Cisco anyconnect ошибка not available

After deploying windows information protection CISCO Anyconnect VPN application is not working. It says VPN service is not available. I have checked in services.msc, it is still running and start up is in Automatic only.

Any idea?? Thanks

All replies

Thanks for posting in Microsoft TechNet Forum.

According to your description, it is recommended that you try to refer to the following link:

Sincerely hope that the methods mentioned in the link will be helpful to you.

Note: This is a third-party link and we do not have any guarantees on this website. This is just for your convenience. And Microsoft does not make any guarantees about the content.

Броски AnyConnect Cisco: сервис VPN не доступный

все было хорошо. Единственное, что я подозреваю, это изменение файла hosts. Я восстановил его. Я пробовал много вещей, таких как промывка сокетов и добавления rn в файле hosts. Он работал то и дело ломались снова.

Я использую Windows 7 64-бит и Cisco AnyConnect 3.1.5152.

6 ответов

У меня была та же проблема. Я проверил услуги.msc для сервиса Cisco AnyConnect и нашел, что это было отключено по какой-то причине. Я просто изменил тип сервиса на автоматический и запустил его, что решило проблему. Надеюсь, это поможет.

Я просто перезапустил сервис Cisco AnyConnect, и это очистило его для меня.

The vpn service is not available exiting cisco что делать

Решение Cisco VPN работает довольно хорошо в Windows 10, если мы посмотрим на отчеты. Наиболее заметные проблемы появляются только после серьезных обновлений, которые могут сломать приложение. Они не распространены, но, с другой стороны, они делают клиент VPN полностью непригодным для использования. По крайней мере, так было в случае с Fall Creators Update и April Update.

Тем не менее, нет необходимости беспокоиться. Мы нашли некоторые подходящие шаги и зачислили их ниже, поэтому обязательно ознакомьтесь с ними.

Как исправить проблемы Cisco VPN в Windows 10

1. Ремонт установки
2. Разрешить VPN свободно общаться через брандмауэр
3. Настроить реестр
4. Выполните чистую переустановку

1: Ремонт установки

Начнем с ремонта установки. Многие сторонние приложения, как правило, ломаются после выполнения крупного обновления. Вот почему всегда рекомендуется переустанавливать их после установки обновления.

Еще лучше, если вы хотите избежать одной из многочисленных ошибок обновления / обновления, удаление является жизнеспособным выбором. Однако, если вы не удалили Cisco VPN до обновления, вместо переустановки, вы должны сначала попробовать восстановить текущую установку.

Если вы не знаете, как восстановить Cisco VPN, выполните действия, описанные ниже:

В панели поиска Windows введите Control и откройте панель управления.

2. Разрешить VPN свободно общаться через брандмауэр

Обновления системы могут довольно часто изменять системные настройки и предпочтения на значения по умолчанию. Этот проступок, конечно, может повлиять и на настройки Защитника Windows. В таком случае есть вероятность, что многие сторонние приложения, которым требуется бесплатный трафик через брандмауэр, не будут работать. Включая клиент Cisco VPN.

• Читайте также: FIX: не удалось инициализировать подсистему подключения в Cisco AnyConnect ошибка в Windows

Вот почему мы рекомендуем вам проверить настройки и убедиться, что приложение действительно разрешено в настройках брандмауэра Windows. Вот что вам нужно сделать:

1. На панели поиска Windows введите Разрешить приложение и откройте « Разрешить приложение через брандмауэр Windows ».
2. Нажмите Изменить настройки.
3. Убедитесь, что Cisco VPN находится в списке и ему разрешено обмениваться данными через брандмауэр Windows. Если это не так, нажмите « Разрешить другое приложение » и добавьте его.

3: настроить реестр

Как и многие другие решения для интеграции VPN, Cisco VPN поставляется со специальным связанным виртуальным сетевым адаптером. Отказ этого устройства является еще одним распространенным явлением, и он сопровождается кодом ошибки 442. Первое, что вы можете сделать, если эта ошибка возникает, это проверить драйвер виртуального адаптера в диспетчере устройств.

• Читайте также: CCleaner совместим с Windows 8.1, 10

Вот где это можно найти:

1. Щелкните правой кнопкой мыши кнопку «Пуск» и откройте диспетчер устройств.
2. Разверните Сетевые адаптеры.

Теперь, если это не решит проблему, вы можете попробовать настройку реестра, которая, кажется, полностью ее устраняет. Это требует административного разрешения для внесения изменений в Реестр. Кроме того, мы настоятельно рекомендуем действовать осторожно, поскольку неуместное вмешательство в реестр может привести к системному отказу.

Выполните следующие действия, чтобы настроить реестр и восстановить Cisco VPN:

1. Введите regedit в строке поиска Windows и откройте редактор реестра.
2. Скопируйте и вставьте следующий путь в адресную строку: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesCVirtA

4: выполнить чистую переустановку

Наконец, если ни одно из предыдущих решений не позволило использовать Cisco VPN, единственное оставшееся решение, которое мы можем предложить, — это выполнить чистую переустановку. В идеале это потребует установки с чистого листа, при которой вы удалите все оставшиеся связанные файлы с вашего ПК до повторной установки Cisco VPN.

• ЧИТАЙТЕ ТАКЖЕ: Интернет-трафик утроится к 2020 году, согласно оценкам Cisco

Выполните следующие действия, чтобы выполнить чистую переустановку и исправить Cisco VPN в Windows 10:

1. Перейдите в Панель управления и откройте Удаление программы.
2. Удалите клиент Cisco Systems VPN.
3. Запустите Ashampoo Uninstaller (или любой другой сторонний очиститель).
4. Перейдите в системный раздел и удалите все, что связано с Cisco, из папки «Программы».
5. Загрузите клиент Cisco VPN здесь.
6. Установите клиент и попробуйте запустить его.

Если это не помогло, попробуйте связаться со службой поддержки, поскольку они, скорее всего, помогут вам наилучшим образом.

Вот и все. Если у вас есть какие-либо альтернативные решения, которыми вы хотите поделиться с нами, не стесняйтесь сделать это в разделе комментариев ниже.

Исправлено: Wi-Fi не работает на ноутбуке, но работает на других устройствах

Несмотря на свои недостатки, Wi-Fi, безусловно, является наиболее распространенным способом просмотра Интернета без физического подключения к маршрутизатору. Таким образом, ноутбук является ценным активом по сравнению с настольным ПК. Однако, позволяя вам свободно перемещаться, беспроводная связь более подвержена проблемам с подключением. И еще несколько .

Исправлено: устройство крана домена vpn не работает на hamachi vpn

Из Hamachi VPN выдает всевозможные ошибки доменного устройства, используйте это краткое руководство для устранения этой проблемы.

Исправлено: vpn не удалось загрузить настройки на cisco anyconnect

Если вашей VPN не удалось загрузить настройки, вы можете это исправить, переустановив клиент, удалив папку Cisco или изменив настройки безопасности.

AnyConnect VPN Client Troubleshoot TechNote for MAC OSX Machines

Available Languages

Download Options

Contents

Introduction

This document briefly describes the possible error messages that appear during the installation of AnyConnect VPN client on Apple MAC machines and their corresponding resolutions.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

Cisco ASA Security Appliance that runs software version 8.x

Cisco IOS ® Router that runs Cisco IOS Software Release 12.4(20)T

Cisco AnyConnect Client software version 2.x

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Error Messages

This section shows a list of error messages along with the solutions.

Package Corrupt Error Message

When AnyConnect 2.3 is launched from an Apple MAC machine, the Anyconnect Package corrupt or unavailable error message appears and eventually, the connection attempt fails.

Solution

This can be a problem with the absence of the MAC-related AnyConnect package on the flash of the router. Upload the suitable AnyConnect package for MAC in order to resolve this issue. Upload the corresponding AnyConnect package, which depends upon the MAC architecture. For MACs on the Intel processor, you need the i386 macos image and for MACs that run the Power PC processor (PPC) you need the powerpc macos image. These are example packages for your reference:

Split DNS Issues

When split DNS is enabled on an AnyConnect setup, it is found that all the DNS queries are sent in clear but not tunneled. This is a problem with only the Apple MAC machines and works fine with Windows machines.

Solution

SVC Error Message

The launch of AnyConnect from a Macbook Pro running OSX Leopard is not successful. The VPN gateway is ASA running 8.0.4. The connection fails and the SVC Message: 16/ERROR: Initialization failure (mem allocfailed, etc.) error message appears.

Solution

This can be a problem with the way the MAC machine attempts to connect to the ASA. First verify if any IPv6 adaptors are enabled on the MAC machine and check if MAC tries to contact ASA over the IPv6 network. If so, it fails as the IPv6 is not supported with AnyConnect. In order to resolve this, disable the IPv6 related services on the MAC machine and try to connect with an IPv4 address.

Web-based Installation Error Message when AnyConnect is Launched on MAC

There are intermittent issues with you launch the AnyConnect version 2.5 on the MAC with OSX 10.5.6. The web-based installation was unsuccessful error message appears. At that time, you are unable to download and install AnyConnect, and the browser used is Firefox. If you reboot the MAC machine, this fixes the issue temporarily, but intermittently, the issue happens again.

Solution

Verify if your VPN gateways are connected in Load-balancer mode. If it is connected, then there could be some DNS cache-related issues that cause improper DNS redirects. In order to resolve this issue, always try to map the DNS URL to connect to one specific VPN gateway only.

MAC OSX 10.6.3 is Unable to get to Internet

When you use the AnyConnect on a MAC machine, you can access the Internal Corporate network but you are unable to browse to the Internet. It neither works by FQDN nor by IP address. There is a proxy server in use for Internet traffic.

Solution

The issue can be due to the length of the PMTU. Verify the existing MTU size on the VPN gateway, for example, ASA and modify it to a lesser value. In this sample output, the mtu size is reduced to 1204 from existing 1400.

AnyConnect on MAC fails to launch to Cisco IOS Router

The attempt to launch AnyConnect in standalone mode to a Cisco IOS ® Router running Cisco IOS Software Release 12.4(20)T is unsuccessful. The anyconnect internal error (state: not connected) error message appears.

Solution

Cisco IOS Software Release 12.4(20)T supports AnyConnect on MAC in standalone mode without any problem. In order to resolve this, try to use the complete URL when you connect to the Cisco IOS head-end device. This is a sample URL:

If this issue persists, contact Cisco TAC (registered customers only) for further troubleshooting.

Note: You need to have valid Cisco user credentials to contact Cisco TAC.

Wireless CSSC for an Apple MAC

Currently, the NAM module on the AnyConnect 3.0 product replaces the Cisco Secure Services Client (CSSC). Refer to Network Access Manager (Replacement for CSSC) for more information. There is no current plan to enable NAM to support MAC OSX platform.

Unable to Upgrade Firefox while AnyConnect is Installed on MAC

This error message appears when you upgrade Firefox on Apple machine version 10.6:

On machines that use softtokens, this error message appears:

It is observed that these MAC machines have AnyConnect version 2.5 installed. The current version of Firefox is 3.6.13.

Solution

Uninstall AnyConnect, upgrade Firefox and then install AnyConnect again.

Uninstall the current version of firefox then install the new version. All other upgrades after this should work fine.

Web-based Installation of AnyConnect Hangs

The authentication phase works fine but the VPN system hangs at the Using Sun Java for installation phase.

Solution

The issue could be with the Java and Web applet settings on the machine. Sometimes, Java gets stuck when you use the web launch with MAC machine. Refer to Cisco bug ID CSCtq86368 (registered customers only) for more information. In order to resolve this issue, follow the below steps.

Open Java preferences.

Change to run applets in their own process.

Drag the 32 bit Java on top.

If this does not help, upgrade the AnyConnect client to the latest available release.

Unable to Launch AnyConnect on MAC

You are unable to launch AnyConnect on the MAC machine due to certain incompatible software. What are other options to use this MAC machine as a remote access VPN client?

Solution

Refer to What options do I have for providing remote access to Mac users? for more information. Refer to IPSec VPN client for Apple MAC for more information and complete details.

Unable to Download the MAC AnyConnect Package

There are issues when you download the AnyConnect for MAC software from Cisco.com.

Solution

Open the Cisco AnyConnect VPN Client home page and click on Download Software (registered customers only) on the right hand side of the web page. Choose the required software package and download with valid Cisco user credentials.

Источник

Question: Q: Cisco AnyConnect VPN stopped working today, why?

Nothing has changed on tehe VPN server side our network admins says, but was working fine yesterday morning on the 25.feb 2020, but this morning our Macs fails to connect to our ASA gateway. Was running versions of Cisco AnyConnect More Less

Posted on Feb 26, 2020 2:10 AM

Uninstalled previous version, tried different other version like 4.7, 4.8 unstalled them as well and the stroke luck with v.4.4.02034, ran v.4.1 yesterday all on MacOS 10.14.6

Posted on Feb 26, 2020 5:50 AM

Loading page content

Page content loaded

Don’t see any overlapping between local IP range from WiFi cnx and VPN IP assigned range, as many others have states as a possible RC for the Unable to verify routing table modifications.

Output from VPN connect attemps of version 4.7.00136:

>> notice: Establishing VPN session.

>> notice: The AnyConnect Downloader is performing update checks.

>> notice: Checking for profile updates.

>> notice: Checking for product updates.

>> notice: Checking for customization updates.

>> notice: Performing any required updates.

>> notice: The AnyConnect Downloader updates have been completed.

>> notice: Establishing VPN session.

>> notice: Disconnect in progress, please wait.

>> error: The VPN client was unable to successfully verify the IP forwarding table modifications. A VPN connection will not be established.

>> notice: Ready to connect.

Feb 26, 2020 2:21 AM

successfully got v.4.4.02034 working!

Feb 26, 2020 3:39 AM

Good you got it working. Just a data point: I am successfully running MacOS 10.4.6 and Cisco VPN 4.6.04054.

Feb 26, 2020 5:13 AM

What did you do to get this working? I too woke up this morning to the same No components loaded error and am running Mojave.

Feb 26, 2020 5:44 AM

Uninstalled previous version, tried different other version like 4.7, 4.8 unstalled them as well and the stroke luck with v.4.4.02034, ran v.4.1 yesterday all on MacOS 10.14.6

Feb 26, 2020 5:50 AM

Thanks for the response! Additional question, how are you accessing various versions to attempt and download? I ahve only ever used one version.

Feb 26, 2020 5:58 AM

We had the same exact issue yesterday with version 4.2.01035. «No components loaded». It was working fine the day before. I ended up packing and deploying 4.8 which works. However, I have a support ticket with Cisco and sent them logs using the Diagnostic Reporting Tool to find out why that happened. What worries me is it could happen again in the future with another version. Will reply back once I get an answer, hopefully.

Feb 27, 2020 9:45 AM

Had this exact same issue — I have AnyConnect v.4.1.08005 on my work laptop, hasn’t been updated since 2015. Yesterday all of a sudden I got this «No components loaded» modal as soon as I opened the AC client. Opened a ticket with the company helpdesk but couldn’t wait for a response so I did my own investigation. I still don’t know why AC suddenly stopped working, but I did find a solution:

I have no idea if this is supported by my company and it wasn’t easy to configure, but it does work. I had to know where my certificate is (and how to export it from Keychain), where my AnyConnect profile is (I had a few, so I had to know which one to use), and the tunnel group I belong to. Hope this helps!

Источник

Basic Troubleshooting on Cisco AnyConnect Secure Mobility Client Errors

Available Languages

Download Options

Objective

The objective of this document is to show you basic troubleshooting steps on some common errors on the Cisco AnyConnect Secure Mobility Client. When installing the Cisco AnyConnect Secure Mobility Client, errors may occur and troubleshooting may be needed for a successful setup.

Note that the errors discussed in this document is not an exhaustive list and varies with the configuration of the device used.

For additional information on AnyConnect licensing on the RV340 series routers, check out the article AnyConnect Licensing for the RV340 Series Routers.

Software Version

Basic Troubleshooting on Cisco AnyConnect Secure Mobility Client Errors

Note: Before attempting to troubleshoot, it is recommended to gather some important information first about your system that might be needed during the troubleshooting process. To learn how, click here.

1. Problem: Network Access Manager fails to recognize your wired adapter.

Solution: Try unplugging your network cable and reinserting it. If this does not work, you may have a link issue. The Network Access Manager may not be able to determine the correct link state of your adapter. Check the Connection Properties of your Network Interface Card (NIC) driver. You may have a «Wait for Link» option in the Advanced Panel. When the setting is On, the wired NIC driver initialization code waits for auto negotiation to complete and then determines if a link is present.

2. Problem: When AnyConnect attempts to establish a connection, it authenticates successfully and builds the Secure Socket Layer (SSL)session, but then the AnyConnect client crashes in the vpndownloader if using Label-Switched Path (LSP) or NOD32 Antivirus.

Solution: Remove the Internet Monitor component in version 2.7 and upgrade to version 3.0 of ESET NOD32 AV.

3. Problem: If you are using an AT&T Dialer, the client operating system sometimes experiences a blue screen, which causes the creation of a mini dump file.

Solution: Upgrade to the latest 7.6.2 AT&T Global Network Client.

4. Problem: When using McAfee Firewall 5, a User Datagram Protocol (UDP)Datagram Transport Layer Security (DTLS) connection cannot be established.

Solution: In the McAfee Firewall central console, choose Advanced Tasks > Advanced options and Logging and uncheck the Block incoming fragments automatically check box in McAfee Firewall.

5. Problem: The connection fails due to lack of credentials.

Solution: The third-party load balancer has no insight into the load on the Adaptive Security Appliance (ASA) devices. Because the load balance functionality in the ASA is intelligent enough to evenly distribute the VPN load across the devices, using the internal ASA load balancing instead is recommended.

6. Problem: The AnyConnect client fails to download and produces the following error message:

Solution: Upload the patch update to version 1.2.1.38 to resolve all dll issues.

7. Problem: If you are using Bonjour Printing Services, the AnyConnect event logs indicate a failure to identify the IP forwarding table.

Solution: Disable the Bonjour Printing Service by typing net stop “bonjour service” at the command prompt. A new version of mDNSResponder (1.0.5.11) has been produced by Apple. To resolve this issue, a new version of Bonjour is bundled with iTunes and made available as a separate download from the Apple web site.

8. Problem: An error indicates that the version of TUN or network tunnel is already installed on this system and is incompatible with the AnyConnect client.

Solution: Uninstall the Viscosity OpenVPN Client.

9. Problem: If a Label-Switched Path (LSP) module is present on the client, a Winsock catalog conflict may occur.

Solution: Uninstall the LSP module.

10. Problem: If you are connecting with a Digital Subscriber Line (DSL) router, DTLS traffic may fail even if successfully negotiated.

Solution: Connect to a Linksys router with factory settings. This setting allows a stable DTLS session and no interruption in pings. Add a rule to allow DTLS return traffic.

11. Problem: When using AnyConnect on some Virtual Machine Network Service devices, performance issues have resulted.

Solution: Uncheck the binding for all IM devices within the AnyConnect virtual adapter. The application dsagent.exe resides in C:WindowsSystemdgagent. Although it does not appear in the process list, you can see it by opening sockets with TCPview (sysinternals). When you terminate this process, normal operation of AnyConnect returns.

12. Problem: You receive an “Unable to Proceed, Cannot Connect to the VPN Service” message. The VPN service for AnyConnect is not running.

Solution: Determine if another application conflicted with the service by going to the Windows Administration Tools then make sure that the Cisco AnyConnect VPN Agent is not running. If it is running and the error message still appears, another VPN application on the workstation may need to be disabled or even uninstalled. After taking that action, reboot, and repeat this step.

13. Problem: When Kaspersky 6.0.3 is installed (even if disabled), AnyConnect connections to the ASA fail right after CSTP state = CONNECTED. The following message appears:

Solution: Uninstall Kaspersky and refer to their forums for additional updates.

14. Problem: If you are using Routing and Remote Access Service (RRAS), the following termination error is returned to the event log when AnyConnect attempts to establish a connection to the host device:

Solution: Disable the RRAS service.

15. Problem: If you are using a EVDO wireless card and Venturi driver while a client disconnect occurred, the event log reports the following:

Solutions:

If you encounter other errors, contact the support center for your device.

For further information and community discussion on AnyConnect licensing updates, click here.

Источник

VPN Clients For Mac OS X FAQ

Available Languages

Contents

Introduction

This document answers frequently asked questions about Cisco’s VPN Client solutions available on Mac OS X.

Tip: Cisco recommends that you migrate to the AnyConnect VPN Client for both Secure Sockets Layer (SSL) as well as IPsec. The built-in IPsec client on Mac OS is an Apple product, so any questions/upgrades/bug fixes and other issues on the client side need to be addressed by Apple while the Cisco Remote Access VPN client is EOS. Therefore, no fixes will be put in for this client.

General Questions

Q. What options do I have in order to provide remote access to Mac users?

There are three VPN Client solutions that can be implemented, dependent upon the Mac OS Version.

Mac OS X 10.5
Leopard

Mac OS X 10.6
Snow Leopard

Mac OS X 10.7
Lion

Mac OS X 10.8
Mountain Lion

Mac OS X 10.9
Mavericks

VPN Client	Technology/Protocol	Mac OS X 10.10 Yosemite	Mac OS X 10.11 El Capitan
Mac Built-in VPN Client	IPsec	X	X	X	X	X	X
Cisco Remote Access IPsec Client	IPsec	X	X
Cisco AnyConnect Secure Mobility Client	SSL, IKEv2/IPsec	X*	X	X**	X***	X	X	X****

*Mac OS X 10.5 (Leopard) is no longer supported in AnyConnect Release 3.1. Also, PowerPC support was dropped in Release 3.0 and later.
**Mac OS X 10.7 (Lion) is supported in AnyConnect Releases 2.5.3051 and 3.0.3054 and later.
***Mac OS X 10.8 (Mountain Lion) is supported in AnyConnect Releases 3.0.08057 and 3.1 and later.
****MAC OS X 10.11 (El Capitan) is supported in Anyconnect 4.1.04011 and later. El Capitan support will not be provided in AnyConnect 3.x as new OS support ended in July 2015. Refer to End-of-Sale and End-of-Life Announcement for the Cisco AnyConnect Secure Mobility Client Version 3.x.

Q. How do I uninstall Cisco VPN Client on Mac OS X?

In order to uninstall the Cisco VPN Client, complete these steps:

Q. What are the feature differences between the Cisco Remote Access VPN Client and AnyConnect VPN Client?

This is beyond the scope of this document, but fundamentally SSL VPN has more features than the Cisco Remote Access Software VPN Client as it is a newer technology and new features are rolled into each new release of AnyConnect. The latest AnyConnect Mobility Client, Version 3.0, includes the same feature-rich support for both SSL VPN and IKEv2.

IPsec VPN Questions

Q. If I want to use IPsec, should I use the built-in Mac VPN Client or the Cisco Remote Access VPN Client?

A. Although it is possible to use either VPN Client, the advantages of each are explained here.

Note: Cisco recommends that you use AnyConnect, which allows you to take advantage of Next Generation Encryption (NGE) ciphers and advancements in the IKEv2 protocol.

Mac VPN Client

Cisco Remote Access VPN Client

Q. How do I configure the Mac built-in VPN Client?

In Mac OS X 10.6 and later:

Q. I tried to use the built-in Mac Client on Lion, but I receive a phase 2 mismatch. What should I do?

If your Microsoft Windows clients work or your older Macs that use the Cisco Remote Access VPN Clients work, and only the Lion machines do not seem to be able to connect, then it is likely a phase 2 mismatch issue. You see this error message if you enable ‘debug crypto ipsec’ on the ASA. This essentially means the transform sets used probably do not support the encryption used by the Mac built-in client. For Lion, the client uses 3DES or AES. It does not support DES. In order to work around this issue, either switch the transform set to use 3DES completely or add multiple transform sets as shown here:

This issue is usually caused by running an ASA software release earlier than Release 8.4. The later ASA software comes with all transforms sets defined by default, so additional configuration is not required to make it work.

Q. Are there any compatibility issues with the Cisco Remote Access VPN Client?

Refer to the Software Release Notes first for compatibility guidelines. Note the Error 51 compatibility issue between the Cisco Remote Access VPN Client and 64-bit Mac kernel mentioned later in this document.

Q. Where can I download the Cisco Remote Access VPN Client?

Note: The VPN Client v5.x was only released for Windows PCs. The latest Mac release is v4.9.

Q. I tried to use Cisco VPN Client, but received Error 51. What should I do?

Q. Does the built-in Mac VPN Client support ESP-NULL transforms?

No, the built-in client does not support this transform set.

Источник

Available Languages

Download Options

Contents

Introduction

This document describes a troubleshooting scenario which applies to applications that do not work through the Cisco AnyConnect VPN Client.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on a Cisco Adaptive Security Appliance (ASA) that runs Version 8.x.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Troubleshooting Process

This typical troubleshooting scenario applies to applications that do not work through the Cisco AnyConnect VPN Client for end-users with Microsoft Windows-based computers. These sections address and provide solutions to the problems:

Installation and Virtual Adapter Issues

Complete these steps:

Note: Hidden folders must be made visible in order to see these files.

If you see errors in the setupapi log file, you can turn up verbosity to 0x2000FFFF.

If this is an initial web deploy install, this log is located in the per-user temp directory.

If this is an automatic upgrade, this log is in the temp directory of the system:

The filename is in this format: anyconnect-win-x.x.xxxx-k9-install-yyyyyyyyyyyyyy.log. Obtain the most recent file for the version of the client you want to install. The x.xxxx changes based on the version, such as 2.0.0343, and yyyyyyyyyyyyyy is the date and time of the install.

Note: After you type into this prompt, wait. It can take between two to five minutes for the file to complete.

Windows XP and Windows Vista:

Refer to AnyConnect: Corrupt Driver Database Issue in order to debug the driver issue.

Disconnection or Inability to Establish Initial Connection

If you experience connection problems with the AnyConnect client, such as disconnections or the inability to establish an initial connection, obtain these files:

From the console of the ASA, type write net x.x.x.x:ASA-Config.txt where x.x.x.x is the IP address of a TFTP server on the network.

Note: Always save it as the .evt file format.

If the user cannot connect with the AnyConnect VPN Client, the issue might be related to an established Remote Desktop Protocol (RDP) session or Fast User Switching enabled on the client PC. The user can see the AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer. A VPN connection will not be established error message error on the client PC. In order to resolve this issue, disconnect any established RDP sessions and disable Fast User Switching. This behavior is controlled by the Windows Logon Enforcement attribute in the client profile, however currently there is no setting that actually allows a user to establish a VPN connection while multiple users are logged on simultaneously on the same machine. Enhancement request CSCsx15061 was filed to address this feature.

Note: Make sure that port 443 is not blocked so the AnyConnect client can connect to the ASA.

In order to resolve this issue, upgrade the AnyConnect client version to be compatible with the ASA software image.

When you log in the first time to the AnyConnect, the login script does not run. If you disconnect and log in again, then the login script runs fine. This is the expected behavior.

This error is seen when the AnyConnect image is missing from the ASA. Once the image is loaded to the ASA, AnyConnect can connect without any issues to the ASA.

This error can be resolved by disabling Datagram Transport Layer Security (DTLS). Go to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles and uncheck the Enable DTLS check box. This disables DTLS.

The svc keepalive and svc dpd-interval commands are replaced by the anyconnect keepalive and anyconnect dpd-interval commands respectively in ASA Version 8.4(1) and later as shown here:

Problems with Passing Traffic

When problems are detected with passing traffic to the private network with an AnyConnect session through the ASA, complete these data-gathering steps:

For example, if the VPN Client needs to access a resource which is not in the routing table of the VPN Gateway, the packet is routed through the standard default gateway. The VPN gateway does not need the complete internal routing table in order to resolve this. The tunneled keyword can be used in this instance.

AnyConnect Crash Issues

Complete these data-gathering steps:

When the crash occurs, gather the .log and .dmp files from C:Documents and SettingsAll UsersApplication DataMicrosoftDr Watson. If these files appear to be in use, then use ntbackup.exe.

Note: Always save it as the .evt file format.

Fragmentation / Passing Traffic Issues

Some applications, such as Microsoft Outlook, do not work. However, the tunnel is able to pass other traffic such as small pings.

This can provide clues as to a fragmentation issue in the network. Consumer routers are particularly poor at packet fragmentation and reassembly.

It is recommended that you configure a special group for users that experience fragmentation, and set the SVC Maximum Transition Unit (MTU) for this group to 1200. This allows you to remediate users who experience this issue, but not impact the broader user base.

Problem

TCP connections hang once connected with AnyConnect.

Solution

In order to verify if your user has a fragmentation issue, adjust the MTU for AnyConnect clients on the ASA.

Uninstall Automatically

Problem

The AnyConnect VPN Client uninstalls itself once the connection terminates. The client logs show that keep installed is set to disabled.

Solution

AnyConnect uninstalls itself despite that the keep installed option is selected on the Adaptive Security Device Manager (ASDM). In order to resolve this issue, configure the svc keep-installer installed command under group-policy.

Issue Populating the Cluster FQDN

Problem: AnyConnect client is pre-populated with the hostname instead of the cluster Fully Qualified Domain Name (FQDN).

When you have a load-balancing cluster set up for SSL VPN and the client attempts to connect to the cluster, the request is redirected to the node ASA and the client logs in successfully. After some time, when the client tries to connect to the cluster again, the cluster FQDN is not seen in the Connect to entries. Instead, the node ASA entry to which the client has been redirected is seen.

Solution

This occurs because the AnyConnect client retains the host name to which it last connected. This behavior is observed and a bug has been filed. For complete details about the bug, refer to Cisco bug ID CSCsz39019. The suggested workaround is to upgrade the Cisco AnyConnect to Version 2.5.

Backup Server List Configuration

A backup server list is configured in case the main server selected by the user is not reachable. This is defined in the Backup Server pane in the AnyConnect profile. Complete these steps:

AnyConnect: Corrupt Driver Database Issue

This entry in the SetupAPI.log file suggests that the catalog system is corrupt:

Repair

This issue is due to Cisco bug ID CSCsm54689. In order to resolve this issue, make sure that Routing and Remote Access Service is disabled before you start AnyConnect. If this does not resolve the issue, complete these steps:

Failed Repair

If the repair fails, complete these steps:

Analyze the Database

You can analyze the database at any time in order to determine if it is valid.

Error Messages

Error: Unable to Update the Session Management Database

Solution 1

This issue is due to Cisco bug ID CSCsm51093. In order to resolve this issue, reload the ASA or upgrade the ASA software to the interim release mentioned in the bug. Refer to Cisco bug ID CSCsm51093 for more information.

Solution 2

This issue can also be resolved if you disable threat-detection on ASA if threat-detection is used.

Error: «Module c:Program FilesCiscoCisco AnyConnect VPN Clientvpnapi.dll failed to register»

When you use the AnyConnect client on laptops or PCs, an error occurs during the install:

When this error is encountered, the installer cannot move forward and the client is removed.

Solution

These are the possible workarounds to resolve this error:

The log message related to this error on the AnyConnect client looks similar to this:

Error: «An error was received from the secure gateway in response to the VPN negotiation request. Please contact your network administrator»

When clients try to connect to the VPN with the Cisco AnyConnect VPN Client, this error is received.

This message was received from the secure gateway:

«Illegal address class» or «Host or network is 0» or «Other error»

Solution

The issue occurs because of the ASA local IP pool depletion. As the VPN pool resource is exhausted, the IP pool range must be enlarged.

Cisco bug ID is CSCsl82188 is filed for this issue. This error usually occurs when the local pool for address assignment is exhausted, or if a 32-bit subnet mask is used for the address pool. The workaround is to expand the address pool and use a 24-bit subnet mask for the pool.

Error: Session could not be established. Session limit of 2 reached.

Solution 1

This error occurs because the AnyConnect essential license is not supported by ASA version 8.0.4. You need to upgrade the ASA to version 8.2.2. This resolves the error.

Note: Regardless of the license used, if the session limit is reached, the user will receive the login failed error message.

Solution 2

This error can also occur if the vpn-sessiondb max-anyconnect-premium-or-essentials-limit session-limit command is used to set the limit of VPN sessions permitted to be established. If the session-limit is set as two, then the user cannot establish more than two sessions even though the license installed supports more sessions. Set the session-limit to the number of VPN sessions required in order to avoid this error message.

Error: Anyconnect not enabled on VPN server while trying to connect anyconnect to ASA

You receive the Anyconnect not enabled on VPN server error message when you try to connect AnyConnect to the ASA.

Solution

This error is resolved if you enable AnyConnect on the outside interface of the ASA with ASDM. For more information on how to enable AnyConnect on the outside interface, refer to Configure Clientless SSL VPN (WebVPN) on the ASA.

Error:- %ASA-6-722036: Group client-group User xxxx IP x.x.x.x Transmitting large packet 1220 (threshold 1206)

The %ASA-6-722036: Group User IP Transmitting large packet 1220 (threshold 1206) error message appears in the logs of the ASA. What does this log mean and how is this resolved?

Solution

This log message states that a large packet was sent to the client. The source of the packet is not aware of the MTU of the client. This can also be due to compression of non-compressible data. The workaround is to turn off the SVC compression with the svc compression none command. This resolves the issue.

Error: The secure gateway has rejected the agent’s vpn connect or reconnect request.

Solution

The router was missing pool configuration after reload. You need to add the concerned configuration back to the router.

The «The secure gateway has rejected the agent’s vpn connect or reconnect request. A new connection requires a re-authentication and must be started manually. Please contact the network administrator if the problem persists. The following message was received from the secure gateway: No License» error occurs when the AnyConnect mobility license is missing. Once the license is installed, the issue is resolved.

Error: «Unable to update the session management database»

Solution

This problem is related to memory allocation on the ASA. This issue is mostly encountered when the ASA Version is 8.2.1. Originally, this requires a 512MB RAM for its complete functionality.

As a permanent workaround, upgrade the memory to 512MB.

As a temporary workaround, try to free the memory with these steps:

Error: «The VPN client driver has encountered an error»

This is an error message obtained on the client machine when you try to connect to AnyConnect.

Solution

In order to resolve this error, complete this procedure in order to manually set the AnyConnect VPN agent to Interactive:

This sets the registry Type value DWORD to 110 (default is 010) for the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesvpnagent.

Note: If this is to be used, then the preference would be to use the .MST transform in this instance. This is because if you set this manually with these methods, it requires that this be set after every install/upgrade process. This is why there is a need to identify the application that causes this problem.

When Routing and Remote Access Service (RRAS) is enabled on the Windows PC, AnyConnect fails with the The VPN client driver has encountered an error. error message. In order to resolve this issue, make sure that Routing and RRAS is disabled before starting AnyConnect. Refer to Cisco bug ID CSCsm54689 for more information.

Error: «Unable to process response from xxx.xxx.xxx.xxx»

Solution

In order to resolve this error, try these workarounds:

Solution

This error message occurs mostly because of configuration issues that are improper or an incomplete configuration. Check the configuration and make sure it is as required to resolve the issue.

Secure VPN via remote desktop is not supported error message appears.

Solution

This issue is due to these Cisco bug IDs: CSCsu22088 and CSCso42825. If you upgrade the AnyConnect VPN Client, it can resolve the issue. Refer to these bugs for more information.

Error: «The server certificate received or its chain does not comply with FIPS. A VPN connection will not be established»

When you attempt to VPN to the ASA 5505, the The server certificate received or its chain does not comply with FIPS. A VPN connection will not be established error message appears.

Solution

true

false

Then, restart the computer. Users must have administrative permissions in order to modify this file.

Error: «Certificate Validation Failure»

Users are unable to launch AnyConnect and receive the Certificate Validation Failure error.

Solution

Certificate authentication works differently with AnyConnect compared to the IPSec client. In order for certificate authentication to work, you must import the client certificate to your browser and change the connection profile in order to use certificate authentication. You also need to enable this command on your ASA in order to allow SSL client-certificates to be used on the outside interface:

ssl certificate-authentication interface outside port 443

Error: «VPN Agent Service has encountered a problem and needs to close. We are sorry for the inconvenience»

When AnyConnect Version 2.4.0202 is installed on a Windows XP PC, it stops at updating localization files and an error message shows that the vpnagent.exe fails.

Solution

This behavior is logged in Cisco bug ID CSCsq49102. The suggested workaround is to disable the Citrix client.

Error: «This installation package could not be opened. Verify that the package exists»

When AnyConnect is downloaded, this error message is received:

«Contact your system administrator. The installer failed with the following error: This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.»

Solution

Complete these steps in order to fix this issue:

Error: «Error applying transforms. Verify that the specified transform paths are valid.»

This error message is recieved during the auto-download of AnyConnect from the ASA:

This is the error message received when connecting with AnyConnect for MacOS:

Solution

Complete one of these workarounds in order to resolve this issue:

If neither of these workarounds resolve the issue, contact Cisco Technical Support.

Error: «The VPN client driver has encountered an error»

This error is received:

Solution

This issue can be resolved when you uninstall the AnyConnect Client, and then remove the anti-virus software. After this, reinstall the AnyConnect Client. If this resolution does not work, then reformat the PC in order to fix this issue.

Error: «A VPN reconnect resulted in different configuration setting. The VPN network setting is being re-initialized. Applications utilizing the private network may need to be restored.»

This error is received when you try to launch AnyConnect:

Solution

In order to resolve this error, use this:

The svc mtu command is replaced by the anyconnect mtu command in ASA Version 8.4(1) and later as shown here:

AnyConnect Error While Logging In

Problem

The AnyConnect receives this error when it connects to the Client:

Solution

The issue can be resolved if you make these changes to the AnyConnect profile:

Add this line to the AnyConnect profile:

IE Proxy Setting is Not Restored after AnyConnect Disconnect on Windows 7

Problem

In Windows 7, if the IE proxy setting is configured for Automatically detect settings and AnyConnect pushes down a new proxy setting, the IE proxy setting is not restored back to Automatically detect settings after the user ends the AnyConnect session. This causes LAN issues for users who need their proxy setting configured for Automatically detect settings.

Solution

This behavior is logged in Cisco bug ID CSCtj51376. The suggested workaround is to upgrade to AnyConnect 3.0.

Error: AnyConnect Essentials can not be enabled until all these sessions are closed.

This error message is received on Cisco ASDM when you attempt to enable the AnyConnect Essentials license:

Solution

This is the normal behavior of the ASA. AnyConnect Essentials is a separately licensed SSL VPN client. It is entirely configured on the ASA and provides the full AnyConnect capability, with these exceptions:

This license cannot be used at the same time as the shared SSL VPN premium license. When you need to use one license, you need to disable the other.

Error: Connection tab on Internet option of Internet Explorer hides after getting connected to the AnyConnect client.

The connection tab on the Internet option of Internet Explorer hides after you are connected to the AnyConnect client.

Solution

This is due to the msie-proxy lockdown feature. If you enable this feature, it hides the Connections tab in Microsoft Internet Explorer for the duration of an AnyConnect VPN session. If you disable the feature, it leaves the display of the Connections tab unchanged.

Error: Few users getting Login Failed Error message when others are able to connect successfully through AnyConnect VPN

A few users receive the Login Failed Error message when others can connect successfully through the AnyConnect VPN.

Solution

This issue can be resolved if you make sure the do not require pre-authentication checkbox is checked for the users.

Error: The certificate you are viewing does not match with the name of the site you are trying to view.

During the AnyConnect profile update, an error is shown that says the certificate is invalid. This occurs with Windows only and at the profile update phase. The error message is shown here:

Solution

This can be resolved if you modify the server list of the AnyConnect profile in order to use the FQDN of the certificate.

This is a sample of the XML profile:

Cannot Launch AnyConnect From the CSD Vault From a Windows 7 Machine

When the AnyConnect is launched from the CSD vault, it does not work. This is attempted on Windows 7 machines.

Solution

Currently, this is not possible because it is not supported.

AnyConnect Profile Does Not Get Replicated to the Standby After Failover

The AnyConnect 3.0 VPN client with ASA Version 8.4.1 software works fine. However, after failover, there is no replication for the AnyConnect profile related configuration.

Solution

This problem has been observed and logged under Cisco bug ID CSCtn71662. The temporary workaround is to manually copy the files to the standby unit.

AnyConnect Client Crashes if Internet Explorer Goes Offline

When this occurs, the AnyConnect event log contains entries similar to these:

Solution

This behavior is observed and logged under Cisco bug ID CSCtx28970. In order to resolve this, quit the AnyConnect application and relaunch. The connection entries reappear after relaunch.

Error Message: TLSPROTOCOL_ERROR_INSUFFICIENT_BUFFER

The AnyConnect client fails to connect and the Unable to establish a connection error message is received. In the AnyConnect event log, the TLSPROTOCOL_ERROR_INSUFFICIENT_BUFFER error is found.

Solution

This occurs when the headend is configured for split-tunneling with a very large split-tunnel list (approximately 180-200 entries) and one or more other client attributes are configured in the group-policy, such as dns-server.

In order to resolve this issue, complete these steps:

For more information, refer to Cisco bug ID CSCtc41770.

Error Message: «Connection attempt has failed due to invalid host entry»

The Connection attempt has failed due to invalid host entry error message is received while AnyConnect is authenticated with the use of a certificate.

Solution

In order to resolve this issue, try either of these possible solutions:

For more information, refer to Cisco bug ID CSCti73316.

Error: «Ensure your server certificates can pass strict mode if you configure always-on VPN»

When you enable the Always-On feature on AnyConnect, the Ensure your server certificates can pass strict mode if you configure always-on VPN error message is received.

Solution

This error message implies that if you want to use the Always-On feature, you need a valid sever certificate configured on the headend. Without a valid server certificate, this feature does not work. Strict Cert Mode is an option that you set in the AnyConnect local policy file in order to ensure the connections use a valid certificate. If you enable this option in the policy file and connect with a bogus certificate, the connection fails.

Error: «An internal error occurred in the Microsoft Windows HTTP Services»

This Diagnostic AnyConnect Reporting Tool (DART) shows one failed attempt:

Also, refer to the event viewer logs on the Windows machine.

Solution

This could be caused due to a corrupted Winsock connection. Reset the connection from the command promt with this command and restart your windows machine:

netsh winsock reset

Error: «The SSL transport received a Secure Channel Failure. May be a result of a unsupported crypto configuration on the Secure Gateway.»

This Diagnostic AnyConnect Reporting Tool (DART) shows one failed attempt:

Solution

Windows 8.1 does not support RC4 according to the following KB update:

Either configure DES/3DES ciphers for SSL VPN on the ASA using the command «ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 des-sha1» OR edit the Windows Registry file on the client machine as mentioned below:

Источник

Я начал получать эту ошибку, когда я открываю Cisco AnyConnect,

VPN сервис недоступен

затем

служба агента vpn не отвечает Пожалуйста, перезапустите это приложение через минуту

все было хорошо. Единственное, что я подозреваю, это изменение файла hosts. Я восстановил его. Я пробовал много вещей, таких как промывка сокетов и добавления rn в файле hosts. Он работал то и дело ломались снова.

Я использую Windows 7 64-бит и Cisco AnyConnect 3.1.5152.

ссылка на Подробности события.

The VPN service is not available. Exiting on a MAC OS, Catalina 10.15.7 (19H1519)

MacBook Pro 13″,

macOS 10.15

Posted on Oct 28, 2021 9:46 AM

Posted on Dec 14, 2021 9:01 PM