Installation of SSL VPN problem

Hi all

I am setting up a SSL VPN on our ASA 5510 using the Secure Mobility client. After working through several problems, I was able to get the test server to download and install the Linux client, and he says that it is connected. When I try to ping any server in the LAN, however, the first ping is responded to and the rest of out time. On the firewall, I see a stream of errors like this:

October 11, 2014

16:12:58

SRV1

172.16.40.185

Refuse icmp incoming outside CBC: SRV1 outside dst: 172.16.40.185 (type 0, code 0)

split tunneling seems to work fine, I can access the Internet yet, but any attempt to reach a server in the LAN will expire.

Now I have had this before working with a Windows and a Mac client, but removed this configuration and (I thought) completely recreated when I updated the anyconnect images to include an image of linux. Now I get this same problem with all 3 platforms.

Can anyone advise me on what I may be missing or that I can provide to diagnose the problem?

ASA is running v8.2 (5)

I followed this guide to set up: http://www.techrepublic.com/blog/data-center/eight-easy-steps-to-cisco-a...

Thank you!

Ok thank you.

If your clients are assigned addresses of:

mask 172.16.40.185 - 172.16.40.190 255.255.252.0 IP local pool VPNTestPool

You have exempted from this pool of NAT with the last entry in your acl sheep:

access-list sheep extended permits all ip 172.16.40.184 255.255.255.248

A potential problem I see is that the pool is a subnet dug into your internal network:

IP 172.16.40.2 255.255.252.0

The ASA believe hosts on this subnet to be connected, and your heart can be confused on the way forward.

In addition, I don't see where you set the

 sysopt connection permit-vpn

.. .command recommended in the configuration guide you followed.

Also. in the first packet - trace, the source for client VPN traffic must be outside, not inside.

Tags: Cisco Security

Similar Questions

SSL VPN problems with Internet Explorer

Well, first of all, you need 64-bit to run Internet Explorer web based VPN devices in the SA500 series (we use SA540). After that we thought that out, we cannot always past SSL VPN Client install on client computers. It keeps reloading the Web page or simply nothing at all. Any ideas?

In addition, that the CA guys do you use SSL VPN? GoDaddy certificates are not compatible, as I just discovered the hard way.

Hi Qasim,

The question seems to be more localized with windows blocks everything. I actually spent much time working on this yesterday to finally make it work with a 64 bit vista and a window 7 64 bit machines.

The few details that I did have some success;

Tools-> Internet Options-> security-> trust Sites
- Move down
- Disable protected mode
- Click sites, and then add the SSL VPN page to become a member of trust
- When adding the trusted site, uncheck 'require a server secure for all sites in this zone.
Tools-> Internet Options-> Advanced-> Security section
- Select "Allow downloads to run or install even if the signature is not valid"
In addition, you must download Microsoft Visual C++ Distribution 2010 and ensure that you are running the latest version of Java.

These are the things I had to do to allow Windows to allow me to connect. I hope it has some help for you.

-Tom

Download of documents via SSL VPN problems

Hello

We have customers from downloading documents (usually less than 3 MB in size from PDF files) to a web (using http only) interface on an internal web server. They customers are using the latest version of AnyConnect for windows and connecting to an ASA5510 running the latest firmware of 8.3. They connect from their home network on a cable or DSL connection.

I disabled the detection of threats and you don't see anything blocked by the firewall. What are our user seems to work perfectly.

I ran a packet capture with wireshark and noticed a lot of packet loss. I have attached a screenshot.

Any advice would be greatly appreciated.

Is it possible that there is another cause of network problem?

Check the settings for duplex/top speed of Web server, check the errors of interface on the ports, etc. Duplicate acknowledgments are caused by lost packets, out-of-order packets, etc.

ASA SSL VPN problem with 8.2 (2)

Hello everyone,

I have a couple of ASA 5520 image 8.2 (1) running in active failover mode / standby.

A few months ago, I downloaded the 8.2 (2) on the cisco website and charge to the ASA.
After loading the new image, they called me for problems
functioning of the application of webvpn.

The web app seems to work, but in a mode of read-only, because you could not

change the content of the files.

I couldn't find a way to make it work, so I decided to downgrade to 8.2 (1).
and as I loaded it the old image, the problem disappeared.

