When one of our user tries to connect to a business client's (BC) VPN using Cisco AnyConnect VPN Client Version 2.3.2016 the user receives the following error:
"Login Denied. Your environment does not meet the access criteria defined by your administrator."
After first initial install of Cisco AnyConnect (CAC) the user was able to access the VPN. The user states nothing was done differently that would of caused the error. I've contacted the BC's network admin and the admin states it is something to do with the PC, not the VPN.
I have completely uninstalled the client, to include removing registry entries and reinstalling the application with no change. The only way I have been successful in connecting to the BC's VPN whenever running the application as an administrator I am able to log into the VPN, which leads me to believe it's either a Window's profile issue or a permissions issue. To rule out the permissions issue I provided full control over the Cisco directory, however the issue still was not resolved.
Short of creating a new profile for the user, I'm all out of ideas. Does anyone know what causes this error or what the possible fix might be? I've scoured the web in search of a resolution, however there is only really one thread that describes this issue and the resolution lies with the administrator of the ASA.
Any suggestions or ideas would be great.
Do u have any sort of DAP configured on the ASA? You usually get the message when DAP denies access to a user.
If you have dap configured run a debug dap trace and debug dap error on the ASA to see if the right DAP policies are hit.
Can someone please delete the reply from @rahgovin or add a feature to mark it unhelpful? The OP is clearly the end user on the client side and not the ASA admin and this post was made without reading the OP.