devices based on a users directory username has been a feature that has received top kudos from the community. We are responsible for rolling out a mobile clock-in/out app for employees by 1/1/19. This is going to require enrolling each users phone and pushing the application out. Reliability of this is mandatory. Ok... rant over!
Find this helpful? Click the kudos button. Thanks!

View solution in original post

29 Replies 29
BlakeRichardson
Kind of a big deal
Kind of a big deal

I have found the agent for Mac OS devices no longer works and have stopped deploying it, when I spoke to support it was suggested I use the profile instead even though they both do slightly different things. 

 

This seems to be an ongoing issue that many people in the forums have mentioned. I am guessing if support are aware that it doesn't work and nothings being done to fix it then its most likely going to be dropped at some point in the future. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
MumenRider
Here to help

Out of curiosity, without the agent, how do you accomplish remote app management on your Macs?  In our environment here, I have many in various locations and I have to keep them all on the same browser version.  Up until this week, SM was working great in that regard.

pstewart
Getting noticed

They had better not drop support for Mac ... I'll be more than upset if they do.  I have seen the same problems though as this thread is mentioning .... unfortunate.

CPMSIS
Conversationalist

I have had a case open since 9/21 about this same issue with 10.13.6 High Sierra. Dreading the move to Mojave:( When we were "upgraded" to agent v1.0.98 we started having the issue described above where despite the Meraki Console and the device event logs saying the agent installation was success, none of the live tools work.  If you push it "by hand" from  System Manager>Apps>select appropriate devices the agent will typically install and we get out Live Tools (like Remote Desktop etc) to work again. Support just keeps coming back with the same questions I have already answered earlier in the thread.  I'd say the fact that my ticket has been open for almost a month indicates that Meraki has no idea how to address this issue.   

Deks
New here

Hi,

 

I was having this problem and re-pushing the agent seems to have fixed it for me. 

 

 

From the Systems Manager/Manage/Apps page click on Meraki Systems Manager Agent,  (If you don't see it - you can add it.)

 

Select the devices you want to re-push it to, 

 

Select Install/Upgrade.  

 

Takes a little while, but I have remote desktop and other things back! 

 

Hope that helps,

 

Cheers,

 

Deks

lma
Conversationalist

Having the same problem. Pushing the agent again did not help the problem. Seems to affect both Mojaves and High Sierras. I still had the link to the older version, which I've now deployed instead. It looks more functional but e.g. remote desktop does not work (also on High Sierra: this appears not to be related to the Mojave problem)

jared_f
Kind of a big deal

You guys are not the only one seeing this problem. Things are just becoming ridiculous with Meraki. We don't have plenty of Mac devices, but a decent amount of iOS. Jamf is sounding better and better each day for out use case even though it comes with a hefty price tag. I understand bugs; but the amount of them is ridiculous and support's response is either a sham work around or to submit a wish. Why bother updating the SM UI when other features are needed and the community shows interests in them? For example, the automated naming of iOS devices based on a users directory username has been a feature that has received top kudos from the community. We are responsible for rolling out a mobile clock-in/out app for employees by 1/1/19. This is going to require enrolling each users phone and pushing the application out. Reliability of this is mandatory. Ok... rant over!
Find this helpful? Click the kudos button. Thanks!
MumenRider
Here to help

Just to close the loop on this thread, I *did* get a resolution to my issue about two weeks after opening my support case.  Meraki added a fix to 1.0.98 and after re-deploying, it worked correctly.

 

I totally agree with your rant however, so I marked it as Solution 🙂

 

 

BlakeRichardson
Kind of a big deal
Kind of a big deal

I have found many of the features that require the agent to be installed no longer work for me. I have spent thousands on Meraki SM licenses and dont seem to be getting any support with this. 

 

Either Meraki needs to commit and fix the issues with the Mac agent or drop it and refund all of the customers that use it for looking after their Macs.

 

I am at the point of having discussions with our local supplier for JAMF. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
MumenRider
Here to help

@BlakeRichardson  Fully agree.  I got past this one specific issue but have a multitude of others.  

 

  • MDM profiles randomly disappear from my Macs in the field
  • App deployment is extremely unreliable.  Every station I provision requires multiple "re-install missing" invocations and a lot of babysitting.
  • O/S updates appear broken.  Or at least, I haven't managed to update a Mac via Meraki.  Was trying today actually, to initiate Mojave update via the Dashboard (on a DEP iMac.)  Claimed "success" but nothing actually happened on the client.

With a couple hundred Macs to manage here, I too will be looking at JAMF if I don't see better support from Meraki.

Kevin_C
Meraki Employee
Meraki Employee

Hi @MumenRider

 

I am really sorry to read about your recent frustration with Mac OS enrollment.  At the end of September, we deployed a highly anticipated Agent 1.0.98 update which included a number of fixes and optimizations related to new functionality and increased stability.  Shortly thereafter, we received reports of inconsistent device check-in behavior on newly enrolled Mac OS devices -- very similar to the issue you reported.  Using the information you and others supplied in your support cases, we were able to identify and resolve an issue in the September Agent 1.0.98 build, and pushed a new build of the Agent in mid-October.

 

I noticed that you are also having a myriad of other Mac OS-related issues. If you have not already, I want to encourage you to open support cases for each problem so that our support engineers may properly log and effectively troubleshoot with you to help find you the solutions you need.  

 

-Kevin

BlakeRichardson
Kind of a big deal
Kind of a big deal

@Kevin_C Thanks for letting us know. I do have a quick question, does the agent automitcally update itself once installed?

 

Is it possible to support to post information about updates to such things in the forums. I dont know about everyone else but I get the impression that support isn't sharing as much information as users would like. 

 

Here is a link to a game developers update page, Meraki support could do something similar so that people who are following a particular issue or feature can see whats happening with it, it also creates transparency.

 

https://rust.facepunch.com/changes/ 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Kevin_C
Meraki Employee
Meraki Employee

 Hi @BlakeRichardson ,

 

Yes, the Agent should auto-update silently. 

 

Your suggestions to publicly post information about wide-ranging issues/updates are appreciated, and I will be sure to pass along the feedback.  

 

Newt
Conversationalist

Hi @Kevin_C,

 

On my Mac OS clients, the Meraki Systems Manager Agent is stuck on 1.0.95 and I'm unable to push the newer update...is there somewhere I can download it from to manually install it?

 

Thanks.

Kevin_C
Meraki Employee
Meraki Employee

Hi @Newt,  

 

There are actually two methods to download the Agent manually:

  1. Download the Agent directly from m.meraki.com after providing your unique network ID
  2. In Dashboard, under Systems Manager > Add Devices click on the appropriate platform (Windows or Mac OS) and Option B provides download links for the Agent

 

-Kevin

 

 

Newt
Conversationalist

Hi @Kevin_C,

 

Thank you for your reply.

 

I have tried both but unfortunately didn't change anything.

 

Newt.

jm_peterson
Getting noticed

@Newt Maybe you will have better luck with this approach. I followed https://documentation.meraki.com/SM/Device_Enrollment/Systems_Manager_Agent_and_MDM_Profile_Enrollme...
The silent update feature has worked on 9 machines out of roughly 800. And some of those may have been removed from the network and re-added so I cannot confirm if this worked for any of them. 

The documentation says this should work, and while I doubt its something in my configuration and not just SM not working correctly, you may have better results. 

Kevin_C
Meraki Employee
Meraki Employee

@jm_peterson @Newt

 

Also, strategically speaking, if you are managing Windows devices exclusively, you may consider deploying the new Agent to clients en masse using AD GPO rules.  If Mac OS, consider sending new installation commands from the Agent App screen in Dashboard (see image below).

 

 

2018-11-26_1042.png

 

 

jm_peterson
Getting noticed

@Kevin_C Thanks for the info. Unfortunately I have tried that approach both en masse (pushing the update to all users) and selecting users one by one and nothing updates. 

Newt
Conversationalist

Thanks @jm_peterson and @Kevin_C for your responses. However, I have had the same experience as @jm_peterson unfortunately.

jm_peterson
Getting noticed

@Kevin_C Any other suggestions? 

jm_peterson
Getting noticed

@Kevin_C 
I also have the Agent pushed to roughly 800 machines and it has silently updated a total of 9 since the update. Anything we need to do for this to work?

aws_architect
Building a reputation

Are you using SSL Decryption on your Firewalls or Umbrella ?

alexis_cazalaa
Building a reputation

same issue as @MumenRider here

Newt
Conversationalist

Hi All,

 

For me, Remote Desktop suddenly stopped working on existing SM Mac OS clients only, ranging from OS X 10.12.6 to 10.13.6. It used to work on these until around September.

 

Notably, Windows OS clients seem unaffected and I am still able to Remote Desktop into them.

 

Anyone else having similar experiences or have any suggestions? Support have just ignored when I raised a query with them.

 

Thanks.

Richard_W
A model citizen

SM Agent 3.0.1 resolves, thus far, Remote Access on Macs.

jm_peterson
Getting noticed

A mere 473 days later its good to know there is a resolution. 

Newt
Conversationalist

Does the SM Agent auto-update to the new "working" version or does it need to be re-installed?

Richard_W
A model citizen

I had an open case (over a year) on this and support (thanks) upgraded the SM Agent.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels