Failed to enable the Network Extension

Question

Created 3w

Replies 3

Boosts 1

Participants 2

In my application, there is a Network Extension with the bundle ID com.***.agent.yyy.zzz.ne. There is a user upgraded their system to macOS Sequoia 15.3, they faced an issue where enabling this Network Extension failed. Even after uninstalling the application and the Network Extension, restarting the system, and reinstalling multiple times, the enabling process still failed. it alert: Failed to enable the Network Extension.

When checking the status via "systemextension list", it always shows "activated waiting for user".

This shows the normal enabling process log:

This shows the log when the enabling fails upon clicking. Strangely enough, there is no activation operation log when it fails. What could be the problem?

Boost

Answer 1

GreyLuo OP

3w

Only this one user is experiencing this strange issue .
When clicking the switch to enable the Network Extension, the window for entering the password doesn't even pop up.

could you please tell me how to troubleshoot it ?

0

Answer 2

GreyLuo OP

3w

This is error that filter "Extension":

2025-02-08 15:44:18.191 Df authd[197:18d4f] [com.apple.Authorization:authd] Failed to authorize right 'com.apple.system-extensions.admin' by client '/System/Library/ExtensionKit/Extensions/SettingsSystemExtensionController.appex' [3006] for authorization created by '/System/Library/ExtensionKit/Extensions/SettingsSystemExtensionController.appex' [3006] (3,0) (-60005) (engine 86) 2025-02-08 15:44:18.191 E SettingsSystemExtensionController[3006:603e] [com.apple.sx:Controller] Failed to allow changes for <private> : Error Domain=OSSystemExtensionErrorDomain Code=1 "" UserInfo={NSLocalizedDescription=}

0

Answer 3

DTS Engineer OP

Apple

3w

That -60005 error is errAuthorizationDenied. Is there any chance they’ve changed how com.apple.system-extensions.admin is set up? What does the following show?

% security authorizationdb read com.apple.system-extensions.admin | plutil -p -
…
{
  "class" => "rule"
  "comment" => "Authorize a 3rd party application which wants to manipulate system extensions."
  "created" => 723599790.4667161
  "modified" => 723599790.4667161
  "rule" => [
    0 => "authenticate-admin-nonshared"
  ]
  "version" => 0
}

Also change the rule to which it delegates:

% security authorizationdb read authenticate-admin-nonshared | plutil -p -     
…
{
  "allow-root" => 0
  "authenticate-user" => 1
  "class" => "user"
  "comment" => "Authenticate as an administrator."
  "created" => 723599790.4667161
  "group" => "admin"
  "modified" => 723599790.4667161
  "session-owner" => 0
  "shared" => 0
  "timeout" => 30
  "tries" => 10000
  "version" => 1
}

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0