Failed to start extension (Packet Tunnel Provider)

Question

roee84 OP

Created Dec ’18

Replies 1

Boosts 0

Views 1.1k

Participants 1

I got a weird case regarding my VPN app for MacOS, which is kind of rare but I can reproduce it.

Sometime I can see those messages at the Console:

com.myCompany.myApp: Unsatisfied entitlements: com.apple.security.application-groups
Disallowing: com.myCompany.myApp

SandboxViolation: suggestd(507) deny file-read-data /private/var/db/mds/messages/501/se_SecurityMessages
Violation:       deny file-read-data /private/var/db/mds/messages/501/se_SecurityMessages

Hub connection error Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.myCompany.myAppExtension" UserInfo={NSDebugDescription=connection to service named com.myCompany.myAppExtension}

And my client won't connect.

It seems that it's happening on OS 10.12 but not on OS 10.14.

So I have 2 questions:

1. How can I solve it? I don't know if it's related to application-groups somehow, but I read that maybe I need to use team ID and not $(TeamIdentifierPrefix) but I don't know if it's correct..

2. How can I get this error from the app? because the app is stuck at the "Connecting" stage, and I can't display any error to the user..

Boost

Answer 1

roee84 OP

Dec ’18

Adding more info I see at the Console:

CPValidateProvisioningDictionariesExtViaBridge returned invalid result: {
    success = 0;
}

Soft-restriction provisioning profile validation failure: No matching provisioning profile

Unsatisfied entitlements key is not type CFString, this should not happen.

Provisioning Profile does not provision soft-restricted entitlements.

MacOS error: -67050

#I CSIAppInfo.ApplicationActivationObserver: handleLSNotitifcation_sync: Application launched:

Then those repeat a lot of times:

cert[2]: AnchorTrusted =(leaf)[force]> 0

MacOS error: -67050

and then this error

attempt to write to a container /var/root/Library/Group Containers/myGroupId.group that does not yet exist. Using client-provided container path without resolving symlinks.

The point is that the VPN works just fine. Then I quit the app at a certain view, and when I reopen the app and try to connect, I get those msgs.. So is it OS bug? (not happens on OS 10.14), is it related to the provision profile (which is weird, because I can use the VPN before I'm causing this)? Or maybe it's related to the $(TeamIdentifierPrefix) ?

0