01-03-2014 11:47 AM - edited 02-21-2020 07:25 PM
Hello,
I've configured AnyConnect SSL VPN for two connections profiles which can be chosen when I try to establish connection. Following aliases has been configured for those con profiles:
* Con1
* Con2
the problem is that every time when I try to select the second one (Con2) from the group list it utomatically returns to the first one (con1). Generaly I am not able to choose Con2. It looks like the Con1 is the default and I can connect using only this profile. I've checked the preferences.xml and preferences_global.xml files and the default group is not configured. What is more when I change the aliases name for those connection profiles to:
* 1Con2
* Con1
I can choose only 1Con2 so it seems that only the first con prof on the list can be used. Any ideas?
01-09-2014 11:17 AM
Hi,
Could you please check to see if there is any tunnel group lock configured in the group policy being used by CON2 profile. If it is configured for CON1 then it will force the clients to fall on the CON1 profile.
Regards,
Saurabh
02-12-2014 02:51 AM
Hi.
We got the exact same issue here.
This used to work (we have ten'ish groups published) and only changes we are aware of is an upgrade of the AnyConnect client itself to 3.1.05152. We are not sure if the client upgrade triggered this as it only affected new users, so it took some time before we noticed it. Old users will default to the group they had at upgrade time, but they are not able to select another group, they return to the previous. New ones are not able to select group and returns to the first in the list.
TAC has been involved, but they found nothing special at their first attempt.
Did you got an resolution for this issue ?
02-12-2014 03:59 AM
Testing with an older version of AnyConnect (like 3.1.04059) solves this issue, so this seems related to latest release of AnyConnect.
02-12-2014 05:45 AM
I was able to manually edit the XML file in C:\Users\%name%\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client\preferences.xml
Which isnt really a viable solution for each user to make this change.
OR
I've been telling users to initiate the session via the web interface while picking the group wanted.
I am still waiting patiently for Cisco to fix the Anyconnect client.
02-12-2014 05:52 AM
We ended up downgrading the client to 3.1.04066, that one seems to be ok.
I will join in the patient waiting for a fixed AnyConnect client
03-06-2014 03:22 PM
I guess I will downgrade to the previous client, but shouldn't this be fixed since it's been 3 months?
(We just upgraded to the latest client a week ago)
05-29-2014 12:28 PM
When a user opens Cisco AnyConnect and goes to connect to "Host Name", the next box pops up asking for “Group, Username, and password” User selects "Con2", and it flips right back to "Con1".
The issue appears to be that Cisco AnyConnect fails to create the local preferences file under the users Windows profile.
The file is normally located at C:\Users\user.name\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client\Preferences.xml
Here is what the profile should look like upon successful connection to RSA.
__________________________________________________________________
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectPreferences>
<DefaultUser>User.Name</DefaultUser>
<DefaultSecondUser></DefaultSecondUser>
<ClientCertificateThumbprint></ClientCertificateThumbprint>
<ServerCertificateThumbprint></ServerCertificateThumbprint>
<DefaultHostName>Server/IP Address</DefaultHostName>
<DefaultHostAddress></DefaultHostAddress>
<DefaultGroup>Con2</DefaultGroup>
<ProxyHost></ProxyHost>
<ProxyPort></ProxyPort>
<SDITokenType></SDITokenType>
<ControllablePreferences></ControllablePreferences>
</AnyConnectPreferences>
Either edit the file that exists, or create a new "Preferences.xml" based off of the above profile.
Have the user close out of the Cisco AnyConnect Client by right clicking the icon in the system tray and select “Quit”
Copy the attached xml file to the following location.
C:\Users\User.Name\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client
If the directory structure does not exist, then create it “Cisco\ Cisco AnyConnect Secure Mobility Client”
Have the user Open Cisco AnyConnect and try to connect again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide