CODEWITHSUNDEEP
azuremacosvpnkeychainazure-vpn
BAD Gumby
BAD Gumby

Reputation: 21

Azure VPN Client (MacOS) Fails to connect due to Error: getKeyChainSecret

I've spent hours today trying to find a resolution but it seems like my Azure VPN Client cannot create the token credential in my MacOS keychain. Multiple coworkers were able to connect, on similar Macs without issue. This is a client failure, as I can access the VPN on another Mac using my credentials and this profile. Below is the connection log.

02/27/2023 20:37:17 Information getClientAuthLoginCredentials: Using account: com.microsoft.AzureVpnMac
02/27/2023 20:37:17 Error getKeyChainSecret: Failed to retrieve KeyChain secret. Status code -25300
02/27/2023 20:37:17 Error handleAADClientAuthCachedUser: There is no last used account Username saved in KeyChain for VpnConnection: Remote-Site AAD Auth!
02/27/2023 20:37:17 Information sAcquireTokenInteractivelyNeeded: Account is not saved so interactive login will be needed.
02/27/2023 20:37:17 Error IsAcquireTokenInteractivelyNeeded: No AAD token acquired silently, Interactive login is required!
02/27/2023 20:37:17 Information removeClientAuthLoginCredentials: Using account: com.microsoft.AzureVpnMac
02/27/2023 20:37:17 Information getClientAuthLoginCredentials: Using account: com.microsoft.AzureVpnMac
02/27/2023 20:37:17 Error getKeyChainSecret: Failed to retrieve KeyChain secret. Status code -25300
02/27/2023 20:37:17 Warning removeClientAuthLoginCredentials: Failed to retrive previously saved ClientAuth: aad secret  for Vpn connection: Remote-Site, so no cleanup is needed!
02/27/2023 20:37:17 Information IsAcquireTokenInteractivelyNeeded: Cleared saved AAD auth login account Username from KeyChain as user will need to do interactive login to acquire AAD token.
02/27/2023 20:37:17 Information Acquiring AAD token interactively...
02/27/2023 20:37:19 Information Successfully Received AAD Credential Token. User: REDACTED@Remote-Site
02/27/2023 20:37:19 Information Saving AAD User Account
02/27/2023 20:37:20 Information Dialing VPN connection Remote-Site
02/27/2023 20:37:20 Information Dialing VPN connection Remote-Site, Status = Success
02/27/2023 20:37:20 Information removeClientAuthLoginCredentials: Using account: com.microsoft.AzureVpnMac
02/27/2023 20:37:20 Information getClientAuthLoginCredentials: Using account: com.microsoft.AzureVpnMac
02/27/2023 20:37:20 Error getKeyChainSecret: Failed to retrieve KeyChain secret. Status code -25300
02/27/2023 20:37:20 Warning removeClientAuthLoginCredentials: Failed to retrive previously saved ClientAuth: aad secret  for Vpn connection: Remote-Site, so no cleanup is needed!

You will notice the second to last message is the 'Failed to retrieve KeyChain secret'. Any help is greatly appreciated!

I've tried uninstalling, fully cleaning, then reinstalling. I've manually added the credential to the keychain, but then the VPN client gives an error about "can't change ownership" of the keychain credential. I've removed and re-imported the Azure VPN profile XML. I've had coworkers export their profile and tried importing it with the same issue.

Upvotes: 2

Views: 2247

Answers (1)

leo_poldX
leo_poldX

Reputation: 132

we had the same problem with my mac! Our solution was to select the right certification information under the section server validation.

Previously i selected the Microsoft ECC *** Cert and got the above error.

After switching to the DigiCert Global Root G2 Cert the connection can be established.

Upvotes: 0

Related Questions