Use this topic to understand probable SSL VPN-Plus client-specific installation problems and how you can resolve them.

Problem

Common problems associated with SSL VPN-Plus client installation are as follows:
  • SSL VPN-Plus client is installed successfully, but the client does not work.
  • On Mac machines, kernel extension warning messages are displayed.
  • On Mac OS High Sierra, the following installation error messages are displayed:
    /opt/sslvpn-plus/naclient/signed_kext/tap.kext failed to load - (libkern/kext)system policy prevents 
    loading; check the system/kernel logs for errors or try kextutil(8).
    Error: Could not load /opt/sslvpn-plus/naclient/signed_kext/tap.kext
    installer[4571] <Debug>: install:didFailWithError:Error Domain=
    PKInstallErrorDomain Code=112 "An error occurred while running scripts from the package “naclient.pkg”.
    " UserInfo={NSFilePath=./postinstall,NSURL=file://<pathtofile>/naclient.pkg,PKInstallPackageIdentifier=
    com.vmware.sslvpn,NSLocalizedDescription=An error occurred while running scripts from the 
    package “naclient.pkg”.}
    
    installer[4571] <Error>: Install failed: The Installer encountered an error that caused the 
    installation to fail. Contact the software manufacturer for assistance. 
    installer: The install failed (The Installer encountered an error that caused the installation to fail.
    Contact the software manufacturer for assistance.)
  • On Windows machines, the following error message is displayed: Driver installation failed for reason E000024B: please try rebooting the machine.

Cause

One of the following reasons can cause the SSL VPN-Plus client to fail even after you have installed it successfully on your computer:
  • Configuration file (naclient.cfg) is missing or the configuration file is invalid.
  • Directory permissions or user permissions are incorrect.
  • SSL VPN server is not reachable.
  • On Mac and Linux machines, the tap driver is not loaded.

On Mac machines, kernel extension warning messages are displayed because your system blocks loading the kernel extension.

On Mac OS High Sierra, installation errors are displayed when your Mac machine does not allow kext, and neither does it prompt you to load the kext.

On Windows machines, driver installation failure (E000024B) is displayed because you have enabled the Hide SSL client network adapter option in the Edge SSL VPN-Plus Client installer.

Solution

  1. Ensure that you install the SSL VPN-Plus client on supported operating systems. For information about supported operating systems, see the SSL VPN-Plus Overview topic in the NSX Administration Guide.
  2. On Windows machines, make sure that users who install the SSL VPN-Plus client have administrator privileges. On Mac and Linux machines, users must have root privileges to install the SSL VPN-Plus client. In addition, for the SSL VPN-Plus client to start and run successfully on Mac machines, users must have execute permissions on the usr/local/lib directory.
  3. On Linux machines, make sure that the following libraries are installed. These libraries are required for the UI to work.
    • TCL
    • TK
    • NSS
  4. If the tap driver is not loaded on Mac and Linux machines, run the shell script to load the driver.
    Operating System Description
    Mac

    Run the Naclient.sh shell script from the /opt/sslvpn-plus/naclient/ directory with sudo privileges.

    Linux

    Run the naclient.sh shell script with sudo privileges. You can find this script in the linux_phat_client/linux_phat_client directory.

  5. To resolve the kernel extension warning messages on machines with macOS High Sierra or later, you must provide explicit user approval for loading a kernel extension (kext). Do the following steps:
    1. On your Mac machine, open the System Preferences > Security & Privacy window.
    2. At the bottom of the window, you can see a message similar to "Some system software was blocked from loading." Click the "Allow" button.
    3. To proceed with the installation, click Allow.
      For detailed information about providing user approval for loading a kernel extension, see https://developer.apple.com/library/content/technotes/tn2459/_index.html.
    4. While the kernel extension is being loaded, the SSL VPN-Plus client installation process continues to run in the background. The SSL VPN-Plus client gets installed, but you get the following error message: The installation failed. The installer encountered an error that cause the installation to fail. Contact the software manufacturer for assistance.
    5. To resolve this error, uninstall the SSL VPN-Plus client, and reinstall it.
  6. To resolve installation error messages on Mac OS High Sierra, do these steps.
    1. Make sure that notifications are enabled. Go to System Preferences > Security & Privacy > Allow Notifications.
      Note: When you install SSL VPN-Plus client for the first time on Mac OS High Sierra, a notification window prompts you to allow the installation. This notification usually lasts for 30 minutes. If the notification disappears before you clicked Allow, restart your machine and reinstall the SSL VPN-Plus client.

      If the installation still fails, it implies that your system does not allow kernel extension (kext), and neither does it prompt you to load the kext. Complete the remaining substeps to add tuntap kext team id to the pre-approved kext list.

    2. Restart your Mac machine in recovery mode.
      1. Click the Apple logo at the top left of your screen.
      2. Click Restart.
      3. Immediately press the Command and R keys until you see an Apple logo or a spinning globe. A spinning globe appears when your Mac machine tries to start macOS recovery by connecting to the Internet because it is unable to start through the built-in recovery system. Mac is now started in recovery mode.
    3. On the top bar, click Utlities > Terminal.
    4. To add tuntap kext team id to the pre-approved kext list, run the - spctl kext-consent add KS8XL6T9FZ command.
    5. Restart your Mac machine in normal mode.
    6. To verify whether the team-id is seen in the pre-approved kext list, run the - spctl kext-consent list command.
    7. Install the SSL VPN-Plus client package.
  7. On Windows machines, if you see the driver installation failure error (E00024B), disable the Hide SSL client network adapter option in the Edge SSL VPN-Plus Client installer. For instructions about disabling this option, see the VMware knowledge base article at https://kb.vmware.com/s/article/2108766.