"Error Domain=NEAgentErrorDomain Code=2" appears..

I am a novice Swift developer. Referring to the Apple developer documentation and various blogs, I have written example code for DNS Proxy in Network Extension.

I inherited NEDNSProxyProvider to create a DNSProxyProvider class in the Extension. Using NEDNSProxyManager and NEDNSSettingsManager, I created a simple app that calls saveToPreferences(...) after loadFromPreferences(...).

When saveToPreferences(...) is called, I can confirm that the "DNS Proxy" item is added to the "System Preferences" in the "Enabled" state. However, upon further inspection using console logs, it seems that the init() constructor and startProxy(...) function of DNSProxyProvider are not being called.

Additionally, upon checking the console logs: NESMDNSProxySession[Primary Tunnel:MyMyService:{GUID}:(null)] in state NESMVPNSessionStateStarting: plugin NEDNSProxyPlugin(xxxxx.xxxxxx.MyMyService[inactive]) started with PID 0 error Error Domain=NEAgentErrorDomain Code=2 "(null)"

These logs are present. Could they be related to the issue?

I tried to refer to the link below that seems like a similar issue, but I couldn't find a clear solution or hint.

I earnestly seek your assistance. Thank you.

I changed dnsProtocol.providerBundleIdentifier correctly. Since then, the console logs have been partially changed.

The Domain= NEAGentErrorDomainCode=2 error was no longer present, however,

"NESMDNSProxySession [Default Tunnel:xxxx.xxxx.MyMyService.MyMyExt:{GUID:(null)]: Plug-in Type xxxxx.xxxx.MyMyService.MyMyExt, Missing specified requirements"

An error is occurring.

Should I check out entitlements or plists? Please tell me which point I should check.

The reason for the "Error Domain=NEAgentErrorDomain Code=2" error is likely due to the incorrect setting of the dnsProtocol.providerBundleIdentifier value. By changing the dnsProtocol.providerBundleIdentifier to the name of an extension that is presumed to be correct, the "NEAgentErrorDomain Code=2" log no longer occurs.

However, logs related to "missing designated requirement" have started to appear in the console log. "NESMDNSProxySession[Primary Tunnel:xxxxx.xxxxxx.MyMyService.MyMyExt:{GUID}:(null)]: Cannot create agent for plugin type xxxxx.xxxxxx.MyMyService.MyMyExt, missing designated requirement"

Should I check the entitlements or plist? I would appreciate your opinion.

Thanks!

I am a novice Swift developer.

Well, you’ve certainly picked a difficult fun project to start with (-:

On macOS, DNS proxy providers must be packaged as a system extension [1]. So, did you use System Extensions framework to install your sysex?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] See TN3134 Network Extension provider deployment for the full story here.

OOPs... I didn't know that the document didn't include information about the difficulty and fun of the task.. :'-)

I appreciate your interest.

I'm using the System Extension Framework to implement the Endpoint Security Extension and Content Filter in the Network Extension, and it's working well.

I'm trying to add DNS Proxy functionality, but I'm struggling because I'm very novice with Swift and macOS.

Is there any help or hints available regarding "Cannot create agent for plugin type xxxxx.xxxxxx.MyMyService.MyMyExt, missing designated requirement?"

Thanks!

Are you using two separate sysexes? Or have you placed both your ES and NE code in the same sysex?

Note that both of these are valid options, I’m just trying to understand the lay of the land.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I designed project that..

  • one Container app
  • one Sys ext
    • ES features
    • Content-filter
    • DNS Proxy (with DNS Settings)

I'll leave you detailed information just in case you're curious.

