Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1175
Views
0
Helpful
0
Replies

AnyConnect connection using scripting not working on remote machine

aishkapoor
Level 1
Level 1

‎12-12-2019 01:52 AM - edited ‎02-21-2020 09:49 PM

Hi,

I am trying to establish a VPN connection using Cisco AnyConnect on a remote machine (Google Compute VM) using vpncli.

I am currently faced with 2 issues.

1. I am able to get the VPN connect if I am logged into that remote VM (using RDP). But if I close that RDP session, AnyConnect would simply just not connect.

If I am RDP in the server (minimised) and then my script triggers the also VPN connects successfully. Issue connect when there is no active display to the VPN.

Now the Client VPN provider has told me that they have WinodowsLogonEnforcement = SingleSignOn and I verified this in the location profile, so that's not a problem.

Has anyone experienced the same issue earlier? What I want to achieve is that my automated processes should run uninterrupted without someone having to login to the VM or RDP into the VM.

This is the command I am using - 

"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe" -s < C:\client\anyconnect-profile.txt

Again, this works for me if I am logged in.

I am printing the input and error stream from the vpncli process, but there is nothing there. Here is the log from vpncli. I am using vpn host, group number, username and password to connect.

Cisco AnyConnect Secure Mobility Client (version 4.6.02074) .


Copyright (c) 2004 - 2018 Cisco Systems, Inc. All Rights Reserved.

 


>> state: Disconnected


>> state: Disconnected


>> state: Disconnected


>> notice: Ready to connect.


VPN>
>> registered with local VPN subsystem.


VPN>

 

2. Another issue that I am facing is this error message. 

The VPN connection was started by a remote desktop user whose remote console has been disconnected.  It is presumed the VPN routing configuration is responsible for the remote console disconnect.  The VPN connection has been disconnected to allow the remote console to connect again.  A remote desktop user must wait 90 seconds after VPN establishment before disconnecting the remote console to avoid this condition.
 
To create this, following steps worked for me-
1. Login to RDP
2. Connect to VPN using AnyConnect
3.  Disconnect the RDP. When you re-connect you will see this message
 
Is there any chance that this feature could be disabled to timeout reduced from 90 secs to 1 sec or something?
 
Any help on how to get these resolved or any help to further debug this would be appreciated.
Thanks!
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents