the issue most likely local to your mac ... what does the anyconnect profile looks like?

use cat or more command to see the contents. 

cat /opt/cisco/anyconnect/profile/AnyConnect.xml

more /opt/cisco/anyconnect/profile/AnyConnect.xml

This is a working profile on my laptop. I guess the area of interest is <CertificateStore>.

<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
	<ClientInitialization>
		<UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon>
		<AutomaticCertSelection UserControllable="true">true</AutomaticCertSelection>
		<ShowPreConnectMessage>false</ShowPreConnectMessage>
		<CertificateStore>All</CertificateStore>
		<CertificateStoreOverride>false</CertificateStoreOverride>
		<ProxySettings>Native</ProxySettings>
		<AllowLocalProxyConnections>false</AllowLocalProxyConnections>
		<AuthenticationTimeout>12</AuthenticationTimeout>
		<AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>
		<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
		<LocalLanAccess UserControllable="true">false</LocalLanAccess>
		<DisableCaptivePortalDetection UserControllable="false">false</DisableCaptivePortalDetection>
		<ClearSmartcardPin UserControllable="true">true</ClearSmartcardPin>
		<IPProtocolSupport>IPv4,IPv6</IPProtocolSupport>
		<AutoReconnect UserControllable="false">true
			<AutoReconnectBehavior UserControllable="false">ReconnectAfterResume</AutoReconnectBehavior>
		</AutoReconnect>
		<AutoUpdate UserControllable="true">true</AutoUpdate>
		<RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
		<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
		<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
		<AutomaticVPNPolicy>false</AutomaticVPNPolicy>
		<PPPExclusion UserControllable="false">Automatic
			<PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP>
		</PPPExclusion>
		<EnableScripting UserControllable="false">false</EnableScripting>
		<EnableAutomaticServerSelection UserControllable="true">false
			<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
			<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
		</EnableAutomaticServerSelection>
		<RetainVpnOnLogoff>false
		</RetainVpnOnLogoff>
		<AllowManualHostInput>true</AllowManualHostInput>
	</ClientInitialization>
</AnyConnectProfile>

You can compare or copy/paste this profile and test.

Have you tried to re-install AC? I am using ver 4.7.04056

Hi, I dont even have this file on my disk.


mbp ~ % cd /opt/cisco/anyconnect/profile/

mbp profile % ls

AnyConnectProfile.xsd mgmttun

mbp profile % ls -la

total 184

drwxr-xr-x 4 root wheel 128 19 Jun 2019 .

drwxr-xr-x 16 root wheel 512 20 Jun 22:39 ..

-rw-r--r-- 1 root wheel 92913 19 Jun 2019 AnyConnectProfile.xsd

drwxr-xr-x 3 root wheel 96 19 Jun 2019 mgmttun

hm, I tried with v. 4.8 and v 4.9.
Let me try to uninstall these and rollback to 4.7. (if it is still downloadable).
Ty.

Might worth a try .. how about if you create a file with this name "AnyConnect.xml" and paste the contents of my profile (profile doesn't have anything user-specific).

This how my profile directory looks like - 

├── profile
│   ├── ABC3ASAProfile.xml
│   ├── AnyConnect.xml
│   ├── AnyConnectProfile.xsd
│   └── mgmttun
│     └── AnyConnectProfile.xsd

1 directory, 4 files

Contents of ABC3ASAProfile.xml are exactly the same as AnyConnect.xml

I use Devent site to download AC - https://developer.cisco.com/site/sandbox/anyconnect/

So, I installed v 4.7 and also now I don't have the mentioned .xml file created.

I will now create your file and test again. TY