Hi Marvin,Thank you 

Anyconnect version is 4.7.04056

I had configured everything as stated in the link :- https://community.cisco.com/t5/security-documents/configure-sslvpn-on-cisco-cloud-services-router-1000v-csr1000v/ta-p/3156679

It worked good with local credentials. It all started after I executed following changes:-

Working good with the following :-

aaa authentication login sslvpn local
aaa authorization exec default local
aaa authorization network anyconnectvpn local

crypto ssl profile anyconnect-profile
match policy anyconnect-policy
aaa authentication user-pass list sslvpn
aaa authorization group user-pass list anyconnectvpn anyconnect-auth-policy
authentication remote user-pass

changes performed:-

ldap attribute-map ldap-username-map
map type sAMAccountName username

ldap server <Server1>
ipv4 <internalIP>
attribute map ldap-username-map
bind authenticate root-dn CN=Username,OU=XXX,DC=XXX,DC=XXX password
base-dn dc=XXX,dc=XXX

search-type nested

aaa group server ldap <servergroup>
server server1

aaa authentication login sslvpn group <servergroup> local   --> added group servergroup to authenticate using LDAP

as soon as We did this, authnetication success logs in debug messages. But, above reported logs and No valid certification authentication error at times on ANyconnect client.

Regards,

I don't see why those command would have had that effect. Unless somebody else can offer more insight, you might be best advised to open a TAC case.

Sure , I will see if they can support Lab router as it's testing purpose before we go with BYOL.

I did factory-reset and reconfigured it. AnyconnectwAnyconnect with local credentials and same error recurred after we modified authentication method list to use LDAP group first .

Regards,

Durga Prasad