Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
854
Views
0
Helpful
2
Replies

Anyconnect client issue with only 1 user

l8nite4me2
Level 1
Level 1

‎08-23-2011 09:29 AM

This is a weird one.

I have one user that has started having issues with the anyconnect vpn client. 

When he enters his username and password the client does not even attempt to contact the vpn server.  I have watched my ASA logs and the IP address associated with his home device is not being logged on the firewall.  Immediately after he enters his username/password he recieves "authentication failed."  However, I can log in via vpn on the same machine through vpn without issues and the ip is logged in the firewall.

Even when he uses a machine for the first time, the anyconnect client will not even attempt to connect, but immediately goes to the authentication failed message.  We tested this on a brand new laptop right out of the box.  I installed the client and asked him to login.  It did the exact same thing.

I have verified that his user credentials are not locked in AD, we are using kerberos for authentication and using anyconnect client 2.4.1012.  This error persist across all OSes that we have tried.

Also, I forgot to add.  He was able to connect yesterday morning without issues and worked for 4 hours.  After he disconnected was when the problem began.

Any help would be greatly appreciated and if you need any further information please ask.

John

Labels:
0 Helpful
2 Replies 2

dchristm09
Level 1
Level 1

‎08-23-2011 05:47 PM

Hello, to me this sounds like a profile issue. With each of these machines before you have tested any connect did you have the user log on to the domain on that machine? Have you tried having another user that works logged in to the machine and then have the user that doesn't work try any connect? Have you tried him with a machine that has not logged onto domain? Have you tested his account on the ASA to see if he authenticates? Also, unrelated but version 3.0.3054 is out for anyconnect and is more secure.

Sent from Cisco Technical Support iPad App

0 Helpful

vabruno
Level 1
Level 1

‎09-22-2011 08:06 PM

Sounds like a policy issue on the ASA, try and enable debug aaa authentication, debug aaa radius and have the user having issues connect and look at the asa logs

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents