I've customized the AnyConnect installer for several years, and for the first time, I can't get the installer to copy our three profiles into C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile.
What I've always done is to put our three .xml files into the \Profiles\vpn folder of the installer, modified the setup.hta file to pre-select the modules that we want to install, and used WinZip Self Extractor to zip things up and run Setup.exe. The installer seems to work perfectly, except that the profiles don't get copied over. When I browse to C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile, I'll see AnyConnectProfile.xsd like always, but I do see a folder I haven't seen before - MgmtTun.
I've also tried just running the installer with a stock setup.hta file (and our profiles in the \Profiles\vpn directory) and installing all of the modules - this also doesn't copy over the profiles.
Thanks in advance.
Yes - We opened a case with Cisco and they said that a bug report has been opened up. Here's what they wrote:
As per your query research I have noticed that the issue has been reported in the CSCvs40457 bug report recently open.
The bug will be resolved in the upcoming 4.8MR2 release, which is currently scheduled for the middle of January 2020. (about a month from now).
The best solution at this time is to deploy the AnyConnect Profile via some other means (manual install, SCCM, via WebDeploy, etc)
Is this problem fixed?
I installed the latest 4.8.03052 but still cannot copy XML profile into C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client with users account right.
C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client folder is not giving write permission to users account.
I used to copy XML profile with AnyConnect4.3 and it worked with users account.
I tried with AnyConnect4.9 but the result was same.
Maybe the nature of the problem what I am experiencing might be different so i will open the case with Cisco.
Cisco might change the product specification to increase the security.
It could also be if a third party endpoint protection program was upgraded or changed it may prevent AnyConnect from doing what it requires. I ran into that lately with TrendMicro.
I have asked TAC Japan and they answered that specification was changed like this. So there is no longer users permission for that folder.