Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7947
Views
0
Helpful
1
Replies

AnyConnect SBL Errors

stephensuley
Level 1
Level 1

‎09-27-2011 09:24 AM - edited ‎02-21-2020 05:37 PM

I have Anyconnect 2.5 + gina 2.5 installed and somewhat operation.

Its PLAP using Windows 7

The configuration seems to have worked as per the Cisco Anyconnect config guide, I can connect without any problems when logged into the desktop, but when I switch user and try to connect from the logon window I get this error;" Connection attempt has failed."

The AnyConnect event log contains the following errors relating to my self signed SSL cert assocayed with the AnyConnect profile.

Function: ConnectMgr::doConnectIfcConnect

File: .\ConnectMgr.cpp

Line: 1409

Invoked Function: ConnectIfc::connect

Return Code: -29949890 (0xFE37003E)

Description: CTRANSPORT_ERROR_UNTRUSTED_CERT_DISALLOWED_WITH_SBL

Function: CTransportWinHttp::handleRequestError

File: .\CTransportWinHttp.cpp

Line: 946

Untrusted certificate received from SG in Start Before Logon mode.

Function: ConnectIfc::TranslateStatusCode

File: .\ConnectIfc.cpp

Line: 2634

Invoked Function: ConnectIfc::TranslateStatusCode

Return Code: -29949890 (0xFE37003E)

Description: CTRANSPORT_ERROR_UNTRUSTED_CERT_DISALLOWED_WITH_SBL

Connection attempt failed. Please try again.

I was hoping someone could tell me how to correct this issue. I have tried installed the cert into my trusted CA authorities under my computer account, but that didn't seem to make a difference.

Im not sure if the solution is on the ASA, or within my windows client configuration.

My ASA is a 5510 with OS 8.4

Its a self signed certificate create as part of the Anyconnect setup wizzard in the ASDM.

Labels:
0 Helpful
1 Reply 1

stephensuley
Level 1
Level 1

‎09-27-2011 10:51 AM

I found the answer to my issue in this thread;

https://supportforums.cisco.com/thread/2105535

I am able to get past this error now, which is great.

But after I enter my username and password and click connect, it look slike its going to connect, but then I get this error message;

Unable to retrieve logon information to verify compliance with AnyConnect logon 
enforcement and VPN establishment profile settings. A VPN connection will not be 
established.
 
 The FAQ says this, but I'm not sure what I need to do to get this errror resolved...

 For the purposes of my lab , I am logging in with a local user account.
 
 I have no AAA server configured.
 
 Again I am able to login with the same account if I connect from the desktop, these errors only happen when using SBL.

Description    AnyConnect cannot enforce the user logon limit settings configured in the client profile because it cannot retrieve the local user login information. To ensure the protection of the private network, the VPN connection is not permitted.

Recommended User Response    Report the error to your organization's technical support.

Recommended Administrator Response    Verify secure gateway access to the AAA server.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents