Unable to install SSLVPN client on Mac OS High Sierra
search cancel

Unable to install SSLVPN client on Mac OS High Sierra

book

Article ID: 339243

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

When trying to install SSLVPN client on Mac OS High Sierra, the following error messages are observed:

 
  • /opt/sslvpn-plus/naclient/signed_kext/tap.kext failed to load - (libkern/kext) system policy prevents loading; check the system/kernel logs for errors or try kextutil(8). 
Error: Could not load /opt/sslvpn-plus/naclient/signed_kext/tap.kext
 
  • installer[4571] <Debug>: install:didFailWithError:Error Domain=PKInstallErrorDomain Code=112 "An error occurred while running scripts from the package “naclient.pkg”." UserInfo={NSFilePath=./postinstall, NSURL=file://<pathtofile>/naclient.pkg, PKInstallPackageIdentifier=com.vmware.sslvpn, NSLocalizedDescription=An error occurred while running scripts from the package “naclient.pkg”.}
installer[4571] <Error>: Install failed: The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.
installer: The install failed (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.)


Environment

VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.3.x

Resolution

When the installation is first attempted a notification should pop up to allow an install, if this popup does not happen, navigate to:  System Preferences -> Security & Privacy -> Allow Notifications. This notification will last for 30 min, if it disappears the system will need to be rebooted to get the notification to re-appear (the next time the installation is attempted). 

If the installation still fails, this means that the Mac OS is not allowing the KEXT, neither asking for consent. As a workaround we can add tun tap team-id to pre-approved kext list.

Un-install any partially installed sslvpn-plus client before running the below steps.
 
1. Boot Mac in recovery mode
- Click on Apple logo at the top left of the screen.
- Select Restart.        
- Immediately hold down the "Command" and "R" keys until you see an Apple logo or spinning globe. You will see the spinning globe if the Mac is trying to start Mac OS recovery via the internet because it is unable to start from the built-in recovery system.
2. On top bar click on utilities -> terminal
3. Add "tuntap kext team id" to pre-approved list (done with the following command)
- spctl kext-consent add KS8XL6T9FZ
4. Reboot to normal mode
5. After start verify if Team-ID is seen in kext approved list (checked with the following command
- spctl kext-consent list (should show above added team id)
6. Install the client package

If the above procedure fails, then contact VMware support and reference this article. 

Additional Information

The fix for this issue will be released with NSX 6.3.7 and NSX 6.4.5



Attachments

sslvpn_installation.tar get_app