Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1734
Views
5
Helpful
1
Replies

Anyconnect software uninstalls during auto upgrade then fails leaving user with no VPN installed

billy_vaughn
Level 1
Level 1

‎12-11-2019 06:46 AM

I'm having an odd issue on one users workstation. I recently upgraded our ASA to version 9.13. I have two VPN images in flash with 4.7.02.036 being the primary image. When the user connects to Anyconnect it starts an upgrade process which includes removing the current version then fails at some point leaving the user with no VPN. I've tried manually uninstalling from all locations I can find as well as trying to manually installing the 02036 version. Same results each time with no VPN left installed in the Start menu. The user is a limited user but the VPN is installed using Sentient application service manager. Looking for any help.

 

anyconnect-win-4.7.04056-webdeploy-k9.pkg

anyconnect-win-4.7.02036-webdeploy-k9.pkg

Labels:
0 Helpful
1 Reply 1

billy_vaughn
Level 1
Level 1

‎12-11-2019 06:51 AM

I was able to figure this one out and thought I'd post the fix. We use Trend AV and it was stopping the upgrade from finishing. We had to make some changes to our Trend server to fix the upgrade of the VPN after an ASA upgrade.

 

http://files.trendmicro.com/products/officescan/XG/patch1/osce_xg_win_en_criticalpatch_1737_r1.html

 

Relevant information from article.

  • Hotfix 1721 (JIRA 13772/13380)
    Issue: When the system installs or upgrades the Cisco VPN software, it tries to access some registry keys under the TmLwf registry key, which causes the software installation to fail.
    Solution: This hotfix adds a key to disable the self-protection only function of the TmLwf registry key, which resolves this issue.
    Procedure: To enable the new service settings:
    a. Install this hotfix (see "Installation").
    b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
    c. Under the "Global Setting" section, manually add the following key and set its value to "1".
     [Global Setting]
     SP_DisableTmLwfRegistryKeyProtection=1
     Value: 1 = Disable TmLwf registry key self-protection only
    d. Save the changes and close the file.
    e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
    f. Click "Save" to deploy the setting to clients.
     Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
     Key: SP_DisableTmLwfRegistryKeyProtection
     Type: DWORD
     Value: 1 = Disable TmLwf registry key self-protection only
    g. Restart the OfficeScan agents
Customers Also Viewed These Support Documents