cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
74329
Views
0
Helpful
6
Replies

anyconnect: Hostscan CSD prelogin verification failed

johhuan2
Level 1
Level 1

Hello,

We hit an issue connecting vpn server at San Jose, the problem occurred at Posture Assessment procedure.

The issue is wired that we have connected to vpn successfully with public direct internet connection, but when we use proxy, posture assessment just failed. We can access internet via that proxy and we do can connect sjc vpn server address. Seems there is a certificate issue I'm not sure.

 

This is a snapshot from anyconnect client:

And the final error message popup:

And a port of libcsd log which caused the failure:

秅き きる 15 10:06:30.780 20][libcsd][debug][hs_verify_proxy] Setting h->peer to 'https://171.70.192.80'
[秅き きる 15 10:06:30.780 20][libcsd][debug][hs_transport_winhttp_setproxy_autoie] setting proxy using IE proxy values
[秅き きる 15 10:06:30.788 20][libcsd][debug][hs_verify_proxy] verifying proxy...
[秅き きる 15 10:06:30.788 20][libcsd][debug][hs_transport_probe] sending probe request
[秅き きる 15 10:06:30.906 20][libcsd][debug][hs_transport_winhttp_verify_cert_hash_check] Using SHA1 hash algorithm.
[秅き きる 15 10:06:30.907 20][libcsd][error][hs_transport_winhttp_verify_cert_hash_check] InternetQueryOption 12019
[秅き きる 15 10:06:30.908 20][libcsd][error][hs_transport_winhttp_verify_cert_hash_check] WinHttpQueryOption 12019

[秅き きる 15 10:06:30.908 20][libcsd][debug][hs_transport_winhttp_probe] Verify cert hash failed!
[秅き きる 15 10:06:30.908 20][libcsd][debug][hs_transport_probe] sending probe request failed
[秅き きる 15 10:06:30.908 20][libcsd][debug][hs_verify_proxy] verifying proxy... failed.

 

I've attached a full version of libcsd.log, please help, thanks!

 

1 Accepted Solution

Accepted Solutions

Abaji Rawool
Level 3
Level 3

Hi,

Please check this enhancement request (not yet fixed) :https://tools.cisco.com/bugsearch/bug/CSCul55965/?reffering_site=dumpcr

To confirm try the workaround

Workaround:
Disable authentication on proxy server.

HTH,

Abaji.

 

 

View solution in original post

6 Replies 6

Abaji Rawool
Level 3
Level 3

Hi,

Please check this enhancement request (not yet fixed) :https://tools.cisco.com/bugsearch/bug/CSCul55965/?reffering_site=dumpcr

To confirm try the workaround

Workaround:
Disable authentication on proxy server.

HTH,

Abaji.

 

 

Hi Abaji,

Thank you very much for your reply. I'm using a proxy that do need to enter username/password before establishing a connection to the internet.

If you mean disable this authentication, then I'm so sorry that I do not have the root permission to the proxy server.

Is that possible to release a hot-fix for my AnyConnect client installation, or provide me a patch something?

Thank you!

 

Regards,

John

Hi John,

 

This is a enhancement request and customer's can get the fix prioritized through the account team and not much can be done from support team side.

 

HTH

Abaji.

Hi Abaji,

OK, got it. Thanks.

 

Regards,

John

johhuan2
Level 1
Level 1

Hi Abaji,

Problem solved after disabling authentication on proxy server, thank you very much!

 

Regards,

John

Hi Abaji,

I am also Facing the same issue on Linux System.

Could you please help me how to disable authentication on proxy server ?

 

Thanks,
Bhanupratap Singh.