Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13923
Views
5
Helpful
6
Replies

AnyConnect unwilling to perform password change

Go to solution
UnspokenDrop7
Level 1
Level 1

‎06-22-2016 05:48 AM - edited ‎02-21-2020 08:52 PM

Hi,

I have just enabled "password management" for one of my tunnel groups. I'm using LDAP for authetication. When I login, using AnyConnect, with a user that must change password and uses the right tunnel group (the one I have enabled password management for) I get to type in a new password and verify it but then I get a message back in the AnyConnect client that says "Unwilling to perform password change".

Is there anyway to figure out what exactely is going wrong?

Maybe it's more a question for Microsoft than Cisco?

3 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jeff-ferguson
Level 1
Level 1

‎09-07-2016 01:12 PM

Hi Kiristofer,

Just had the same issue.

After enabling the following -

  1. Enable password management for the impacted connection profile under clientless ssl vpn and
  2. enable "LDAP over SSL" for the impacted AAA server

the issue was resolved.

Good Luck,

Jeff Ferguson

View solution in original post

6 Replies 6

Go to solution
jeff-ferguson
Level 1
Level 1

‎09-07-2016 01:12 PM

Hi Kiristofer,

Just had the same issue.

After enabling the following -

  1. Enable password management for the impacted connection profile under clientless ssl vpn and
  2. enable "LDAP over SSL" for the impacted AAA server

the issue was resolved.

Good Luck,

Jeff Ferguson

Go to solution
UnspokenDrop7
Level 1
Level 1
In response to jeff-ferguson

‎11-28-2016 04:05 AM

Hi Jeff,

Ok, but you had to configure your LDAP servers for SSL also?

Ours servers are not so that would have to be solved first I guess.

If I can get the server team to do that I will most definetly try "LDAP over SSL"!

Thanks,

Kristofer

0 Helpful

Go to solution
joshua.a.tryon
Level 1
Level 1
In response to jeff-ferguson

‎11-28-2016 12:38 PM

Thanks Jeff--I was getting this error with password management enabled and just had to do the second step to get it working. 

0 Helpful

Go to solution
UnspokenDrop7
Level 1
Level 1
In response to joshua.a.tryon

‎12-01-2016 05:11 AM

Hi Joshua,

Great! Have you configured your LDAP servers to actually use SSL? Or does it not matter if the servers actually uses it or not?

0 Helpful

Go to solution
joshua.a.tryon
Level 1
Level 1
In response to UnspokenDrop7

‎12-01-2016 05:23 AM

They must have already been configured that way, because when I changed the option in ASDM (Configuration>Remote Access VPN>AAA/Local Users>AAA Server Groups) and used the Test authentication against the LDAP servers, it comes back successful right away.  I would say to make the change, which is setting it to use port 636 instead of 389, and then test authentication right away with your domain credentials.  If it doesn't work, set it back and then have your server team take a look.

0 Helpful

Go to solution
UnspokenDrop7
Level 1
Level 1
In response to joshua.a.tryon

‎12-01-2016 06:04 AM

Tried and guess what... it did work! I guess the server team have been working after all. :)

Thanks!

0 Helpful
Customers Also Viewed These Support Documents