03-27-2020 11:31 AM
Hi Teams ,
Due to heavy tendency to have users from work from home due to COVID-19 , we are having to send laptops to users at their home. But since they haven't logged in before on new laptops their credentials are not cached , they are not able to login. Now we are trying to get SBL feature work . I have followed the 2 steps described in document
1. Enable vpngina
2. enable SBL in anyconnect profiles.
Both of them are in screenshot attached. But the problems is , although laptops in lab have been installed with SBL module , when we reboot laptop , there is an anyconnect icon called status , which spins and looks like trying to connect , but then falls back to windows login screen , instead of asking for VPN profiles or credentials. I have made a video of how laptop behave and is also attached. What can be wrong ? after logging in via cached credentials, a user can connect to VPN without problem .
Varun
Solved! Go to Solution.
03-29-2020 10:38 AM
03-27-2020 06:43 PM
03-27-2020 11:29 PM
Anyconnect version is 4.6.02074 .Yes we have connected user session in the lab before shipping out to customer. The SBL module got downloaded and that's why perhaps we even get to the point of anyconnect visible and starting to do something at the logon screen . There was no network connection button available at logon screen before we got SBL module. It dont work not just on 1 machine but any machine we try . Its all WIN10 though. Additionally , i have verified in the any connect profile ( .xml ) profile, following option is there :
-<ClientInitialization>
<UseStartBeforeLogon UserControllable="true">true</UseStartBeforeLogon>
<AutomaticCertSelection UserControllable="true">true</AutomaticCertSelection> "
still , same happens : what can be wrong . May be something with .dll file that does not allow anyconnect as PLAP service provider in WIN10 .
varun
03-28-2020 02:23 AM
I have found the root of problem. Turns out while installing SBL from ASA itself , the functionality don't work. This may be a problem with windows rights to let install some app , we need to figure that part out.
However, if i install manually from the MSI file package , SBL work perfect.
So if we dont figure out why install from ASA functions with the fault , we may just go ahead let the file install via SCCM. Name of file : anyconnect-win-4.6.02074-gina-predeploy-k9.msi
Thanks,
Varun
Varun
03-29-2020 10:38 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide