Re: AnyConnect connection failure - OS problem? - Page 2

Mi1anovic · ‎04-08-2024

Hello,

I have a problem with Cisco AnyConnect VPN but it's related to a single computer only. Everything is working just fine as long as I am doing regular things. However when I increase network load (copying files through RDP, browsing through google maps on RDP, checking massive docker logs on Ubuntu) I am disconnected from VPN with connection failure error (image of the error below).

This is not happening on other computers using the same VPN account, OS version, AnyConnect version.

I tried to reinstall Cisco AnyConnect VPN, I installed newest OS updates and drivers. I am using Win11 as the OS from which I am realizing the connection. I ran sfc /scannow but it seems to be ok.
It seems like something is wrong with my OS but I really really don't want to reinstall the whole OS because that's work for at least 2 days.

Any ideas someone please? I would be thankful.

Mi1anovic · ‎04-12-2024

I am sending you the AnyConnect.txt in the attachment of this message. Here are the times I observed:
13:28:23 - Connect time
13:29:06 - RDP freeze
13:29:25 - Reconnecting message
13:29:26 - Connection failure error message
13:30:35 - Bundle creation process

I tried the ping and ping was working whole time from first connection to the error message connection failure.

tvotna · ‎04-12-2024

The error is:

Date : 04/12/2024
Time : 13:29:04
Type : Information
Source : acvpnagent

Description : Function: CHostMgrCommonImpl::getHostBoundBuffer
File: c:\temp\build\thehoff\orion_mr60.926477543745\orion_mr6\vpn\agent\hostmgrcommonimpl.cpp
Line: 196
Host bound queue is full

This is a internal client error.

Discussions:
https://community.cisco.com/t5/vpn/anyconnect-host-bound-queue-is-full/td-p/3053276
https://community.cisco.com/t5/vpn/cisco-anyconnect-host-bound-queue-is-full/td-p/4062308

The defect: CSCwd94777. There are 30+ customer cases attached to the defect, but nobody cares and the bug was closed without any resolution. I suggest you to reply to above threads and ask if anyone has found a workaround. The workaround suggested in the bug (disabling tunnel optimization with custom attributes) can only be implemented on the server side and it cannot be implemented on routers.

Opening a TAC case might also help.

Mi1anovic · ‎04-14-2024

Well, that's unfortunate. However I fell a bit better to at least know where the source of the problem could be. I will check the discussions if there are any new info.

Thank you very much for your time and your help. I appreciate it a lot!

JKPersimmons · ‎08-05-2024

So I ran into this problem client-side and the very heavy-handed workaround for it is to elevate and run the VPN client as Administrator. If your user account does not have local admin privilege and you have to invoke a separate account's admin context, that user context-switch will break the authentication process if SSO is implemented.

I had to use an admin account to permanently elevate my user account to Local Admin group and reinstall Cisco VPN client. No longer have any issues but this solution can violate IT/Infosec policies against logging in with local admin privileges by default.

If we can figure out which resources/directories require elevated privilege or access to prevent "Host bound queue is full" from happening for the current (unprivileged) user, we might be able to avoid requiring local admin.

MHM Cisco World · ‎04-12-2024

https://community.cisco.com/t5/vpn/cisco-anyconnect-vpn-client-disconnects-1-2-seconds-after/td-p/3033491

I think you need only update the anyconnect ver. You run in this pc

MHM

tvotna · ‎04-12-2024

https://community.cisco.com/t5/vpn/cisco-anyconnect-vpn-client-disconnects-1-2-seconds-after/td-p/3033491

I think you need only update the anyconnect ver. You run in this pc

MHM

Above analysis is completely wrong.