Now I see that it is available the image 8.2 (3).
To avoid the risk of hard work I tetsted on a piece of spare 5510, and with the disappoint, I found
the problem was the same.

Everyone is facing such a problem or can suggest me how to solve?

Thanks in advance.

Marco.

Can you please provide more details about what application does not work through WebVPN interface without client? Have you tried to activate Smart Tunneling for this application?

UTM50 SSL VPN IE11 problem

I use the SSL VPN in time. I just noticed that when I tried to pass by I logged in and tap on connect, but now I get the error: virtual failure of execution of the Passage. I tried another computer that is already running IE9 and I had no problem getting in and using my office remotely over SSL.

IE11 isn't working? or what should I be looking at.
router is the latest firmware.

64-bit is IE only.

IE10 and 11 are disasters, when it comes to compatibility and how it manages Active-X controls. I'm not aware of any SSL VPN with IE10/11 suppliers.

You can try Firefox. I can get the java applet to install, but the roads do not work for me.

Contact support directly and express your concerns.

You can always use IPsec client software.

SSL VPN using ASA 5520 mode cluster - several problems

I configured 2 ASA 5520 s in the load balancing cluster mode. I connect using anyconnect and I download the customer the first time and everything works well except outlook. I don't know why outlook does not work.

The second problem is after the anyconnect client is installed on your machine, he remembers that ASA (say ASA2) he first connected and the GUI shows the address IP of ASA2 instead of the virtual IP address of the cluster. I want users always connect using the virtual IP address.

The third problem I have is there is a default group of SSL VPN and I want all users to use this group. In the initial web page, there is a drop down menu which shows that this group, but I still want to disable this menu drop-down.

Any suggestions?

To disable the drop-down menu, you can turn it off with the command

WebVPN

no activation of tunnel-group-list

This will take care of your last issue.

***************************

You can create a profile of the Anyconnect client with the name of the server you want to connect with and that make the ASA that will solve your problem of virtual IP.

**************************

Regarding Outlook, do you use specific ports which allows inspection of the ASA. Take a look at the list of inspection on the SAA and perhaps try to disable inspection and see if it works.

*****************************

SSL VPN and routing problem

Hi all

I have a strange architecture including VPN and I have a few problems that I am not able to solve:

-J' use the ssl vpn gateway to allocate internal IP addresses of the local network described in the schema (8.8.2.0 or 8.8.3.0 according to the tunnel-group network.

-The purpose is for vpn clients directly access the internal network.

This works very well if there are strictly internal communications within the network. But recently, we have installed an application that needs to access both networks. No problem, I thought, but I was wrong, there seems to be a problem of routing inherent in the architecture in place.

Let me explain the problem:

-When I access the VPN, for example I will gave the 8.8.3.5 ip address.

-Im running the application that needs to open a page on the web server, located at 8.8.2.120

-l'asa receive my tcp syn datagram and forward it directly to the directly connected interface fa0/1 (based on the routing table)

-the web server returns the response, but he sends on its default gateway which is the cisco 6509.

-6509 it sends its vlan svi 2000

- and finally the ASA it receives on its interface fa0/2 but seems he falls as she opened a tcp on fa0/1 connection and receives the response on fa0/2.

I want it's traffic by tunnel to bypass the connected roads and transmit it to a default gateway of tunnel. This would ensure that the path for the request and the response would be the same.

I would like to know if there are orders of debugging for routing decisions validate my theory?

Do you know of any response to solve this problem?

Thanks a lot for your help.

When you configure the TCP State derivation always think ' which way is the SYN package coming?

Routing failed messages always have source and destination, are of course copied the entire message?

BTW, instead of letting clients SSL addresses attributed to vlan2000? Why not give them a separate subnet and the road back via correct interface?

I would also check your config and the routing :-) table

Marcin

AnyConnect SSL VPN Split tunneling problem

Hello

We have home users that VPN in on a regular basis, but when they VPN in they cannot print locally or to connect to local resources. Is there a way to activate the split for all remote users VPN tunneling? It is not possible to add all the remote subnets, especially since I don't know which subnets are used and it would be a question of management. I noticed that when I connect to the House a new route is added to my PC, who prefers the VPN link.

I noticed one of the options with the client Anyconnect is 'enable local LAN access (if configured) '. Can I use?

Thanks in advance.

Hello

According to my understanding, you need to connect to your local printers while you are connected to the ASA via SSL VPN.

You can do this by creating a policy of exclusion of tunnel split on SAA and the local lan access on the client option, or you can use the profile AnyConnect allowing local lan access.

Please find the link below: -.

https://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a0080702992.shtml#dsfg

I hope it helps.

Thank you

Shilpa

THE SSL VPN CLIENT ERROR!

VPN concentrator running 4.7. I have to connect to the web vpn session. The SSL VPN Client installs. Message that says: "so that the SSL VPN connection is pending" and later another message appears that says "HTTP RESPONSE received from gateway SSL VPN is not valid" appears.

What is strange is that the VPN concentrator lists me as it is connected with an IP address assigned to the ACS, but I can't access anything whatsoever. BTW, no ACLs WEB or IP filters are configured for this group that would not allow me access to the network. In addition, with the same information identification and the same group, I have no problem to access the network when the client SSL VPN is not configured to be used. IE web vpn before 4.7.

Any ideas?

The "VPN SSL HTTP RESPONSE received from gateway is incorrect" message may appear if the configuration of the client of the concentrator contains over split tunneling 26 entries.

New for mapping SSL VPN ACS ASA - ASA groups

Greetings,

I am new to ASA, so any help is greatly appreciated.

I just installed and installed an ASA 5520. I installed an SSL VPN. What I'm trying to achieve is to configure profiles of different groups and different users can access various resources when they access the VPN.

Current config-

ASA 5520 v8.3

ACS 4.0

Field of Windwos 2003

I have different installation profiles in the ASA. (i.e. business Dept.) When I choose in the drop down menu, it allows me to open a session and displays the options I've chosen for this group. The problem is that I can connect in this group with any account. GBA, all windows domain users are in the default group. I guess the default group is being processed and which has hosted and user logon.

Can anyone provide a good article or tips on how to configure the ASA and the ACS for several groups of users. We have several departments that will have to get the parameters when they connect. The ACS groups are mapped to the Windows groups that correspond to each Department

Any help is greatly appreciated.

Thank you

Tim

Hello

I think that you need to activate locking group.

In order to configure Group locking, send group policy name in the attribute class 25 on the Authentication Dial - In User Service (RADIUS Remote) server and choose the group to lock the user in policy. For example, to lock the user 123 of Cisco in the RemoteGroup group, define the class of attributes 25 Internet Engineering Task Force (IETF) UO = RemotePolicy; for this user on the RADIUS server.

SSL VPN traffic

Hello

I have configured the client SSL VPN on SAA. I'm able to establish SSL VPN with the ASA and obtaining the IP address of subnet defined (CorporateVPN 172.16.0.100 - 172.16.0.110). But when I try to ping inside the property intellectual treats which is 172.16.0.1 and other machine in the range LAN getting loss of packets to the remote machine.

What could be the problem?

Below is the configuration of the SAA.

ASA Version 7.2 (1)
!
Cisco - ASA host name
test.com domain name
activate the password password
names of
DNS-guard
!
interface Ethernet0/0
Description connected to ISP
nameif outside
security-level 0
IP address "public IP".

