cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
29843
Views
15
Helpful
13
Replies

AnyConnect reconnects with Hyper-V Adapter

prend.bytyci
Level 1
Level 1

Hello guys

 

I have the following situation:

After connecting to my VPN GW with Windows 10 and Cisco AnyConnect 4.5 I see three reconnects. After them, the connection is up and without any problems. It just happens when the Hyper-V Adapter "vEthernet (Management)" is installed. It looks like when the Client connects to the VPN GW, the Hyper-V Adapter intervene in, no connection is possible and after three times the connection over wifi/wire is up, and everything is good. Is there any way that the VPN client dont's use the Hyper-V Adapter? Or do you know that problem at all?

 

There is article from a blogger who describes the problem a little bit better:

https://mattsinfield.wordpress.com/2017/12/04/windows-10-and-cisco-anyconnect-reconnect-behaviour/

 

1 Accepted Solution

Accepted Solutions

Hey,

 

Just to let you know that we've got it to work on the latest version. Unsure why the first few laptops didn't take right away but all others are now behaving properly. 

View solution in original post

13 Replies 13

Rahul Govindan
VIP Alumni
VIP Alumni

Looks like this is expected. There was a recent doc bug opened by Cisco to update their documentation:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi37860

 

It looks like the HyperV adapter might be coming up a few times after Anyconnect connects. Each time there is a network change, Anyconnect checks to see if it has to establish connection via that adapter. This may be why the reconnects are happening. 

 

Hello Sir

 

Thank you for that information. Is this going to be fixed or not? Or is there any solution for that behavior?

It does not look like there is going to be a fix for the behavior. A possible workaround would be a code change for Anyconnect not to consider the Hyper V adapter as a viable network adapter. I would open a TAC case, reference the bug and check if there is a fix or workaround for this. 

This is not a solution!

Hyper-V is a supported feature in Windows 10. It is widely used along with supported security features like "Credential Guard, Device Guard" and "Windows Defender Application Guard".

All our computers use "Credential Guard". Either this gets fixed or we need to stop using Cisco Anyconnect.

Absolutely agree with you that Cisco should fix this problem. In this day and age, different software should learn to work with each other, especially when they are prominently used in common operating systems. From what it looks like from the bug, Cisco has resigned to the fact that this is expected behavior and that should not be the case. Opening a TAC case and asking for a fix is the next step here. 

Oliver Eve
Level 1
Level 1

Just to let you know we've managed to get Cisco TAC to implement a fix for this either this month or in August.

 

Cheers

 

@Oliver Eve : Great to hear. Thanks for that update. 

Hi, any news about fix?

 

Cheers

It was supposed to have been fixed in 4.6.02074 but we're still seeing the issue so i've asked TAC to one again look into the issue. 

 

"Fixed Hyper-V Behavior Showing Multiple Notifications. To accommodate a Hyper-V behavior change on Windows 10 (Redstone 3 or later), tunnel security reinforcement has been optimized while using tunnel-all or split-exclude configurations. When a new interface address is detected, Hyper-V is properly enforced without causing the appearance of multiple reconnects. (CSCvj71152)"

 

 

Oliver Eve thank you for information.

Hey,

 

Just to let you know that we've got it to work on the latest version. Unsure why the first few laptops didn't take right away but all others are now behaving properly. 

Hello Oliver!

Which AnyConnect version fixed the issue for you? We are also experiencing this problem.

Still happening for me on Windows 10 with AnyConnect 4.10, resulting in me having to reimage my machine twice over recent months, and my inability to use Docker for development, which is ridiculous.

 

The behavior I experienced in both cases leading up to reimaging my machine was that things would seem to work fine initially, then over time I'd see the length of time it takes for the VPN login screen to appear increase (to 1-2 minutes at its worst), and eventually the VPN client can't find the VPN server at all because it's using the Hyper-V network adapter and there's no way to tell it not to use that adapter.

 

Once it gets to this point even reboots don't solve it, nor does uninstalling and reinstalling AnyConnect. I might get lucky and have it work every dozen or so times trying to log in, but for all intents and purposes once AnyConnect latches onto the Hyper-V adapter completely it's game over.

 

Side note: WSL2 also doesn't work with AnyConnect, rendering another super useful feature of Windows unusable because of AnyConnect.

 

To me, given the prevalence of Hyper-V on Windows and where developers are concerned anyway the necessity of using Docker, it's completely ridiculous that there isn't a solution to this. The VPN client shouldn't be a limiting factor that's forcing me to have to use a Mac for development work.