Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
910
Views
0
Helpful
1
Replies

AnyConnect 3 Certificate Error on WinXP VPC VMs

bkellermann1
Level 1
Level 1

‎10-29-2015 09:15 AM - edited ‎02-21-2020 08:32 PM

Hey Guys -

 

Recently, we retired an old 2008 VDI / Cluster environment with ~300 VMs and moved on to a different solution.  There were about a dozen VMs which required WinXP and were not compatible with the new solution therefore we installed Microsoft Virtual PC (VPC) on their local laptop (Win7x64), copied the VHD from their VM, then created a local VM for each so that they may continue using it. 

We soon found an issue which hadn't been considered.  No matter how the VPC was configured, when the host was offsite and connected to our VPN via AnyConnect, the VPC VM would not be able to share or access the domain network.  After trying many things, I posted here and found out that the only solution was to install the client locally onto the VPC VM, itself. Since then, I've been trying to get it to work.

The Issue

Once AnyConnect and the profile / config is installed in the VM, I try to connect and immediately get the error "Connection attempt failed."  When I open AnyConnect, it says the reason is "“no valid certificates available for authentication.” 

Since receiving it, I've tried many different things to get it to work, but cannot get it to connect.  I've even compared the profile / configuration of the host (Win7) which successfully connects to the VM (WinXP) and despite being located in different system folders (due to OS difference), they are exactly the same.  I am trying to confirm with our network team that AnyConnect uses the IPSec certificate in the Personal store which exists on both OSs and for which I've even tried adding it's tumbprint into AnyConnect XML files without luck, but am still awaiting a reply.  

Environment Details

Below are details about the environment and issue.  

  • Host OS: Windows 7 SP1 x64  Enterprise (Close to fully patched)
  • VM OS: Windows XP SP3 x86 Professional (The XP VMs haven't been patched with MS Updates in a long, long time and have no support for IPv6.  Could this cause a similar issue based on the version of AnyConnect being used?  Just a thought...
  • Microsoft Virtual PC Config: x2 Virtual NICs (x1 set to the host's ethernet adapter and the other set to the host's wireless adapter)
  • Cisco AnyConnect 3.1.03103
  • Profile XML:  I've attached a copy of it which obviously has company specific data removed

If you need further information, please just let me know.  Otherwise, if you have any suggesetions - I'm ready for them  Thanks!

Labels:
Preview file
3 KB
0 Helpful
1 Reply 1

rvarelac
Level 7
Level 7

‎10-29-2015 08:26 PM

Hi , 

To be honest, I have not worked in a similar enviroment before , but could be that the Anyconnect is unable to read the certificate store of the virtual machine.  If you collect the DART you will be able to see which certificate is being send to the ASA.

Otherwise you might consider to create a separate policiy for those machines an use username/password instead.

Hope it helps

-Randy-

0 Helpful
Customers Also Viewed These Support Documents