!
interface Ethernet0/1
Shutdown
No nameif
no level of security
no ip address
!
interface Ethernet0/2
Description connected to the local network
nameif inside
security-level 100
172.16.0.1 IP address 255.255.255.0
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
nameif management
security-level 0
IP 192.168.1.1 255.255.255.0
management only
!
2KFQnbNIdI.2KYOU encrypted passwd
boot system Disk0: / asa721 - k8.bin
passive FTP mode
clock timezone GMT 3 30
management of the DNS domain-lookup service
DNS server-group DefaultDNS
Server name 203.123.165.75
test.com domain name
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
management of MTU 1500
mask 172.16.0.100 - 172.16.0.110 255.255.255.0 IP local pool CorporateVPN
IP verify reverse path to the outside interface
IP verify reverse path inside interface
no failover
ASDM image disk0: / asdm521.bin
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 1 172.16.0.0 255.255.255.0
Route outside 0.0.0.0 0.0.0.0 Gateway 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout, uauth 0:05:00 absolute
internal GroupPolicy1 group strategy
attributes of Group Policy GroupPolicy1
Protocol-tunnel-VPN IPSec l2tp ipsec webvpn
WebVPN
enable SVC
SVC Dungeon-Installer installed
time to generate a new key of SVC 30
SVC generate a new method ssl key
internal Netadmin group strategy
Group Policy attributes Netadmin
Protocol-tunnel-VPN IPSec l2tp ipsec webvpn
WebVPN
Required SVC
SVC Dungeon-Installer installed
time to generate a new key of SVC 30
generate a new key SVC new-tunnel method
dpd-interval SVC 500 customer
dpd-interval SVC 500 gateway
username cisco password encrypted privilege 15 ffIRPGpDSOJh9YLq
attributes username cisco
VPN-group-policy Netadmin
http server enable 444
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 outdoors
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
attributes global-tunnel-group DefaultWEBVPNGroup
address pool CorporateVPN
tunnel-group NetForceGroup type webvpn
attributes global-tunnel-group NetForceGroup
address (inside) CorporateVPN pool
address pool CorporateVPN
Group Policy - by default-Netadmin
No vpn-addr-assign aaa
No dhcp vpn-addr-assign
Telnet 192.168.1.0 255.255.255.0 management
Telnet timeout 10
SSH timeout 5
Console timeout 0
management of 192.168.1.2 - dhcpd address 192.168.1.254
enable dhcpd management
!
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns migrated_dns_map_1
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the migrated_dns_map_1 dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
!
global service-policy global_policy
WebVPN
allow outside
SVC disk0:/crypto_archive/sslclient-win-1.1.1.164 2 image
enable SVC
context of prompt hostname
Cryptochecksum:13f5616c7345efb239d7996741ffa7b3
: end

Yes, 'inside access management' is only to manage/ping of the SAA within the interface. Without this command, they would still be able to access the internal network. This command is only used to manage the SAA within the interface itself.

Windows IPSEC and SSL VPN client on the same machine

Matches (coexistence) installation of IPSEC and SSL vpn clients that are supported on the same computer, windows (XP and Win7)?

As mentioned by Patricia and Jennifer (5 stars), you can install two clients on the same machine without any problem.

The tricky part comes when you are trying to connect two clients at the same time, that's when you may encounter unexpected problems.

However, if your intention is to install both clients and connect them individually and not at the same time, you'll be fine.

If you have any other questions, please mark this question as answered and note all messages that you have found useful.

Thank you.

Portu.

Post edited by: Javier Portuguez

SSL VPN client anyconnect - login page does not appear

I have an ASA5510 I am setting up for remote access using SSL VPN with the anyconnect client. I followed the guides of configuration on the Cisco's Web site and elsewhere on the internet without success configuration guides.

When you go to https://(outsdie interface ip address), I get nothing, the browser never loads a page. Here are the commands I entered:

WebVPN

allow outside

SVC disk0:/anyconnect-win-2.5.3046-k9.pkg 1 image

SVC disk0:/anyconnect-macosx-powerpc-2.5.3046-k9.pkg 2 image

Picture disk0:/anyconnect-macosx-i386-2.5.3046-k9.pkg 3 SVC

enable SVC

tunnel-group-list activate

in-house VRx-WebVPN group policy

Group Policy attributes VRx-WebVPN

Server DNS 192.168.100.11 value

VPN-tunnel-Protocol svc

Split-tunnel-policy tunnelspecified

Split-tunnel-network-list value split

VRX.NET value by default-field

WebVPN

SVC Dungeon-Installer installed

time to generate a new key of SVC 30

SVC generate a new method ssl key

SVC request no svc default

remote type tunnel-group VRx-WebVPN access

attributes global-tunnel-group VRx-WebVPN

address value vpn_pool pool

authentication-server-group VRxAD

Group Policy - by default-VRx-WebVPN

tunnel-group VRx-WebVPN webvpn-attributes

enable VRx-WebVPN group-alias

We never seen this before - any ideas or what would be useful in troubleshooting this?

Thank you in advance!

Dave

Hello David,.

Hmm... I'll do a quick true lab setup for this.