I hope the information reaches you well. (some infomation is dummy, like AppName MyMYService)

[basic information]

  • systemextensionsctl developer mode ON
  • SIP DISabled
  • app & sysext running on dev-notebook

[DNSProxyManager.swift]

class DNSProxyManager: BaseManager {
    let manager = NEDNSProxyManager.shared()

    override func activate() -> Bool{
        loadAndUpdatePreferences { [weak self] in
            let dnsProtocol = NEDNSProxyProviderProtocol()
            dnsProtocol.username = ""
            dnsProtocol.providerConfiguration = ["clientId": dohUrl]
            dnsProtocol.providerBundleIdentifier = providerIdentifier
            dnsProtocol.serverAddress = "127.0.0.1"
            
            self?.manager.localizedDescription = Bundle.main.infoDictionary?["CFBundleName"] as? String
            self?.manager.providerProtocol = dnsProtocol
            self?.manager.isEnabled = true
        }
        
        return self.manager.isEnabled
    }

    private func loadAndUpdatePreferences(_ completion: @escaping () -> Void) {
        manager.loadFromPreferences { [weak self] error in
            guard error == nil else { return }

            completion()
            
            self?.manager.saveToPreferences { (error) in
                guard error == nil else { return }
            }
        }
    }
}

[DNSSettingsManager.swift]

class DNSSettingsManager {
    let manager = NEDNSSettingsManager.shared()

	...
}

[main.swift]

autoreleasepool {
    NEProvider.startSystemExtensionMode()
    DNSProxyManager.shared.activate()
    EndpointSecurity.Client.shared.activate()

	...
    
    dispatchMain()
}

...continued...

[result of.. codesign -d --entitlements :- .../MyMyService.app]

	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
		<key>com.apple.application-identifier</key>
			<string>MyMyService</string>
		<key>com.apple.developer.networking.networkextension</key>
		<array>
			<string>content-filter-provider</string>
			<string>dns-proxy</string>
			<string>dns-settings</string>
		</array>
		<key>com.apple.developer.system-extension.install</key>
			<true/>
		<key>com.apple.developer.team-identifier</key>
			<string>TEAMID</string>
		<key>com.apple.security.app-sandbox</key>
			<true/>
		<key>com.apple.security.device.usb</key>
			<true/>
		<key>com.apple.security.files.user-selected.read-only</key>
			<true/>
		<key>com.apple.security.get-task-allow</key>
			<true/>
		<key>com.apple.security.network.client</key>
			<true/>
		<key>com.apple.security.network.server</key>
			<true/>
	</dict>
	</plist>

[result of.. codesign -d --entitlements :- .../MyMyService.app/Contents/Library/SystemExtensions/MyMyExt.systemextension]

	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
		<key>com.apple.application-identifier</key>
			<string>MyMyService.MyMyExt</string>
		<key>com.apple.developer.endpoint-security.client</key>
			<true/>
		<key>com.apple.developer.networking.networkextension</key>
			<array>
				<string>content-filter-provider</string>
				<string>dns-proxy</string>
				<string>dns-settings</string>
			</array>
		<key>com.apple.developer.team-identifier</key>
			<string>TEAMID</string>
		<key>com.apple.developer.usernotifications.time-sensitive</key>
			<true/>
		<key>com.apple.security.get-task-allow</key>
			<true/>
		<key>com.apple.security.network.client</key>
			<true/>
		<key>com.apple.security.network.server</key>
			<true/>
		<key>keychain-access-groups</key>
		<array>
			<string>MyMyService</string>
			<string>MyMyService.MyMyExt</string>
		</array>
	</dict>
	</plist>

[result of.. security cms -D -i MyMyService.app/Contents/embedded.provisionprofile]

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>AppIDName</key>
	<string>MyMyService</string>
	<key>ApplicationIdentifierPrefix</key>
	<array>
	<string>TEAMID</string>
	</array>
	<key>CreationDate</key>
	<date>2024-01-31T07:46:49Z</date>
	<key>Platform</key>
	<array>
		<string>OSX</string>
	</array>
	<key>IsXcodeManaged</key>
	<true/>
	<key>DeveloperCertificates</key>
	<array>
		...
	</array>

	<key>DER-Encoded-Profile</key>
	<data>...</data>
										
	<key>Entitlements</key>
	<dict>
				<key>com.apple.developer.system-extension.install</key>
		<true/>	
				<key>com.apple.developer.networking.networkextension</key>
		<array>
				<string>app-proxy-provider</string>
				<string>content-filter-provider</string>
				<string>packet-tunnel-provider</string>
				<string>dns-proxy</string>
				<string>dns-settings</string>
				<string>relay</string>
		</array>
				<key>com.apple.application-identifier</key>
		<string>TEAMID.MyMyService</string>
				<key>keychain-access-groups</key>
		<array>
				<string>TEAMID.*</string>
		</array>
				<key>com.apple.developer.team-identifier</key>
		<string>TEAMID</string>
	</dict>
	<key>ExpirationDate</key>
	<date>2025-01-30T07:46:49Z</date>
	<key>Name</key>
	<string>Mac Team Provisioning Profile: MyMyService</string>
	<key>ProvisionedDevices</key>
	<array>
		...
	</array>
	<key>TeamIdentifier</key>
	<array>
		<string>TEAMID</string>
	</array>
	<key>TeamName</key>
	<string>TEAMNAME</string>
	<key>TimeToLive</key>
	<integer>365</integer>
	<key>UUID</key>
	<string>GUID</string>
	<key>Version</key>
	<integer>1</integer>
</dict>
</plist>

[result of.. security cms -D -i MyMyService.app/Contents/embedded.provisionprofile]

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>AppIDName</key>
	<string>APPID</string>
	<key>ApplicationIdentifierPrefix</key>
	<array>
	<string>TEAMID</string>
	</array>
	<key>CreationDate</key>
	<date>2024-02-01T04:52:04Z</date>
	<key>Platform</key>
	<array>
		<string>OSX</string>
	</array>
	<key>IsXcodeManaged</key>
	<true/>
	<key>DeveloperCertificates</key>
	<array>
		...		
	</array>

	<key>DER-Encoded-Profile</key>
	<data>...</data>
																
	<key>Entitlements</key>
	<dict>
				
				<key>com.apple.developer.usernotifications.time-sensitive</key>
		<true/>
				
				<key>com.apple.developer.system-extension.install</key>
		<true/>
				
				<key>com.apple.developer.networking.networkextension</key>
		<array>
				<string>app-proxy-provider</string>
				<string>content-filter-provider</string>
				<string>packet-tunnel-provider</string>
				<string>dns-proxy</string>
				<string>dns-settings</string>
				<string>relay</string>
		</array>
				
				<key>com.apple.developer.networking.vpn.api</key>
		<array>
				<string>allow-vpn</string>
		</array>
				
				<key>com.apple.application-identifier</key>
		<string>TEAMID.MyMyService.MyMyExt</string>
				
				<key>keychain-access-groups</key>
		<array>
				<string>TEAMID.*</string>
		</array>
				
				<key>com.apple.developer.team-identifier</key>
		<string>TEAMID</string>
				
				<key>com.apple.developer.endpoint-security.client</key>
		<true/>

	</dict>
	<key>ExpirationDate</key>
	<date>2025-01-31T04:52:04Z</date>
	<key>Name</key>
	<string>Mac Team Provisioning Profile: MyMyService.MyMyExt</string>
	<key>ProvisionedDevices</key>
	<array>
		...
	</array>
	<key>TeamIdentifier</key>
	<array>
		<string>TEAMID</string>
	</array>
	<key>TeamName</key>
	<string>TEAMNAME</string>
	<key>TimeToLive</key>
	<integer>365</integer>
	<key>UUID</key>
	<string>GUID</string>
	<key>Version</key>
	<integer>1</integer>
</dict>
</plist>

i'm so sorry about my very long post..

Please let me know if you need any more information for advice.

Thanks!

"Error Domain=NEAgentErrorDomain Code=2" appears..
 
 
Q