I'm not sure at what point it disappeared from the config, but recently we were making ASA sw update, so this might be the cause. Just found the root cause: We have an HA pair, and the actual config file for the connection profile was missing on secondary device, so when it was put to active mode during upgrading process, apparently config pointing to missing file was removed.
Lesson learned: always replicate all resources of config to all the devices in HA cluster. Buy or Renew. Find A Community.
Cisco Community. Thank you for your support! We're happy to announce that we met our goal for the Community Helping Community campaign! Turn on suggestions. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for. Active Oldest Votes. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Podcast Making Agile work for data science. Stack Gives Back OS does not allow profile name to contain special characters so the name must be edited before saving.
Please utilize the full AnyConnect application from your IT Department if additional features are needed. Stay informed about special deals, the latest products, events, and more from Microsoft Store. Available to United States residents. By clicking sign up, I agree that I would like information, tips, and offers about Microsoft Store and other Microsoft products and services.
Privacy Statement. See System Requirements. Description Please direct any questions, feedback or problem reports to ac-mobile-feedback cisco. Show More. People also like. Microsoft Authenticator Free. Without this registry key, all inf install packages are forbidden. In Windows, you must make the hidden files visible.
If this is an initial web deployment install, the log file is located in the per-user temp directory:. If an upgrade was pushed from the optimal gateway, the log file is in the following location:.
Obtain the most recent file for the version of the client you want to install. The xxx varies depending on the version, and the yyyyyyyyyyyyyy specifies the date and time of the install. Click Clear All Logs to start the clearing of the logs. Problem AnyConnect will not establish initial connection, or you get unexpected results when you click Disconnect on the Cisco AnyConnect Secure Mobility Client window.
Obtain the config file from the ASA to look for signs of a connection failure:. From the ASA console, type write net x. From the ASA console, type show running-config. Cut and paste the config into a text editor and save. At the ASA console, add the following lines to look at the ssl, webvpn, anyconnect, and auth events:. Attempt an AnyConnect client connection, and when the connect error occurs, cut and paste the log information from the console into a text editor and save. Type no logging enable to disable logging.
If a conflict was identified, add additional routing debugs to the registry of the client computer being used. These conflicts may appear in the AnyConnect event logs as follows:. The key or file is deleted when the tunnel connection is started. The value of the key or content of the file is not important as the existence of the key or file is sufficient to enable debugging. Start a VPN connection. Problem The AnyConnect client cannot send data to the private network once connected. Verify that the ACL is not blocking the intended traffic flow.
Observe the statistics, interfaces, and routing table. If NAT is enabled, you must exempt data returning to the client from network address translation.
Verify whether the tunneled default gateway is enabled for the setup. The traditional default gateway is the gateway of last resort for non-decrypted traffic:. If a VPN client needs to access a resource that is not in the routing table of the VPN gateway, packets are routed by the standard default gateway. The VPN gateway does not need to have the whole internal routing table. Standard traffic routes to Perform a network packet capture on the client or enable a capture on the ASA.
If some applications such as Microsoft Outlook do not operate with the tunnel, ping a known device in the network with a scaling set of pings to see what size gets accepted for example, ping - , ping - , ping - , and ping - The ping results provide clues to the fragmentation issues in the network.
Then you can configure a special group for users who might experience fragmentation and set the anyconnect mtu for this group to You can also copy the Set MTU. Upon reboot, see if you notice a difference.
Solution Determine if another application conflicted with the service. The following procedure determines if the conflict is with the initialization of the server at boot-up or with another running service, for example, because the service failed to start. If it is running and the error message still appears, another VPN application on the workstation may need disabled or even uninstalled.
After taking that action, reboot, and repeat this step. Check the AnyConnect logs in the Event Viewer for any messages stating that the service was unable to start. Notice the time stamps of the manual restart from Step 2, as well as when the workstation was booted up. Check the System and Application logs in the Event Viewer for the same general time stamps of any messages of conflict.
If the logs indicate a failure starting the service, look for other information messages around the same time stamp which indicate one of the following:. If the logs do not point directly to a cause, use the trial and error method to identify the conflict.
When the most likely candidates are identified, disable those services such as VPN products, HIDS software, spybot cleaners, sniffers, antivirus software, and so on from the Services panel. If the VPN Agent service still fails to start, start turning off services that were not installed by a default installation of the operating system. Problem If you recently updated the Microsoft certclass.
Follow the instructions to repair the VPN driver. Even though the steps taken above may indicate that the catalog is not corrupt, the key file s may still have been overwritten with an unsigned one. If the failure still occurs, open a case with Microsoft to determine why the driver signing database is being corrupted. Enter net stop CryptSvc.
0コメント