Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2827
Views
0
Helpful
4
Replies

AnyConnect and Smart Card through RDP

pavoljaco
Level 1
Level 1

‎09-07-2012 07:25 AM - last edited on ‎02-21-2020 11:52 PM by Community Manager

Hi,

I have virtual machine (Win 7 64bit), I am connecting to it through RDP protocol and I have sharing Smar Cards enabled. I have all necessary software and drivers for smart cards installed on virtual machine.

When I use Smart Card as usb token connected on my laptop (Gemalto usb token), virtual machine have no problem, I can see certificate and I can use it with AnyConnect to establish SSL VPN sucessfully.

But when I use clasic smart card like Crescendo or SafeSign with internal or external reader (on my laptop), I can see certificates, I can read and write to smart cards, I even have sucesfully validated certificate on ASA - vpn concentrator, but tunnel is not established sucessfully, ending with:

AnyConnect error: The client agent has encountered an error.

From ASA firewall: ERROR: Initialization failure (mem alloc failed, etc.)

From DART: An established connection was aborted by the software in your host machine.

I have two types of smart cards (crescendo, safesign) and Gemalto usb token, all is shared through RDP session from my laptop, only usb token can sucesfully establish VPN in RDP session. Generally I do not see any difference in using usb token (embeded smart card in reader) and usb reader with smart card. Anybody has similar experience?

Thanks,

Pavol Jaco


Labels:
0 Helpful
4 Replies 4

danieljochem
Level 1
Level 1

‎11-07-2012 06:39 AM

Hi,

we have a similar problem here.

Have you already found a solution or any further information on that issue?

The only thing we found out is that a problem with the same error message is described in a Troubleshooting Guide on the MAC-OS AnyConnect client as an issue with IPv6.

Thanks,

Daniel Jochem

0 Helpful

shwjain
Level 1
Level 1
In response to danieljochem

‎11-07-2012 11:27 AM

Pavol,

What version of AnyConnect and ASA are you using?

Thanks,

Shweta

0 Helpful

danieljochem
Level 1
Level 1
In response to shwjain

‎11-07-2012 10:28 PM

Shweta,

As we have the same problem as Pavol here I also think it would be good to post the versions we are using here.

The issue occured first with using ASA version 8.4.4.1 and AnyConnect 3.1.01065. As we thought it may be a problem with the currently use ASA version we upgraded to ASA version 8.4.5 but that does not make any changes on the problem.

Thanks

Daniel

0 Helpful

pavoljaco
Level 1
Level 1
In response to danieljochem

‎11-07-2012 11:52 PM

Hi guys,

I am not sure wich version I was using back there, but now in my lab I have ASA 9.0(1) and AnyConnect 3.1.01065. As a driver for smartcard I am using SafeNet eToken Minidriver 5.1. I repeated the test today and now it works with no problem. I can sucesfully connect to ssl vpn (safenet cards did not work before upgrade), Gemalto tokens still work as before (Card OS API 5.1)

Pavol

0 Helpful
Customers Also Viewed These Support Documents