Edit: My own work without problem, it be something else on the configuration that is not allowing you to get the anyconnect portal.

I used the same image anyconnect and the same ASA image.

Julio

SSLVPN package SSL-VPN-Client (seq:1): installed error: others

"Try to install the package anyconnect-victory - 2.5.2019 - k9.pkg on a Cisco 1811 running c181x-advipservicesk9 - mz.124 - 22.T5.bin router, when I run the command in config mode" webvpn install flash: anyconnect svc - win - 2.5.2019 - k9.pkg ' I get "

"SSLVPN package SSL-VPN-Client (seq:1): installed error: others" some proposed to reformat the flash drive, does anyone know a workaround or a way to do it without losing the configuration running? I think that there is a problem with the structure of files on the router, the installation package is capable of "webvpn" installation directory. All ideas are welcome, thanks!

hostname #sh flash
-# - length - time - path
1 23472512 February 23, 2012 21:10:34 c181x-advipservicesk9 - mz.124 - 22.T5.bin
2 0 23 February 2012 21:37:50 webvpn
3 4686889 23 February 2012 21:18:46 anyconnect-victory - 2.5.2019 - k9.pkg

3772416 bytes available (28168192 bytes used)

Processor of 1811 (MPC8500) Cisco (revision 0 x 400) with 118784K / 12288K bytes of memory.
10 FastEthernet interfaces
Serial 1 interface
1 line of terminal
31360K bytes of ATA CompactFlash (read/write)

Configuration register is 0 x 2102

Host name #.

I think it's because you have not enough space - he's trying to copy the file to the directory of webvpn.

Make sure that the install webvpn command isn't in your configuration.

Move the anyconnect package in the directory of webvpn

run

WebVPN install svc flash:/webvpn/anyconnect-win-2.5.2019-k9.pkg

And see if that helps.

Xcode Server installation failed (ssl configuration infrastructure)

After the upgrade to Server 5.2 today, I am unable to start the service of Xcode as a result of a mistake.

The first time, I tried to implement the service, after having chosen the Xcode application, I was asked to create a service user account Xcode. So, I followed the guests to create a Xcode Server user account.

Then I saw a message that Xcode Helper should be allowed to make UI script, to which I agreed.

Finally, a progress bar appears where, apparently, that was under the service of Xcode configuration.

And then an error stating:

Xcode Server installation failed (ssl configuration infrastructure)

Try clicking on choose Xcode and selecting a new version of Xcode or upgrade to a newer version of the server.

Given that I had just installed the latest version of Xcode previously, I advanced and checked that Xcode launches without problem, and no message appears.

Then I went to System Preferences > Security & privacy > accessibility and verified that an entry is added for Xcode Helper, and I checked the box next to it to allow access.

Also, I have advanced and connected to the server of Xcode user account and used the fast user switching option to return to my main account.

Unfortunately, trying to start again service results in the same error. I even tried to start the service when you are logged on the server of Xcode user account. Whenever it has failed with the same message.

Whenever I try to start the service, I see this (or very similar) message sequence struck the system log:

20 September 15:50:36 servermgr_xcode Server [867]: getSetXcodePathProgressWithRequest: {}

control = getSetXcodePathProgress;

currentPercentageCompleteRangeMaximum = 10;

currentPercentageCompleteRangeMinimum = 10;

currentStep = 'Xcode stop server';

percentComplete = 10;

status = running;

}

20 September 15:50:37 Server servermgr_xcode [867]: task completed (State 0)

20 September 15:50:37 Server servermgr_xcode [867]: stderr output for the job:

(4 / 6) [START] stop nginx daemon

(3 / 6) Server [START] stop API

(1 / 6) [START] stop CouchDB

(6 / 6) [START] stop builder

(5 / 6) [START] daemon stop control

(2 / 6) [START] stop repeat

(5 / 6) [END - 0.05 S] Stop control daemon

(1 / 6) [END - 0.05 S] Judgment of CouchDB

(2 / 6) [END - 0.05 S] Stopping repeat

(3 / 6) [END - 0.05 S] Stop server API

(4 / 6) [END - 0.14 S] Stop the nginx daemon

(6 / 6) [END - 0.16 S] Stop generator

A successful!

