Azure VPNClient on Mac can't connect anymore

Wouter Seyen 25 Reputation points
2024-07-23T07:57:29.17+00:00

Yesterday my Azure VPN Client suddenly cannot connect to our Azure VPN Gateway anymore. It worked perfectly fine until then.

According to the logs, the authentication works ok, the dialing up seems to be successful, however the state of the connection immediately goes to 'Disconnected'.

07/23/2024 08:58:46 Information Successfully Received Microsoft Entra Credential Token. User: ***********
07/23/2024 08:58:46 Information Saving Microsoft Entra User Account
07/23/2024 08:58:47 Information Fetching MS graph endpoint
07/23/2024 08:58:47 Information Tenant ID is **********
07/23/2024 08:58:47 Information Fetching graph endpoint from keychain for key: AzureVPNClient_**********_graph_endpoint
07/23/2024 08:58:47 Information MS graph endpoint is https://graph.microsoft.com
07/23/2024 08:58:47 Information Dialing VPN connection ********
07/23/2024 08:58:47 Information Dialing VPN connection ********, Status = Success

In the Console of my mac I find following errors:

default	10:52:00.122111+0200	nesessionmanager	com.microsoft.AzureVpnMac[inactive]: starting
default	10:52:00.119334+0200	neagent	Found 0 extension(s) with identifier com.microsoft.AzureVpnMac.PacketTunnel and extension point com.apple.networkextension.packet-tunnel
error	10:52:00.119425+0200	neagent	Failed to find an app extension with identifier com.microsoft.AzureVpnMac.PacketTunnel and extension point com.apple.networkextension.packet-tunnel: (null)
error	10:52:00.119493+0200	neagent	NEAgentSession: failed to initialize the delegate
default	10:52:00.122421+0200	nesessionmanager	NESMVPNSession[Primary Tunnel:VNET-KPNWE-CEP-DEV-WE-01:5A6B50A2-E85E-4681-AA85-A9ED2F1E37CD:(null)]: Plugin is not installed
default	10:52:00.137005+0200	neagent	Looking for an extension with identifier com.microsoft.AzureVpnMac.PacketTunnel and extension point com.apple.networkextension.packet-tunnel
default	10:52:00.137114+0200	neagent	[d <private>] <PKHost:0x14400a060> Beginning discovery for flags: 0, point: com.apple.networkextension.packet-tunnel
error	10:52:00.139348+0200	nesessionmanager	com.microsoft.AzureVpnMac[850]: Tearing down XPC connection due to setup error: Error Domain=NEAgentErrorDomain Code=2 "(null)"
default	10:52:00.139602+0200	nesessionmanager	com.microsoft.AzureVpnMac[850]: XPC connection went away
default	10:52:00.139120+0200	neagent	Found 0 extension(s) with identifier com.microsoft.AzureVpnMac.PacketTunnel and extension point com.apple.networkextension.packet-tunnel

I have tried force installing Rosetta 2 as suggested by https://learn.microsoft.com/en-us/answers/questions/1282475/azure-vpn-client-not-working-on-mac-book-2023-m2 but this did not solve the issue, which was expected as the connection worked perfectly before the weekend.

For my colleague the connection also still worked yesterday, but stopped working today.

Can you please advise on how to further tackle this issue?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,559 questions
{count} vote

Accepted answer
  1. KapilAnanth-MSFT 47,046 Reputation points Microsoft Employee
    2024-07-24T12:48:27.7433333+00:00

    @Wouter Seyen ,

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!

    Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

    Issue :

    • Azure VPN Client suddenly could not connect to Azure VPN Gateway.
    • The connection connects but disconnects almost instantaneously.

    Solution :

    • It turns out the MacTunnelExtension (/Applications/Azure VPN Client.app/Contents/PlugIns/MacTunnelExtension.appex/Contents/MacOS/MacTunnelExtension) got flagged as Malicious by our endpoint protection tool (Cisco Secure Endpoint).
    • After explicitly excluding the path far the extension in the policy and re-installing Azure VPN Client, the connection works again

    Sure, I shall relay this information to the Azure VPN Team who is responsible for VPN Client.

    Please let us know if we can be of any further assistance here.

    Thanks,

    Kapil


    Please Accept an answer if correct.

    Original posters help the community find answers faster by identifying the correct answer.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.