I have several Macs using Sequoia with no issues, and used one new one today with Roon (not as server) that had problems connecting, zones not available, etc.
The only real difference with this Mac is that it had the firewall turned on. It’s a machine I use for work.
When turning the firewall off, things all worked dandily. Turning it on, I was hampered occasionally with the connection to my server, but consistently hampered at getting the zones on “This Mac” to work.
When poking around the firewall “options”, I noticed that the only Roon-related items listed were “Roon.app” and “RAATServer”, both set to “Allow incoming connections,” e.g.:
Some long-term experience with macOS led me to right click on the Roon application bundle in the Finder to “Show Package Contents” to see what executable components are part of that application bundle (fact: Applications in macOS are just fancy folders; you can right-click on them and use that command to see their contents):
In there, open Contents > MacOS, and you will see three files:
These are the actual core executables that constitute the various parts of the Roon application.
Thing is, neither “Roon” nor “RoonServer” are explicitly in the firewall list. Ostensibly, they are in there implicitly as part of the “Roon.app” application bundle, but not explicitly.
So I did an experiment. Under Firewall “Options…” I hit the “+” button, which opens a dialog box to add additional applications to the firewall. While you cannot navigate directly to the inside of the Roon.app application bundle via this dialog box, you can drag any file from within the bundle to that dialog to get to that area of the folder tree; after dragging a file from that area, you will see this:
From there, if you select both “Roon” and “RoonServer,” then hit “Open,” you can add them to the firewall list, and they will appear in the “Allow incoming connections” state, as follows:
You can then close that dialog box by hitting “OK” and run Roon. You should find, as I did, that everything will work splendidly in Roon after that. I don’t know how long it will last (ostensibly until the next Roon application update?), but it works.
Now, when you go back into the firewall options, those two applications will no longer be in the list, yet things will still work. It is almost as if this procedure helps the firewall learn that these executables are indeed part of the Roon.app application bundle after that, and then it doesn’t need to show them anymore.
All of this points to some potential work the Roon team might have to do with ensuring that all three subcomponents have their access to resources (network and otherwise) allowed per the stringent new rules that Sequoia puts in place. Or it could just be an OS bug. But in the meantime, it would be neat to see how this works for people currently having issues with Sequoia.
UPDATE: I can confirm that all of the above eventually resets itself. The only long-term solution is to turn off the firewall, even for zone-related issues.
