I believe I have my own answer, and that the anyconnect client install failure is urelated to the recent changes on the ASA, but results from cisco revoking the signature on their java applet. Turning the java log/debugger on in the client. As an additional note when the pnputil -d completes successfully your bad driver. The AnyConnect installer still hangs at the end, then rolls back, and now I can't. Deleting from the DriverStore directories and security will back at you a lot. To Windows Restore Point before any of the Cisco Clients were installed earlier in.
Objective
The Cisco AnyConnect Secure Mobility Client, also known as the Cisco AnyConnect VPN Client, is a software application for connecting to a Virtual Private Network (VPN) that works on various operating systems and hardware configurations. This software application makes it possible for remote resources of another network become accessible as if the user is directly connected to the network, but in a secure way. Cisco AnyConnect Secure Mobility Client provides an innovative way to protect mobile users on computer-based or smart-phone platforms, providing a more seamless, always-protected experience for end users, and comprehensive policy enforcement for an IT administrator.
When installing the Cisco AnyConnect Secure Mobility Client, errors may occur and troubleshooting may be needed for a successful setup.
The objective of this document is to show you basic troubleshooting steps on some common errors on the Cisco AnyConnect Secure Mobility Client.
Software Version
- 4.4
Basic Troubleshooting on Cisco AnyConnect Secure Mobility Client Errors
Note: Before attempting to troubleshoot, it is recommended to gather some important information first about your system that might be needed during the troubleshooting process. To learn how, click here.
1. Problem: Network Access Manager fails to recognize your wired adapter.
Solution: Try unplugging your network cable and reinserting it. If this does not work, you may have a link issue. The Network Access Manager may not be able to determine the correct link state of your adapter. Check the Connection Properties of your Network Interface Card (NIC) driver. You may have a 'Wait for Link' option in the Advanced Panel. When the setting is On, the wired NIC driver initialization code waits for auto negotiation to complete and then determines if a link is present.
2. Problem: When AnyConnect attempts to establish a connection, it authenticates successfully and builds the Secure Socket Layer (SSL)session, but then the AnyConnect client crashes in the vpndownloader if using Label-Switched Path (LSP) or NOD32 Antivirus.
Solution: Remove the Internet Monitor component in version 2.7 and upgrade to version 3.0 of ESET NOD32 AV.
3. Problem: If you are using an AT&T Dialer, the client operating system sometimes experiences a blue screen, which causes the creation of a mini dump file.
Solution: Upgrade to the latest 7.6.2 AT&T Global Network Client.
4. Problem: When using McAfee Firewall 5, a User Datagram Protocol (UDP)Datagram Transport Layer Security (DTLS) connection cannot be established.
Solution: In the McAfee Firewall central console, choose Advanced Tasks > Advanced options and Logging and uncheck the Block incoming fragments automatically check box in McAfee Firewall.
5. Problem: The connection fails due to lack of credentials.
Solution: The third-party load balancer has no insight into the load on the Adaptive Security Appliance (ASA) devices. Because the load balance functionality in the ASA is intelligent enough to evenly distribute the VPN load across the devices, using the internal ASA load balancing instead is recommended.
6. Problem: The AnyConnect client fails to download and produces the following error message:
Solution: Upload the patch update to version 1.2.1.38 to resolve all dll issues.
7. Problem: If you are using Bonjour Printing Services, the AnyConnect event logs indicate a failure to identify the IP forwarding table.
Solution: Disable the Bonjour Printing Service by typing net stop “bonjour service” at the command prompt. A new version of mDNSResponder (1.0.5.11) has been produced by Apple. To resolve this issue, a new version of Bonjour is bundled with iTunes and made available as a separate download from the Apple web site.
8. Problem: An error indicates that the version of TUN or network tunnel is already installed on this system and is incompatible with the AnyConnect client.
Solution: Uninstall the Viscosity OpenVPN Client.
9. Problem: If a Label-Switched Path (LSP) module is present on the client, a Winsock catalog conflict may occur.
Solution: Uninstall the LSP module.
10. Problem: If you are connecting with a Digital Subscriber Line (DSL) router, DTLS traffic may fail even if successfully negotiated.
Solution: Connect to a Linksys router with factory settings. This setting allows a stable DTLS session and no interruption in pings. Add a rule to allow DTLS return traffic.
11. Problem: When using AnyConnect on some Virtual Machine Network Service devices, performance issues have resulted.
Solution: Uncheck the binding for all IM devices within the AnyConnect virtual adapter. The application dsagent.exe resides in C:WindowsSystemdgagent. Although it does not appear in the process list, you can see it by opening sockets with TCPview (sysinternals). When you terminate this process, normal operation of AnyConnect returns.
12. Problem: You receive an “Unable to Proceed, Cannot Connect to the VPN Service” message. The VPN service for AnyConnect is not running.
Solution: Determine if another application conflicted with the service by going to the Windows Administration Tools then make sure that the Cisco AnyConnect VPN Agent is notrunning. If it is running and the error message still appears, another VPN application on the workstation may need to be disabled or even uninstalled. After taking that action, reboot, and repeat this step.
13. Problem: When Kaspersky 6.0.3 is installed (even if disabled), AnyConnect connections to the ASA fail right after CSTP state = CONNECTED. The following message appears:
Solution: Uninstall Kaspersky and refer to their forums for additional updates.
14. Problem: If you are using Routing and Remote Access Service (RRAS), the following termination error is returned to the event log when AnyConnect attempts to establish a connection to the host device:
Solution: Disable the RRAS service.
15. Problem: If you are using a EVDO wireless card and Venturi driver while a client disconnect occurred, the event log reports the following:
Solutions:
- Check the Application, System, and AnyConnect event logs for a relating disconnect event and determine if a NIC card reset was applied at the same time.
- Ensure that the Venturi driver is up to date. Disable Use Rules Engine in the 6.7 version of the AT&T Communications Manager.
For additional information on AnyConnect licensing on the RV340 series routers, check out the article AnyConnect Licensing for the RV340 Series Routers.
Active1 year, 11 months ago
I'm trying to VPN to my work place but Cisco AnyConnect fails after initiating a connection. It pops up an error that says
The VPN client failed to establish a connection
then it shows another error saying AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.
I've tried everything. Reinstalling, restarting, and various other things like disabling ICS (Internet Connection Sharing). I tried it on my laptop and the web-installer worked fine. It installed the client and connected perfectly ok so it must be something with this PC. I've been trying to figure this out for about 5 hours now and Googling doesn't help. Here's the message history from AnyConnect:[11/11/2013 1:55:55 PM] Ready to connect.[11/11/2013 1:57:05 PM] Contacting ---.---.---.---[11/11/2013 1:57:07 PM] Please enter your username and password.[11/11/2013 1:57:08 PM] User credentials entered.[11/11/2013 1:57:08 PM] Establishing VPN session...[11/11/2013 1:57:09 PM] Checking for profile updates...[11/11/2013 1:57:09 PM] Checking for product updates...[11/11/2013 1:57:10 PM] Checking for customization updates...[11/11/2013 1:57:10 PM] Performing any required updates...[11/11/2013 1:57:15 PM] Establishing VPN session...[11/11/2013 1:57:15 PM] Establishing VPN - Initiating connection...[11/11/2013 1:57:16 PM] Disconnect in progress, please wait...[11/11/2013 1:57:29 PM] Connection attempt has failed.[11/11/2013 1:59:31 PM] Ready to connect.
I tried turning off the firewall and anti-virus. I didn't think it would matter since my laptop uses the same firewall and anti-virus too and I didn't need to disable that. My laptop uses Windows 7 Home 64-bit and my PC that is failing is using Windows 7 Ultimate 64-bit.
Nathan74044 gold badges99 silver badges2929 bronze badges
LazyProgrammerLazyProgrammer
6 Answers
The solution for me was to disable Internet Connection Sharing (ICS).
To resolve this issue:
- Click the Windows
Start
button. - Click on
Control Panel
. - Set
View by:
toCategory
. - Click on
View network status and tasks
underNetwork and Internet
. - Click on
Change adapter settings
. - Look for
Shared
in theStatus
column and right-click that connection and clickProperties
. - Click the
Sharing
tab. - Clear the
Allow other network users to connect through this computer’s Internet connection
check box. - Click
OK
. - Reinstall Cisco AnyConnect.
74044 gold badges99 silver badges2929 bronze badges
I see that disabling ICS did not work for the OP, but it worked for me and many others, according to various forums, it seems.
It may be a ThinkPad-specific issue. Lenovo published an advisory article indicating that their Access Connections software interferes with AnyConnect. The solution is to disable ICS. I don't have a way to establish whether this is the actual reason for my problem, but the solution worked.
Nathan's answer on this page didn't work for me, because the
Allow other network users[...]
checkboxes were cleared for all the items anyway.I disabled ICS this way:
- Type
services.msc
into Windows' menu after you press the Start button. Right click on theservices.msc
that appears after it's finished searching, andRun as Administrator...
- Find
Internet Connection Sharing
, stop it and set it to be launchedManually
.
Community♦
Evgeni SergeevEvgeni Sergeev1,20422 gold badges1818 silver badges2929 bronze badges
I had this problem, and eventually my company support team fixed it by clicking the properties icon on the 'Cisco AnyConnect Secure Mobility Client' window.
On the Preferences tab of the window that appears, locate the 'Check for updates on VPN connect' tick box, and ensure its ticked. Then, when connecting to the VPN, the client looks to see if there are updates available, and installs itself.
I was not able to find this information on the day, but if I had, i'd have been able to reconnect to the company VPN - instead I got the sack, thanks Cisco!
Mark BurgessMark Burgess
If, your experience is similar to mine, where you have seemed to successfully authenticate, and then where you see the following two responses...
1) Pop-up shown as after what seems to be successful authentication
2) (Misleading) Message on AnyConnect taskbar window
.. it is quite likely that you have two users logged onto your client PC. That is, the local computer from which you are connecting to your office network..
The security risk is obvious. You can force a log-off on the other user, then it will work (**NB: Unsaved data for that user will be lost).
user919426user919426
Unfortunately, none of the above worked for me. I disabled/enabled my wireless network adapter and that resolved the issue.
AbhijeetAbhijeet
None of the options above worked for me. For me, it came down to a Wireshark capture. It turns out that most VPN users were trying to hit a 'wpad' server via wpad.mydomain.com. We have a wildcard lookup on mydomain.com, and so wpad.mydomain.com resolved there. It obviously failed to get proxy settings from that IP and came up with the error 'The VPN client failed to establish a connection'
To fix:
- Click on
Start Menu
- Choose
Control Panel
- Click on
Internet Options
- Go to
Connections
Tab - Click
LAN Settings
button - Uncheck
Automatically Detect Settings
- Click
OK
,OK
- restart Cisco AnyConnect and try again
BhavBhav