macOS Sierra 10.12.2 DOD CAC Access Issues

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: macOS Sierra 10.12.2 DOD CAC Access Issues
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-14-2017 01:00 AM
Hi dciciora,
Could you send the diagnostic to my email address:
albert.chu@centrify.com
Thank you!
Regards,
Albert
Re: macOS Sierra 10.12.2 DOD CAC Access Issues
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-23-2017 05:38 AM
I found this Apple developer forum post that seems to solve my issues:
https://forums.developer.apple.com/thread/63476
The workaround in this post disables Apple's CryptoTokenKey PIV support which was conflicting with Centrify's tokend support when using Chrome/Safari vs. Outlook. The former preferred the CTK, the latter tokend. Both cannot be used simultaneously since they require exclusive access to the card. Disabling CTK pivtoken allows Chrome/Safari to fall-back to using Centrify's tokend support.
Re: macOS Sierra 10.12.2 DOD CAC Access Issues
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-15-2017 12:14 PM
I've had all the same problems and am hoping to disable the built-in Sierra smart card support as well but don't understand what this link is telling me to do. I found that referenced file but am not sure how to use that to disable the support, please help!
Re: macOS Sierra 10.12.2 DOD CAC Access Issues
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-18-2017 11:07 AM
Hi @Andrew60144,
According to the Apple post, you can achieve the same by the below steps:
1. Login as local admin
2. Bring up terminal (which you can search "terminal" to get it)
3. In the terminal session, please copy and paste the below command exactly (or you can type for it):
sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array
com.apple.CryptoTokenKit.pivtoken
4. After that it should be disabled. Which you can logout and try again.
Hope this helps.
Best Regards,
Albert
Re: macOS Sierra 10.12.2 DOD CAC Access Issues
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-10-2017 10:33 AM
I am having the same issue as others on this thread. I ran the diagnostic test and this is what was found...
2017-06-10 10:22:37.581 SCTool[783:51960] Fail to invoke helper tool: No such file or directory (rc=-1)
Assertion failed: (false), function -[HelperTool executeWithArgs:withObject:], file HelperTool.mm, line 106.
Re: macOS Sierra 10.12.2 DOD CAC Access Issues
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-12-2017 03:58 AM
Hi @LivingwithLacy,
Can you help provide us the entire diagnostic report on this forum post?
Meanwhile, can you please try the following steps and see disabling the build-in SC support on Mac would help?
1. Login as local admin
2. Bring up terminal (which you can search "terminal" to get it)
3. In the terminal session, please copy and paste the below command exactly (or you can type for it):
sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array
com.apple.CryptoTokenKit.pivtoken
4. After that it should be disabled. Which you can logout and try again.
Please keep us posted with the result or any update. Thank you!
BR,
Ivan
Re: macOS Sierra 10.12.2 DOD CAC Access Issues
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-04-2018 08:24 AM
I was having the same issue with some, but not all, CAC enabled sites. I tried the terminal command and was able to log in once. Now I'm getting a slightly different error: "The operation couldn't be completed. (POSIX error -9802 - Unknown Error: -9802)".
I also notice that when I look in the Centrify Express window under status, it says: "Authentication attempts remaining: 3." The status never changes even when I have successfully logged into a CAC enabled website.
Re: macOS Sierra 10.12.2 DOD CAC Access Issues
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-05-2018 12:09 AM
Hi @little36,
Welcome to Centrify Community!
Can you help clarify when do you see the error: "The operation couldn't be completed. (POSIX error -9802 - Unknown Error: -9802)"?
Do it appear when you open the browser?
Launching to the CAC website?
After the authentication?
As the error code is from Apple process, we might need some more time to research on this. Please help keep us posted with the information above. Thank you!
BR,
Ivan
Re: macOS Sierra 10.12.2 DOD CAC Access Issues
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
4 weeks ago
I was wondering if this is possible to reverse?