KB000010: The Access Manager agents fail to register on macOS 15 (Sequoia)

Summary

When registering an Access Manager Agent on macOS 15 (Sequoia), you receive an error message similar to the following.

Interop+AppleCrypto+AppleCommonCryptoCryptographicException: The specified item is no longer valid. It may have been deleted from the keychain

The issue only occurs with new agent registrations. If agent is installed and working on a macOS 14 machine that is subsequently upgraded to macOS 15, it will continue to work as expected.

Cause

There is bug in all current versions of .NET that prevents creating certificates on macOS 15. This is documented by Microsoft on the .NET GitHub Repository.

When the Access Manager agent is first registered, it creates a digital certificate, and registers that with the server. The certificate is used for authenticating the client to the server going forward. The .NET bug prevents creation of the certificate, preventing a successful registration from taking place.

Agents that have already created their certificate (on an earlier version of macOS), and are subsequently upgraded to macOS 15, do not have this issue.

However, if an agent that was working, is reset on macOS 15, it will remain broken until the fix is available. The agent reset operation deletes the certificate, requiring a new one to be created. At this point the bug will be triggered.

Workarounds

The only available workaround is to install and register the Access Manager agent on macOS 14, and then upgrade to operating system to macOS 15.

There is no workaround for agents attempting to register on macOS 15.

Resolution

This issue requires a bug fix from Microsoft, expected to be available mid-October. Once this is available, Lithnet will issue an updated agent package.

Last updated