Total time: 0.32 seconds

20 September 15:50:37 Server servermgr_xcode [867]: launch/usr/bin/xcrun xcscontrol - initialize - build-service-user xcodeserver

20 September 15:50:37 Server servermgr_xcode [867]: wait for task to leave

20 September 15:50:37 Server lsd [961]: LaunchServices: could not store file lsd-identifiers to /private/var/db/lsd/com.apple.lsdschemes.plist

20 September 15:50:37 Server servermgr_xcode [867]: xcscontrol reported progress: (1/29) checking that Xcode is accessible

20 September 15:50:37 Server sudo [1422]: root: TTY = unknown; PWD =; USER = nobody; /Applications/XCode.app/Contents/developer = / usr/bin/file COMMAND

20 September 15:50:37 Server servermgr_xcode [867]: xcscontrol reported progress: (1/29) checking that Xcode is accessible

20 September 15:50:37 Server servermgr_xcode [867]: xcscontrol reported progress: running (4/29) xcode-selector - /Applications/Xcode.app

20 September 15:50:38 Server servermgr_xcode [867]: xcscontrol reported progress: integration of control to prepare (9/29)

20 September 15:50:38 Server servermgr_xcode [867]: xcscontrol reported progress: (11/29) setting up the config for Redis file

20 September 15:50:38 Server servermgr_xcode [867]: xcscontrol reported progress: (12/29) setting up the config for CouchDB file

20 September 15:50:38 Server servermgr_xcode [867]: xcscontrol reported progress: launchd jobs (13/29) system configuration

20 September 15:50:38 Server servermgr_xcode [867]: xcscontrol reported progress: (14/29) creative group for users of service if required

Note : There was a lot of posts like this that I missed:

20 September 15:50:38 syslogd server [69]: notice of Configuration:

ASL Module 'com.apple.AccountPolicyHelper' claims the selected messages.

These messages may not appear in the standard system log files or in the database of the ASL.

20 September 15:50:38 Server servermgr_xcode [867]: xcscontrol reported progress: configuration record (16/29)

20 September 15:50:38 Server servermgr_xcode [867]: xcscontrol reported progress: users of creative services (17/29) if necessary

20 September 15:50:38 Server servermgr_xcode [867]: xcscontrol reported progress: infrastructure configuration of SSL (18/29)

20 September 15:50:39 Server servermgr_xcode [867]: getSetXcodePathProgressWithRequest: {}

control = getSetXcodePathProgress;

currentPercentageCompleteRangeMaximum = 75;

currentPercentageCompleteRangeMinimum = 20;

currentStep = "Configuring SSL infrastructure."

percentComplete = 54;

status = running;

}

20 September 15:50:41 com.apple.SecurityServer [114 Server]: displaying guest Keychain for Applications/Xcode.app/Contents/Developer/usr/bin/xcscontrol(1421)

20 September 15:50:41 Server servermgr_xcode [867]: xcscontrol reported progress: FAILED (18/29): configuration of SSL infrastructure

20 September 15:50:41 Server servermgr_xcode [867]: task completed (Status 5)

20 September 15:50:41 Server servermgr_xcode [867]: stderr output for the job:

(1/29) [START] make sure Xcode is accessible

(1/29) [END - 0.20 S] Make sure Xcode is accessible

Audit (2/29) [START] version of Xcode is supported

(2/29) [END - 0.00 S] Check if the version of Xcode is supported

Developer mode (5/29) [START] if necessary activation

[START] Running (4/29) xcode-selector - /Applications/Xcode.app

(29/3) [START] check if the server version is supported

(3/29) [END - 0.02 S] Check if the server version is supported

Data directories (6/29) [START] creation by default (if they are missing)

(6/29) [END - 0.00 S] Creation of data directories by default (if they are missing)

(7/29) [START] create a symbolic link to the current path of the Xcode application

Access to the repository (8/29) [START] HTTP configuration

Integration of control (9/29) [STARTED] preparation

Access [START] SSH configuration repository (10/29)

(8/29) [END - 0.12 S] Access to the HTTP repository configuration

(7/29) [END - 0.12 S] Create a symbolic link to the current path of the Xcode application

(10/29) [END - 0.12 S] The access to the repository SSH configuration

(11/29) [START] establishing the file config for Redis

(12/29) [START] set up the config for CouchDB file

(13/29) [START] Setup launchd job system

(5/29) [END - 0.16 S] Enabling developer mode if necessary

(9/29) [END - 0.23 S] Preparation of control integrations

(11/29) [END - 0.16 S] Setting up the config for Redis file

(12/29) [END - 0.20 S] Setting up the config for CouchDB file

(13/29) [END - 0.20 S] Launchd jobs system configuration

Group creation [START] (14/29) for users of service if required

Saving configuration [START] (16/29)

(15/29) [START] configuration CouchDB to use all cores

(14/29) [END - 0.02 S] Creation of service if required users group

Users of creative services [START] (17/29) if necessary

(4/29) [END - 0.41 S] Running xcode - select - switch for /Applications/Xcode.app

(15/29) [END - 0.08] Configuration of CouchDB to use all cores

(16/29) [END - 0.33 S] Configuration of the recording

(17/29) [END - 0.52 S] Creation of users of the service if necessary

Configuration of SSL infrastructure [START] (18/29)

(18/29) [END - 3.03 S] FAILED: SSL infrastructure Configuration

Failed: could not export the certificate of the server API: error Domain = =-25308 Security Code 'user intervention is not permitted.' UserInfo = {NSLocalizedDescription = User interaction is not allowed.}

Total time: 4.13 seconds

The service initialization error: could not export the certificate of the server API: error Domain = =-25308 Security Code 'user intervention is not permitted.' UserInfo = {NSLocalizedDescription = User interaction is not allowed.}

20 September 15:50:41 Server servermgr_xcode [867]: response: {}

error = "Xcode Server Configuration has failed (ssl configuration infrastructure)";

errorCode = "-1";

errorDomain = ServermgrXcodeErrorDomain;

errorLocalizedDescription = "Configuration of Xcode Server failed (ssl configuration infrastructure)";

errorLocalizedFailureReason = "failed to install Service in step: Setup ssl infrastructure";

errorLocalizedRecoverySuggestion = "try clicking on choose Xcode and selecting a new version of Xcode or upgrade to a newer version of the server.

errorString = "Configuration of Xcode Server failed (ssl configuration infrastructure)";

status = 1;

}

20 September 15:50:41 com.apple.xpc.launchd [Server 1] (com.apple.dt.XCSDeviceService [1417]): Service not out 5 seconds after SIGTERM. Sending SIGKILL.

20 September 15:50:42 Server servermgr_xcode [867]: getSetXcodePathProgressWithRequest: {}

control = getSetXcodePathProgress;

currentPercentageCompleteRangeMaximum = 75;

currentPercentageCompleteRangeMinimum = 20;

currentStep = "FAILED: SSL infrastructure configuration ';

error = "Xcode Server Configuration has failed (ssl configuration infrastructure)";

errorCode = "-1";

errorDomain = ServermgrXcodeErrorDomain;

errorLocalizedDescription = "Configuration of Xcode Server failed (ssl configuration infrastructure)";

errorLocalizedFailureReason = "failed to install Service in step: Setup ssl infrastructure";

errorLocalizedRecoverySuggestion = "try clicking on choose Xcode and selecting a new version of Xcode or upgrade to a newer version of the server.

errorString = "Configuration of Xcode Server failed (ssl configuration infrastructure)";

percentComplete = 54;

status = FAILURE;

}

This article is interesting:

20 September 15:50:41 com.apple.SecurityServer [114 Server]: displaying guest Keychain for Applications/Xcode.app/Contents/Developer/usr/bin/xcscontrol(1421)

No prompt was displayed at this time. I had to see a real Keychain prompt? In any case, this article seems to be the cause of the problem:

Failed: could not export the certificate of the server API: error Domain = =-25308 Security Code 'user intervention is not permitted.' UserInfo = {NSLocalizedDescription = User interaction is not allowed.}

Help to get the Xcode service backup and race would be much appreciated!

I had this same problem. I typed in the following in the terminal:

sudo /applications/xcode-beta6.app/contents/developer/usr/bin/xcscontrol--reinitialiser

After the reset, I tried to enable the server to Xcode from the macOS GUI server and it worked

Installation of SSL VPN problem

Similar Questions

Maybe you are looking for