cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
7263
Views
0
Helpful
1
Replies
stephensuley
Beginner

AnyConnect SBL Errors

I have Anyconnect 2.5 + gina 2.5 installed and somewhat operation.

Its PLAP using Windows 7

The configuration seems to have worked as per the Cisco Anyconnect config guide, I can connect without any problems when logged into the desktop, but when I switch user and try to connect from the logon window I get this error;" Connection attempt has failed."

The AnyConnect event log contains the following errors relating to my self signed SSL cert assocayed with the AnyConnect profile.

Function: ConnectMgr::doConnectIfcConnect

File: .\ConnectMgr.cpp

Line: 1409

Invoked Function: ConnectIfc::connect

Return Code: -29949890 (0xFE37003E)

Description: CTRANSPORT_ERROR_UNTRUSTED_CERT_DISALLOWED_WITH_SBL

Function: CTransportWinHttp::handleRequestError

File: .\CTransportWinHttp.cpp

Line: 946

Untrusted certificate received from SG in Start Before Logon mode.

Function: ConnectIfc::TranslateStatusCode

File: .\ConnectIfc.cpp

Line: 2634

Invoked Function: ConnectIfc::TranslateStatusCode

Return Code: -29949890 (0xFE37003E)

Description: CTRANSPORT_ERROR_UNTRUSTED_CERT_DISALLOWED_WITH_SBL

Connection attempt failed. Please try again.

I was hoping someone could tell me how to correct this issue. I have tried installed the cert into my trusted CA authorities under my computer account, but that didn't seem to make a difference.

Im not sure if the solution is on the ASA, or within my windows client configuration.

My ASA is a 5510 with OS 8.4

Its a self signed certificate create as part of the Anyconnect setup wizzard in the ASDM.

1 REPLY 1
stephensuley
Beginner

I found the answer to my issue in this thread;

https://supportforums.cisco.com/thread/2105535

I am able to get past this error now, which is great.

But after I enter my username and password and click connect, it look slike its going to connect, but then I get this error message;

Unable to retrieve logon information to verify compliance with AnyConnect logon 
enforcement and VPN establishment profile settings. A VPN connection will not be 
established.

The FAQ says this, but I'm not sure what I need to do to get this errror resolved...

For the purposes of my lab , I am logging in with a local user account.

I have no AAA server configured.

Again I am able to login with the same account if I connect from the desktop, these errors only happen when using SBL.

Description    AnyConnect cannot enforce the user logon limit settings configured in the client profile because it cannot retrieve the local user login information. To ensure the protection of the private network, the VPN connection is not permitted.

Recommended User Response    Report the error to your organization's technical support.

Recommended Administrator Response    Verify secure gateway access to the AAA server.