03-24-2020 10:50 AM
Over the last few weeks, computers at my org have been unable to connect to the VPN.
These computers had been working fine previously... for instance, connecting fine on Friday, on Monday when the user tries to connect, they get the error : Anyconnect Failed to get configuration from AnyConnect Client Process. Contact your systems administrator.
this will present itself several times before it finally gives up and then displays the error: AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.
We have thousands of other users successfully connecting through AnyConnect but these machines will not.
We have completely removed anyconnect and all the profile data in %localappdata% and %programdata%
We've verified network connectivity and the ability to resolve DNS to our anyconnect appliance.
We've removed and re-installed the user certificates used for Anyconnect authentication.
We've tried using alternate internet connections to rule out ISP issues.
I can't find much about this specific error online but I'm wondering if anyone has any ideas that might be helpful.
Solved! Go to Solution.
03-27-2020 05:22 AM - edited 03-27-2020 05:23 AM
Wanted to post our resolution:
After several days of digging, one of my associates pinned down the problem.
A recent update to Windows Defender apparently changed the location of some files.
On the systems unable to connect with the error listed in my first post this folder was empty:
C:\ProgramData\Microsoft\Windows Defender\Platform
To resolve the issue, we applied Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10)
We're still looking to see what these systems have in common.
03-24-2020 11:44 AM
Hi,
Look over to which Microsoft updates have been pushed over to those clients; some latest Microsoft KB are known to create several random issues. Try removing those first and see how it goes.
Regards,
Cristian Matei.
03-24-2020 12:22 PM - edited 03-24-2020 12:23 PM
I've been digging through the event viewer and trying to compare the logs from computer A (working and connected) and computer B (not connecting). I am the user on both machines.
Unfortunately, one is 1909 and the other 1803 (not working). The vast majority of our machines are running 1803 and get updates pushed through SCCM.
03-24-2020 01:00 PM
Hi,
Try to have the same patch level on a not-working machine as on a working machine. See if it gets fixed.
Regards,
Cristian Matei.
03-24-2020 02:56 PM
Not really optional at this point.
My machine is on 1909 to 'test' before it's pushed out.
The majority of our clients are still 1803 and only a handful of computers are having this issue.
It's scattered around the country and I haven't been able to put my finger on what they all have in common.
03-24-2020 02:58 PM
I do have Dart logs from one of the machines I was working on today.
I'm just not sure I can unravel what the logs are telling me.
03-27-2020 05:22 AM - edited 03-27-2020 05:23 AM
Wanted to post our resolution:
After several days of digging, one of my associates pinned down the problem.
A recent update to Windows Defender apparently changed the location of some files.
On the systems unable to connect with the error listed in my first post this folder was empty:
C:\ProgramData\Microsoft\Windows Defender\Platform
To resolve the issue, we applied Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10)
We're still looking to see what these systems have in common.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide