Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
21554
Views
8
Helpful
7
Replies

AnyConnect - can't choose group

marek_k13
Level 1
Level 1

‎01-03-2014 11:47 AM - edited ‎02-21-2020 07:25 PM

Hello,

I've configured AnyConnect SSL VPN  for two connections profiles which can be chosen when I try to establish connection. Following aliases has been configured for those con profiles:

* Con1

* Con2

the problem is that every time when I try to select the second one (Con2)  from the group list it utomatically returns to the first one (con1). Generaly I am not able to choose Con2. It looks like the Con1 is  the default  and I can connect using only this profile. I've checked  the preferences.xml and preferences_global.xml files and the default group is not configured. What is more when I change the aliases name for those connection profiles to:

* 1Con2

* Con1

I can choose only 1Con2 so it seems that only the first con prof on the list can be used. Any ideas?

6 people had this problem
Labels:
0 Helpful
7 Replies 7

sauaggar
Level 1
Level 1

‎01-09-2014 11:17 AM

Hi,

Could you please check to see if there is any tunnel group lock configured in the group policy being used by CON2 profile. If it is configured for CON1 then it will force the clients to fall on the CON1 profile.

Regards,

Saurabh

0 Helpful

jarandmoen
Level 1
Level 1

‎02-12-2014 02:51 AM

Hi.

We got the exact same issue here.

This used to work (we have ten'ish groups published) and only changes we  are aware of is an upgrade of the AnyConnect client itself to 3.1.05152.  We are not sure if the client upgrade triggered this as it only  affected new users, so it took some time before we noticed it. Old users will default to the group they had at  upgrade time, but they are not able to select another group, they return to the previous. New ones are not  able to select group and returns to the first in the list.

TAC has been involved, but they found nothing special at their first attempt.

Did you got an resolution for this issue ?

0 Helpful

jarandmoen
Level 1
Level 1
In response to jarandmoen

‎02-12-2014 03:59 AM

Testing with an older version of AnyConnect (like 3.1.04059) solves this issue, so this seems related to latest release of AnyConnect.

0 Helpful

Brian Williams
Level 1
Level 1

‎02-12-2014 05:45 AM

I was able to manually edit the XML file in C:\Users\%name%\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client\preferences.xml

xxxxxxxxx

Which isnt really a viable solution for each user to make this change.

OR

I've been telling users to initiate the session via the web interface while picking the group wanted.

I am still waiting patiently for Cisco to fix the Anyconnect client.

jarandmoen
Level 1
Level 1
In response to Brian Williams

‎02-12-2014 05:52 AM

We ended up downgrading the client to 3.1.04066, that one seems to be ok.

I will join in the patient waiting for a fixed AnyConnect client

0 Helpful

hans.schroeder
Level 1
Level 1

‎03-06-2014 03:22 PM

I guess I will downgrade to the previous client, but shouldn't this be fixed since it's been 3 months?

(We just upgraded to the latest client a week ago)

0 Helpful

kjcogan01
Level 1
Level 1

‎05-29-2014 12:28 PM

When a user opens Cisco AnyConnect and goes to connect to "Host Name", the next box pops up asking for “Group, Username, and password” User selects "Con2", and it flips right back to "Con1".

The issue appears to be that Cisco AnyConnect fails to create the local preferences file under the users Windows profile.

The file is normally located at C:\Users\user.name\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client\Preferences.xml

Here is what the profile should look like upon successful connection to RSA.
__________________________________________________________________

<?xml version="1.0" encoding="UTF-8"?>

<AnyConnectPreferences>

<DefaultUser>User.Name</DefaultUser>

<DefaultSecondUser></DefaultSecondUser>

<ClientCertificateThumbprint></ClientCertificateThumbprint>

<ServerCertificateThumbprint></ServerCertificateThumbprint>

<DefaultHostName>Server/IP Address</DefaultHostName>

<DefaultHostAddress></DefaultHostAddress>

<DefaultGroup>Con2</DefaultGroup>

<ProxyHost></ProxyHost>

<ProxyPort></ProxyPort>

<SDITokenType></SDITokenType>

<ControllablePreferences></ControllablePreferences>

</AnyConnectPreferences>

 

Either edit the file that exists, or create a new "Preferences.xml" based off of the above profile.

Have the user close out of the Cisco AnyConnect Client by right clicking the icon in the system tray and select “Quit”

Copy the attached xml file to the following location.
C:\Users\User.Name\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client
If the directory structure does not exist, then create it “Cisco\ Cisco AnyConnect Secure Mobility Client”

Have the user Open Cisco AnyConnect and try to connect again.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents