cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
2089
Views
0
Helpful
1
Replies
Justin Westover
Beginner

Anyconnect Client Profile Won't Download

I am working with some fairly locked down laptops and I have been tasked with getting anyconnect to run on those laptops to replace the current IPsec VPN solution. The main problem that I'm having is that the client profile will not download to the PC. I'm not sure what runs that goes out and checks for the latest updates from the ASA but i'm sure it probably doesn't have permissions to do so.

Right now the only way I can get a successful VPN tunnel established is to export the configuration from the ASA and import it on the users desktop. I would perfer that the user be capable of downloading the latest .xml client profile. The anyconnect service runs as "local system" and from what I can tell, "system" has full rights to all folders and files that it needs. But I'm missing something here.

I did notice an executable called vpndownloader.exe, can anyone verify what this .exe actually does?

1 REPLY 1
Marcin Latosiewicz
Cisco Employee

Justin,

vpndownloader is used to update Anyconnect version, push down profile from headend, push additional modules from headend and (I think) CSD/hostscan  update as well.

What you can do is have a look at your security even viewer during installation or enable filesystem/registry audit logging, if you suspect permission problem.

On windows 7 you'd do it (quick google search):

http://www.discoveryourpc.net/2010/01/auditing-access-to-files-on-windows-7.html
http://www.webbedeye.com/2012/08/monitoring-file-access-in-windows-7/

However what I would suggest is to open up a TAC case, there are all sort of useful info we can hellp you analysing hidden within the DART package

(setupapi logs and event viewer logs are the place to start).

M.

Create
Recognize Your Peers
Content for Community-Ad