Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MacOS Ventura - Not starting meshagent on boot (Maybe Solved) #161

Open
spiffyguy opened this issue Nov 10, 2022 · 22 comments
Open

MacOS Ventura - Not starting meshagent on boot (Maybe Solved) #161

spiffyguy opened this issue Nov 10, 2022 · 22 comments
Labels

Comments

@spiffyguy
Copy link

Hi there,

I upgraded a lot of the machines I manage to MacOS Ventura yesterday. Upgrade went fine on the machines but after installing and then restarting the new update, I noticed the machines were "offline" in my MeshCentral interface.

I got onto the machines another way and re-installed the meshagent which worked perfectly and allowed me to see it in MeshCentral again.

Then I restarted the client machine and noticed that the machine was "offline" again when it booted back up.

So I looked into the launchd console log to see why it didn't start automatically and saw these 2 lines:

> (system/meshagent) <Error>: Caller tried to import service with same label as an existing service: path = /Library/LaunchDaemons/meshagent.plist, caller = smd[95]
> (system) <Notice>: Bootstrap by smd[95] for /Library/LaunchDaemons/meshagent.plist failed (17: File exists)

When I googled this message, random notes online said to check /Library/LaunchAgents/ folder and see if there is a duplicate service .plist file and there was! So I had the same meshcentral.plist file in both "LaunchAgents" and "LaunchDaemons" folders.

I deleted the /Library/LaunchAgents/meshcentral.plist file. Then restarted the client machine. And it came back "online" through my MeshCentral interface!

Further reading online says that the /Library/LaunchAgents/ folder is usually for USER services and /Library/LaunchDaemons/ is usually for ROOT/SYSTEM services.

Is there a reason why the meshcentral.plist file gets installed into both folders? I noticed that it's in both folders on all my macOS Monterey machines as well but is still able to launch where as macOS Ventura seems to stop the service if it's tried to be called from both places.

If it helps I installed the meshagent using the "Linux / BSD / MacOS Binary Installer" so my command I run on the client terminal to install meshagent is something like this:
curl -k "https://SERVER.DOMAIN.COM/meshagents?id=JiiIjBvqSfC5vncaxwUNIQUEIDfhdsjghdfjg3434343&installflags=2&meshinstall=10005" -o ./meshagent && chmod +x ./meshagent && sudo ./meshagent -install which just asks for the user password and installs meshagent in the proper group I want.

After discovering this... BEFORE I upgrade to macOS Ventura and to make sure meshagent continues to run on boot... I run this first: sudo rm -rf /Library/LaunchAgents/meshcentral.plist on the client machine and THEN upgrade the machine to Ventura. Then everything is fine and meshagent auto starts when the machine boots up.

Can anyone else confirm they see the same issue? And let me know if removing the "LaunchAgents" plist file fixes the meshagent starting at boot for them as well?

If that is the fix, then I recommend we make sure the meshagent installer uses the "LaunchDaemons" folder and not the "LaunchAgents" folder in the future for startup services on Mac.

@r4yzs
Copy link

r4yzs commented Nov 11, 2022

Hello, same problem with the mpkg.
Need to delete meshcentral.plist on LaunchAgents.
Can you take control before log in ?

@krayon007
Copy link
Collaborator

I'll have to take a look and retool how the agent uses the LaunchAgent, because the agent requires both a launch agent and a launch daemon, otherwise a couple components won't work, such as remote desktop, or dialog boxes, etc. The agent uses a launch agent to IPC to an interactive desktop session.

@r4yzs
Copy link

r4yzs commented Nov 11, 2022

I'll have to take a look and retool how the agent uses the LaunchAgent, because the agent requires both a launch agent and a launch daemon, otherwise a couple components won't work, such as remote desktop, or dialog boxes, etc. The agent uses a launch agent to IPC to an interactive desktop session.

Is there a solution to have remote desktop before login ? I know that some other remote software can do it.

Thanks you

@spiffyguy
Copy link
Author

Gotcha, well it may be something as simple as labelling them different. I know you can customize the name of the service using the config on the server but maybe for the "LaunchAgent" side it does something like "meshagent-user.plist" and then the "LaunchDaemons" side it does "meshagent-system.plist." So if someone does use the "agentCustomization" settings in the config.json to change the name it would be something like "${agentCustomization->filename}-user.plist" so no matter what the LaunchDaemon/LaunchAgents will both exist and be named differently so they don't conflict. Need to do some testing to see if that works.

@spiffyguy
Copy link
Author

Is there a solution to have remote desktop before login ? I know that some other remote software can do it.

Thanks you

I think this is a different concern, I don't mean to change the subject of this issue but I do have access to my mac's BEFORE they login with MeshCentral. So I see the main login screen when no one has signed in. There could be something else going on... What does it look like on your side when you try to Remote Desktop before login? I would open a separate ticket @r4yzs to discuss this further.

@r4yzs
Copy link

r4yzs commented Nov 15, 2022

Is there a solution to have remote desktop before login ? I know that some other remote software can do it.
Thanks you

I think this is a different concern, I don't mean to change the subject of this issue but I do have access to my mac's BEFORE they login with MeshCentral. So I see the main login screen when no one has signed in. There could be something else going on... What does it look like on your side when you try to Remote Desktop before login? I would open a separate ticket @r4yzs to discuss this further.

Hello @spiffyguy , I will open a ticket.

I see that my Mac is online but I can't see the screen (black screen) but I can use the terminal.

I tested with 2 mac with Ventura.

Thanks you

@spiffyguy
Copy link
Author

spiffyguy commented Nov 15, 2022

Hello @spiffyguy , I will open a ticket.

I see that my Mac is online but I can't see the screen (black screen) but I can use the terminal.

I tested with 2 mac with Ventura.

Thanks you

That's a different issue, not a permissions thing, I think I know the problem, doing testing right now. Make a ticket and I will comment on what to try to see if you can get in...!

@NiceGuyIT
Copy link

NiceGuyIT commented Feb 13, 2023

@krayon007

the agent requires both a launch agent and a launch daemon

Even though the LaunchAgent is needed, removing it allowed most functionality (desktop, terminal, files) to work. I'm assuming the functionality that requires the agent includes things that interact with the user such as chat and messaging. Renaming the Label allowed the daemon to start on boot. I don't know if it's required but I also renamed the agent meshagent.plist to differentiate it from the system meshagent.plist.

However, the user services still didn't work. Since the agent and daemon share the same install location, I had to give my user access to the directory and files using the command below. The permissions on the directory did not allow my user to view the contents. The executable already had o+x so all I had to do was give access to the installation directory. Note: +X gives traversal (a.k.a. cd) permissions to directories and does not affect files.

sudo chmod o+rX /opt/tacticalmesh/

Those 3 changes (rename the service, plist and change permissions on the install directory) makes MeshCentral work on macOS Ventura.

@rosch100
Copy link

It works with both Agent and Daemon if I change the name and label of the Daemon to e.g. meshdaemon.
This script takes care of a working installation:

curl -k "https://SERVER.DOMAIN.COM/meshagents?id=fL198sFnWekXXR1KBJwhbO5vvuqvIKrF6QmdmjPURJKDsTdQgcZGHxEud6ZKDKxM&installflags=0&meshinstall=10005" -o ./meshagent
chmod +x ./meshagent
sudo ./meshagent -install
sudo sed -i '' '/<key>Label<\/key>/,/<\/string>/s/meshagent/meshdaemon/'  /Library/LaunchDaemons/meshagent.plist
sudo mv /Library/LaunchDaemons/meshagent.plist /Library/LaunchDaemons/meshdaemon.plist

@si458
Copy link
Collaborator

si458 commented Feb 25, 2024

thank you @spiffyguy!
i have finally merged the fix you suggested 52cf129

@tschettervictor
Copy link

So this fix requires no action on our part?

Im also running into this on macOS Sonoma 14.4

@si458
Copy link
Collaborator

si458 commented Mar 16, 2024

the fix at the moment is simple (until next release of new mac meshagent)

  1. install the agent with the terminal (download the binary installer, dont use the mpkg)
  2. go to /Library/LaunchAgents/
  3. open your file meshagent.plist (for example)
  4. edit the Label string so it reads <string>meshagent-launchagent</string>
    (basically add -launchagent to the end of the string)
  5. restart mac

@tschettervictor
Copy link

Ahh, ok. I'm not sure how to go about installing via command line though. I can wget the file, but...

@tschettervictor
Copy link

Never mind. Got it...
Had the wrong file.

@tschettervictor
Copy link

Followed the instruction, but it's still not working. I changed that string in both LaunchDaemons and LaunchAgents but its not coming online on a reboot.

@si458
Copy link
Collaborator

si458 commented Mar 16, 2024

Followed the instruction, but it's still not working. I changed that string in both LaunchDaemons and LaunchAgents but its not coming online on a reboot.

no you only change launchagents!, you leave launchdaemons as is!
they must have different strings, and thats why it doesnt startup in newer osx versions, because osx complains they have the same name

@tschettervictor
Copy link

I see. I did try first with just the LauchAgents, but no go.

@tschettervictor
Copy link

Looks like I had the only file from the dpkg install. Deleted and looks like its working.

@si458
Copy link
Collaborator

si458 commented Mar 16, 2024

yeh avoid the mpkg/pkg for the moment!
if you installed it via pkg first, you need to uninstall it first, then reinstall with the binary file!
one of those bugs at the moment,
i have fixed the pkg which will be in next release,
just need to build new mac agents which include the fix for binary file installs!

@ahmadpi
Copy link

ahmadpi commented Apr 3, 2024

the fix at the moment is simple (until next release of new mac meshagent)

  1. install the agent with the terminal (download the binary installer, dont use the mpkg)
  2. go to /Library/LaunchAgents/
  3. open your file meshagent.plist (for example)
  4. edit the Label string so it reads <string>meshagent-launchagent</string>
    (basically add -launchagent to the end of the string)
  5. restart mac

this is working. thanks!
been searching for a solution for a day or two!

@si458
Copy link
Collaborator

si458 commented Apr 3, 2024

@ahmadpi glad it works!
Also in theory I've fixed the mpkg in the latest release 1.1.22,
However it's a universal binary,
So u might still need to install it, then do agentupdate from the console tab, to get it to install the correct x64 or arm binary if ur mac doesn't play nicely with universal binary

@neosec-eu
Copy link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

9 participants