MeshCentral
MeshCentral copied to clipboard
Ylianst
macOS 14.2.1 agent not automatically starting on boot / reboot.
Describe the bug Fresh install of meshcentral server and client. macOS agent installed on macOS Sonoma.
Reboot Mac and agent doesn't start.
/Library/LaunchAgent/meshagent_osx64_LaunchAgent.plist /Library/LaunchDaemon/meshagent_osx64_LaunchDaemon.plist
The fix listed here doesn't match my agent names nor does it work.
According to this a fix has been merged so this issue should be solved when 1.1.17 is released?
the fix has been merged, but we need to release new agents FIRST we can keep doing meshcentral releases but they wont include the fix until the agent is sorted, which is a pain at the moment as we need one of EACH type of device to test everything is working and build on
also you say the fix doesnt work, but is this because you have customised the agent by any chance?
you might need to change the line saying /usr/local/mesh_services/meshagent/meshagent to point to wherre you installed your agent to
It was a default install I did using Apple macOS agent from the server.
According to Launchcontrol (the app) the programs to run are:
LaunchDaemon: /usr/local/mesh_services/meshagent/meshagent_osx64
LaunchAgent: /usr/local/mesh_services/meshagent/meshagent_osx64 -kvm1
Working directory for both are: /usr/local/mesh_services/meshagent/
I can manually start them after rebooting but that would become a pain if more than a few machines.
what is the content of running this command?
sudo cat /Library/LaunchDaemons/meshagent.plist
is it similar to https://github.com/Ylianst/MeshCentral/issues/4822#issuecomment-1542789876 or different?
EDIT: you might also have to reload the daemon, then try restarting as per https://github.com/Ylianst/MeshCentral/issues/4822#issuecomment-1343392800 OR https://github.com/Ylianst/MeshCentral/issues/4822#issuecomment-1349377181
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>meshagent</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/mesh_services/meshagent/meshagent</string>
<string>--no-embedded="1"</string>
<string>--installedByUser=NaN</string>
</array>
<key>WorkingDirectory</key>
<string>/usr/local/mesh_services/meshagent/</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<dict>
<key>Crashed</key>
<true/>
</dict>
</dict>
try changing the file so its identical to https://github.com/Ylianst/MeshCentral/issues/4822#issuecomment-1542789876 then reload with https://github.com/Ylianst/MeshCentral/issues/4822#issuecomment-1349377181 then restart and see if it comes online
I can see this issue has been going for over a year now, starting with Ventura, and as of yet still no fix.
Fortunately I've not invested too much time in it yet so I'll abandon and check back in a few months time. Fingers crossed everything will work then.
Back to SSH'ing!
After installing on 2 Silicon macs and reading just about every GitHub issue and reddit post about installing mesh agent on mac I have these findings. For best install to date go to bottom!
-
There is a reddit post suggesting the need to create launchdaemon .plist file with 2 scripts they created
- This is not needed since the .plist files are already created.
-
There are 2 installers:
- Add Agent, Linux/BSD/macOS Binary Installer, Apple OSX Universal
- Harder install for the user
- Add Agent, Apple macOS
- easier install for the user if it worked
- Add Agent, Linux/BSD/macOS Binary Installer, Apple OSX Universal
-
Both installers have the issue of the agent not reloading after a reboot
- Temp FIX - remove the meshagent .plist from the /Library/launchagents folder and do not touch the meshaget .plist in the /Library/lanuchsaemon folder and reboot. the plist may have a x64 in the name or may not depending on the installer used.
- At the moment the 2 installers install a binary and .plist of different names. one installer puts x64 behind the name and the other installer does not. This should be unified so they both create the same binary and .plist files to help troubleshooting
- Removing this prevents access to login screen but lets agent start on boot
-
Apple macOS installer has a reoccurring Screen record issue
- When you connect to desktop it pops up screen record permissions box on the physical box
- accept the permissions but does not allow access to desktop
- reconnect, reboot, reinstall does not allow access to desktop
- meshagent is in the settings pane for screen recording even though the mac still asks for permission
- Someone needs to review this error and fix it. the linux/bsd/macos binary does not pose this error so something is different with the 2 installable agents.
-
CONCULSION - Best install at the moment
- Until the 2 installers are fixed the easiest way to install an apple silicon agent is to use the Linux/BSD/macOS Binary
- do the CHMOD as suggested in the agent download window window on the server
- right click agent in download folder and click open
- click open in dialog
- install will request SUDO and error out
- go to terminal
- RUN this command: sudo meshagent -install
- delete the mesh .plsit from /Library/LaunchAgents folder
- connect to mac from server
- accept screen record on mac
- disconnect and reconnect to mac from server
- accept control on mac
- Until the 2 installers are fixed the easiest way to install an apple silicon agent is to use the Linux/BSD/macOS Binary
Linking to my reddit post: https://www.reddit.com/r/MeshCentral/comments/18tq4gm/macos_apple_silicon_mesh_agent/
the fix has been merged, but we need to release new agents FIRST we can keep doing meshcentral releases but they wont include the fix until the agent is sorted, which is a pain at the moment as we need one of EACH type of device to test everything is working and build on
also you say the fix doesnt work, but is this because you have customised the agent by any chance? you might need to change the line saying
/usr/local/mesh_services/meshagent/meshagentto point to wherre you installed your agent to
You mention needing one of each device to test before release. are you saying a intel and silicon mac or one of each mac with each version of OS. Technically you only need 2 macs, an intel and a silicon. once you have both macs just partition the drive and install multiple versions of the macOS. I have not tested this on silicon so you might need multiple USB drives or something strange but know it works on intel.
If getting hardware isn't helping with the release of the agents then I might suggest a beta style approach where you release a beta of the agent, tell the beta user to drop the files on the server in the right place and run thru the install process like normal to see if it works as expected. the more successful deployments under the beta and the new agent can go to the production branch
sadly ideally we need hardware of each kind, Windows Arm, Windows x64, Windows x32 (who knows people still using windows 7), Mac Intel x86, Mac Arm64, Linix x64, Linux Arm64, Android, IOS, etc...
If the dev's have an Apple machine with M-class processor then you can use UTM and create VM's for all of those processors listed.
Windows ARM - supported (virtualised) Windows x64 - supported (emulated) Windows x32 - supported (emulated) Mac Intel - supported (emulated) Mac ARM - supported (virtualised) Linux Intel - supported (emulated) Linux ARM - supported (virtualised) Not android or iOS though.
Use CrystalFetch to get the various Windows & Linux OS ISO's (x86/64 and ARM)
That should help to speed up the process of fixing the agents.
I think thats part of the issue is that I dont think the devs have macs with M Class processors, I am sure they would be happy to take a donation, I am sure @si458 would happily give you a UK shipping address :)
@dinger1986 that's perfectly correct! I'm happy to accept any donations to purchase even a second hand one, https://www.si458.co.uk/2024/01/05/donation/, or leave a comment/email me and I'll send u postal address hehe
macOS 14.2.1 sonoma - meshagent_osx64 not automatically starting on boot / reboot tried below:
try changing the file so its identical to #4822 (comment) then reload with #4822 (comment) then restart and see if it comes online
just an update for people. ive found the issue,
macos requires unique names inside the plist files across LaunchDaemons AND LaunchAgents
so a simple fix is to change the Label 'meshagent' (or your app name) inside 'LaunchAgents/meshagent.plist' to 'meshagent-launchagent' (or `yourappname-launchagent')
and restart ur mac
'LaunchDaemons' loads the application at startup,
where as 'LaunchAgents' loads the kvm side of things for meshagent when a user logs in
from launchd.info
Theoretically it is possible for an agent to have the same label as a daemon, as daemons are loaded by the root launchd whereas agents are loaded by a user launchd, but it is not recommended.#
EDIT: the issue/fix was actually here just didnt spot it! https://github.com/Ylianst/MeshAgent/issues/161
This should now be fixed for the pkg install, (the binary install still needs to be build, sorry) Please can people try 1.1.22
This should now be fixed for the pkg install, (the binary install still needs to be build, sorry) Please can people try 1.1.22
So I was setting up some new machines yesterday, all Apple Silicon and ran into this exact problem. None of the .plist edits were helping to resolve the on start up issue, but the 1.1.22 update did fix the agent. However, now a new issue has cropped up that only seems to happen on Apple Silicon machines with the latest macOS Sonoma 14.4.1. On first connection it will typically ask for permission to screen record, then for inputs on the second connection. Unfortunately neither permissions work anymore with this latest agent. So we solved one problem but introduced another.
I managed to circumvent the issue following: https://github.com/Ylianst/MeshCentral/issues/5067#issuecomment-2016527970 - However it is quite a messy solution and creates two login items instead of just one. Doing this https://github.com/Ylianst/MeshCentral/issues/5067#issuecomment-1506633567 seems to remove the second entry and still starts. It appears the launch agent .plist is unnecessary.
@DarkxPunk yes the issue you have is because for some reason apple silicon doesn't like the universal binary files?
So one fix it to install agent get it to show up, then run agentupdate from the console tab of the device, this forces the agent to redownload only the arm binary, once it restarts, remove the entries for permission, restart then readd permissions and away you go!
I already noticed this and don't know what's wrong or how to fix it?
Edit. This is why I added to the webui the ability to now just download the arm binary or intel binary or universal!
Edit2: I'm also not sure IF we need the launchagent or not? As it has different arguments so it might be important for maybe old versions of mac but not newer version?
Edit2: I'm also not sure IF we need the launchagent or not? As it has different arguments so it might be important for maybe old versions of mac but not newer version?
LaunchAgent is required:
I'll have to take a look and retool how the agent uses the LaunchAgent, because the agent requires both a launch agent and a launch daemon, otherwise a couple components won't work, such as remote desktop, or dialog boxes, etc. The agent uses a launch agent to IPC to an interactive desktop session.
Okay good to know, it works for my needs (basic desktop remote control) by removing the agent, preventing the weird double entry. But if we fix/streamline the issue I can always update the systems. I have only had to do this on Apple Silicon systems, Intel based (regardless of OS) seems to behave correctly.