8

I have an app which contains a Network Extension and when I run it from within XCode, it uses the profiles I have created with the proper entitlements and works fine without issue.

However, when I archive the project and select the same team, the network extension fails to start when I install and run that IPA file:

Dec 31 19:00:00 My-iPad Worx Home(NetworkExtension)[38454] <Error>: Failed to save configuration: Error Domain=NEVPNErrorDomain Code=5 "permission denied" UserInfo={NSLocalizedDescription=permission denied}

I'm pretty sure this is because something is getting messed up with the entitlements.

I went back through the "Export" process and the provisioning profile it shows is not the one I want to use, it is one that says "iOS Team Provio..." and I cannot change it to the profile I want to use.

I know there are other posts about this (like this), however none of the solutions there seem to work. In particular, the solution which involves a command line command only takes in a single provisioning profile which will never work, since I would need to select two different ones: one for the main app and one for the extension.

UPDATE: I checked the embedded.mobileprovision file inside of the IPA file and it actually does seem to be signed with the right profile. So it may not be a profile issue after all. But if so, why would I be getting "Permission Denied" error?

I did a full clean again and confirmed I am seeing "com.apple.developer.networking.vpn.api" (allow-vpn) for both the main app and extension in the list that shows up right before the IPA file is generated.

Right before I get the "Permission denied" error, I see the following cryptic error:

[My App Name] is not allowed to save provider-based configurations

UPDATE 2: I created two enterprise distribution profiles (I had used development ones before) and when I do ad-hoc now the extension works.

I am unblocked for the moment, but would like to determine why this wasn't working originally as it will be valuable information, so leaving this question open.

Community
  • 1
  • 1
Locksleyu
  • 5,192
  • 8
  • 52
  • 77
  • Do you manage your profiles and entitlements through Xcode or on the developer site? – wottle Jul 07 '16 at 14:41
  • In our company the permission to create and modify profiles it not given to everyone, so I cannot do it through XCode. Instead I need to have changes done through an admin on the developer site. – Locksleyu Jul 07 '16 at 14:52
  • Have you verified the VPN entitlement has been set up for the app ID in question? And can you take a screenshot of your "Code Signing" section in your project's Build Settings? – wottle Jul 07 '16 at 18:14
  • I got it working with a distribution profile, but would still like to understand why it didn't work with a development profile (see Update 2 above). Yes, I verified the VPN entitlement is in the IPA file. I'd like to avoid giving a full screenshot of the signing since I would have to block out a few things. Can you tell me specifically what part you want to know? – Locksleyu Jul 07 '16 at 22:20
  • Well, If you switched to an enterprise distribution profile, you had to change your code signing settings, so it's possible something else changed other than simply switching from a development to distribution profile. If you have multiple eligible profiles on your machine, it is possible that it was picking the wrong one. Also, doesn't the network extension have its own embedded.mobileprovision? – wottle Jul 07 '16 at 23:18

0 Answers0