System Extension app-group entitlement issue

I am trying to run a Network System Extension (Packet Tunnel) that is successfully running as MAS Network Extension, but I'm facing a problem that neither app nor sysex gets app-group entitlement. Probably because of that my sysex can't find keychain items saved by the app.

taskgated-helper  ConfigurationProfiles  Unsatisfied entitlements: com.apple.security.application-groups

I have app-groups configured in xcode for both targets, but provisioning profiles doesn't include them even though I have them selected on app ID's.

I'm also getting a bunch of Security errors and NetworkExtension for some reason reports "Signature check failed: invalid signature (code or signature have been modified)"

default 17:34:48.935971+0300 sysextd sysextd Extension point confirmed that extension com.company.appAbc.PacketTunnel-OpenVPN is runnable.
default 17:34:58.929349+0300 AppAbc Security Adding securityd connection to pool, total now 3
default 17:35:06.957159+0300 AppAbc NetworkExtension Saving configuration AppAbc with existing signature (null)
default 17:35:07.168468+0300 AppAbc NetworkExtension Successfully saved configuration AppAbc
default 17:35:07.192204+0300 AppAbc NetworkExtension Received a com.apple.neconfigurationchanged notification with token 38
default 17:35:07.308162+0300 AppAbc NetworkExtension Saving configuration AppAbc with existing signature {length = 20, bytes = 0xa032bdd71140be2af6788e2dc77930a115c17b25}
default 17:35:07.329977+0300 AppAbc NetworkExtension Received a com.apple.neconfigurationchanged notification with token 38
default 17:35:07.330511+0300 AppAbc NetworkExtension Successfully saved configuration AppAbc
default 17:35:07.336086+0300 AppAbc NetworkExtension Saving configuration AppAbc with existing signature {length = 20, bytes = 0x45e64b4ed5b0a1ad6061e3ba5cc05dddd003cd52}
default 17:35:07.382735+0300 AppAbc NetworkExtension Received a com.apple.neconfigurationchanged notification with token 38
default 17:35:07.383265+0300 AppAbc NetworkExtension Successfully saved configuration AppAbc
default 17:35:07.518667+0300 taskgated-helper ConfigurationProfiles allowing entitlement(s) for com.company.appAbc.PacketTunnel-OpenVPN due to provisioning profile (isUPP: 1)
error 17:35:07.526352+0300 taskgated-helper ConfigurationProfiles com.company.appAbc.PacketTunnel-OpenVPN: Unsatisfied entitlements: com.apple.security.application-groups
error 17:35:07.526380+0300 taskgated-helper ConfigurationProfiles Disallowing: com.company.appAbc.PacketTunnel-OpenVPN
default 17:35:08.781878+0300 secinitd secinitd com.company.appAbc.PacketTunnel-OpenVPN[95856]: root path for bundle "" of main executable ""
default 17:35:09.165083+0300 secinitd secinitd com.company.appAbc.PacketTunnel-OpenVPN[95856]: AppSandbox request successful
default 17:35:09.240267+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337
default 17:35:09.251136+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3
default 17:35:09.253611+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.255763+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.259015+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337
default 17:35:09.263010+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3
default 17:35:09.267611+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.270637+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.273530+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337
default 17:35:09.277920+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3
default 17:35:09.283042+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.291778+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.296948+0300 com.company.appAbc.PacketTunnel-OpenVPN Security Adding securityd connection to pool, total now 1
default 17:35:09.296956+0300 com.company.appAbc.PacketTunnel-OpenVPN Security got event: Connection invalid
default 17:35:09.297116+0300 com.company.appAbc.PacketTunnel-OpenVPN Security Failed to talk to secd after 4 attempts.
default 17:35:09.297573+0300 com.company.appAbc.PacketTunnel-OpenVPN Security using system preferences
default 17:35:09.299722+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337
default 17:35:09.303518+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3
default 17:35:09.305860+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.308235+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337
default 17:35:09.310523+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3
default 17:35:09.314336+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.318363+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.320930+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337
default 17:35:09.323378+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3
default 17:35:09.325901+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.328656+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.332580+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337
default 17:35:09.346565+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3
default 17:35:09.352010+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.354244+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.356355+0300 com.company.appAbc.PacketTunnel-OpenVPN Security Failed to talk to secd after 4 attempts.
default 17:35:09.356903+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337
default 17:35:09.360582+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3
default 17:35:09.364850+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:09.368221+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CMSDecoderCopySignerStatus failed with kCMSSignerInvalidSignature error (3)
default 17:35:09.368253+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -67061
default 17:35:09.369765+0300 com.company.appAbc.PacketTunnel-OpenVPN NetworkExtension Signature check failed: invalid signature (code or signature have been modified)
default 17:35:09.533751+0300 com.company.appAbc.PacketTunnel-OpenVPN NetworkExtension [Extension com.company.appAbc]: Calling startTunnelWithOptions with options 0x7fb447a0c640
default 17:35:09.636368+0300 kernel Sandbox Sandbox: 7 duplicate reports for com.company.appA deny(1) file-write-data /private/var/db/mds/system/mds.lock
default 17:35:13.275423+0300 com.company.appAbc.PacketTunnel-OpenVPN NetworkExtension [Extension com.company.appAbc]: provider set tunnel configuration to (null)
default 17:35:13.298472+0300 com.company.appAbc.PacketTunnel-OpenVPN NetworkExtension [Extension com.company.appAbc]: provider set tunnel configuration to
  { ... }
default 17:35:13.760461+0300 com.company.appAbc.PacketTunnel-OpenVPN CoreFoundation Attempting to add source to main runloop, but the main thread has exited. This message will only log once. Break on _CFRunLoopError_MainThreadHasExited to debug.
default 17:35:14.230487+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337
default 17:35:14.236639+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3
default 17:35:14.244544+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:14.249541+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR
default 17:35:14.300451+0300 com.company.appAbc.PacketTunnel-OpenVPN NetworkExtension [Extension com.company.appAbc]: provider set tunnel configuration to (null)
error 17:35:14.315789+0300 com.company.appAbc.PacketTunnel-OpenVPN CocoaLumberjack [Error] [openvpn-adapter.connection] [AAOpenVPNPacketTunnelProvider.swift:304] openVPNAdapter(_:handleError:) > [OVPN] Did recieve fatal error:
  Error Domain=me.ss-abramchuk.openvpn-adapter.error-domain Code=70 "Failed to establish connection with OpenVPN server" UserInfo={NSLocalizedDescription=Failed to establish connection with OpenVPN server, me.ss-abramchuk.openvpn-adapter.error-key.message=ClientState::attach() can only be called once per ClientState instantiation, me.ss-abramchuk.openvpn-adapter.error-key.fatal=true, NSLocalizedFailureReason=Unknown error.}
error 17:35:14.326776+0300 com.company.appAbc.PacketTunnel-OpenVPN CocoaLumberjack [Error] [openvpn-adapter.connection] [AAPacketTunnelProvider.swift:68] cancelTunnelWithError(_:) > Canceling tunnel due to the error:
  Error Domain=me.ss-abramchuk.openvpn-adapter.error-domain Code=70 "Failed to establish connection with OpenVPN server" UserInfo={NSLocalizedDescription=Failed to establish connection with OpenVPN server, me.ss-abramchuk.openvpn-adapter.error-key.message=ClientState::attach() can only be called once per ClientState instantiation, me.ss-abramchuk.openvpn-adapter.error-key.fatal=true, NSLocalizedFailureReason=Unknown error.}
default 17:35:14.351120+0300 com.company.appAbc.PacketTunnel-OpenVPN NetworkExtension [Extension com.company.appAbc]: IPC detached
default 17:35:14.357134+0300 AppAbc NetworkExtension Last disconnect error for AppAbc changed from "none" to "Failed to establish connection with OpenVPN server"