Introduction
This document describes missing hardware requirements on Mac devices that cause Secure Access ZTNA enrollment failure.
Problem
When attempting to enroll ZTNA, the posture error is displayed within Cisco Secure Client: "Posture Registration Failure. Endpoint Lacks Hardware Security. Please Contact Support if the Error Persists."
Solution
The end device is not supported due to failing to meet the Secure Enclave (Mac) enabled requirement.
Cause
For the ZTNA module to be installed and enrolled, there is a requirement for Duo Desktop (Device Health) to be installed and running within the end device. If the end device does not support Secure Enclave, the ZTNA enrollment fails.
Additional Information
Supporting logs can be viewed to confirm:
- Dart Bundle:
~/Cisco Secure Client/ Zero Trust Access/Logs/ZeroTrustAccess.log
2023-10-30 10:00:00.0000000x10eb Error 0x0 543 0 csc_zta_agent: [com.cisco.secureclient.zta:csc_zta_agent] E/ SSEZtnaEnroller.cpp:1429 OnEnrollmentConcluded() DHA enrollment has failed: NoHardwareSecurityFailure
- Duo Desktop:
~/Library/Logs/Duo Device Health/*.log
2023/10/20 10:00:00:000 Secure Enclave is not supported on this device.
Related Information