07-28-2012 02:01 AM
Hi,
I'm new to Cisco, so please bear with me.
But right now I'm trying to get Anyconnect 3.0.08057 running on a 5510 with 8.3 (1) on a Windows 2008 R2 Server running terminal services. I know it's not officialy supported, but for a VPN work around to another site we're attempting using Anyconnect SSL VPN. I've made a test terminal server and it works beautifully. However, when I attempt with our production we get this error after entering my username and password:
The certificate on the secure gateway is invalid. A VPN connection will not be established.
Comparing event logs with a working 2008 Server and this one shows that it's disconnecting because of:
Function: CCertOpenSSLAdapter::verifyServerCertificate
File: .\CertOpenSSLAdapter.cpp
Line: 918
Invoked Function: CCertHelper::CheckServerCertThumbprintAlt
Return Code: -31391732 (0xFE21000C)
Description: CERTSTORE_ERROR_HASH_MISMATCH
I've made sure Strict Cert Trust is disabled and I've tried Cert Store Override but it never works on that specific box. I've also tried to load the cert (a self-signed) onto the Cisco Certstore as well as the machine and user cert stores but it never works.
I was wondering if anyone has seen this before or can point me to a right direction. Let me know if you need to see any specific part of the config.
Thanks!
Alvin
07-28-2012 08:10 AM
Hi,
Are you doing certificate authentication?
Does it happen with username and password authentication?
Thanks
Sent from Cisco Technical Support Android App
07-28-2012 02:25 PM
Hi Javier,
I am not doing cert authentication and it's happening with using local authentication using a username and password. Again, it only happens on a singe machine. It seems that the connection is failing when Anyconnect tries to validate the cert it has for the ASA with the one in its cert store (I have no idea where it would be located) and fails when the hash's don't match. Although that's only a guess, but I think a reasonable one at this point.
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide