Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4437
Views
0
Helpful
4
Replies

Anyconnect 3.0 , SBL and Certificate

Alessandro Pereira
Frequent Visitor
Frequent Visitor

‎06-15-2012 06:32 AM - edited ‎02-21-2020 06:08 PM

Hi,

I'm loosing my hope to find a way to configure SBL on Windows XP 32bit, I didnt tried on 7. When I start the pc, the screen of anyconnect apears and give a error that couldnt find the certificate. When I logon on Windows, anyconnect connects normally. On IE, I can enter on ASA 5540 Anyconnect Web Deployment with my certificate.

A part of XML:

<UseStartBeforeLogon UserControllable="true">true</UseStartBeforeLogon>

<AutomaticCertSelection UserControllable="false">true</AutomaticCertSelection>

<ShowPreConnectMessage>false</ShowPreConnectMessage>

<CertificateStore>All</CertificateStore>

<CertificateStoreOverride>true</CertificateStoreOverride>

<AutoConnectOnStart UserControllable="false">true</AutoConnectOnStart>

<MinimizeOnConnect UserControllable="false">true</MinimizeOnConnect>

<LocalLanAccess UserControllable="false">true</LocalLanAccess>

<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>

<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>

<AlwaysOn>true

<ConnectFailurePolicy>Open

<AllowCaptivePortalRemediation>false

<CaptivePortalRemediationTimeout>5</CaptivePortalRemediationTimeout>

</AllowCaptivePortalRemediation>

<ApplyLastVPNLocalResourceRules>false</ApplyLastVPNLocalResourceRules>

</ConnectFailurePolicy>

<AllowVPNDisconnect>true</AllowVPNDisconnect>

</AlwaysOn>

The certificate was generate by Windows Server, and is stored on User Store.

Thanks for efforts.

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Alessandro Pereira
Frequent Visitor
Frequent Visitor

‎06-15-2012 06:58 AM

I forgot to say, I'm with the lastest version os ASA 5540 8.4(4) and Anyconnect 3.0.08057.

0 Helpful

pauflana
Cisco Employee
Cisco Employee
In response to Alessandro Pereira

‎06-20-2012 04:57 PM

Did SBL ever work in your environment? 

0 Helpful

AndreasSchiffer
Community Member

‎08-23-2012 09:11 AM

Hi,

you have to install the certificate into the local machine certificate store otherwise AC isn't able to use it before the User has logged in.

In our Environment SBL works well with Windows XP/ 7 and cert auth!

Sent from Cisco Technical Support iPhone App

0 Helpful

motomjp-ybb
Community Member

‎04-13-2013 06:41 PM

Hi,

don't copy & paste the certificate.

import the certifcate into the local machine certificate store.

http://support.microsoft.com/kb/939616/en-us

0 Helpful
Customers Also Viewed These Support Documents