02-24-2016 09:08 AM - edited 02-21-2020 08:42 PM
AnyConnect has been upgrade to 4.2.0135. The users authenticate using RSA SecureID tokens. After the upgrade, a fresh installation of the new AnyConnect client does not present the correct prompts, but an upgraded client does present the correct prompts. The prompts should be Username / Token Code / Password, but the new users are seeing Username / Password / Second Password. The users connect using a group URL, so I have eliminated inheriting the prompt from the default WebVPN Group. Has anyone seen anything similar to this?
02-24-2016 05:55 PM
A fresh install generally needs to either have the profile for your VPN included in the distribution or else connect once so it can be updated from the headend.
Once they get that, the prompts should adjust to reflect the ASA's configuration.
02-24-2016 05:55 PM
Thanks Marvin, but we've been through all of the "tried and true" solutions. The TAC engineer is stumped and has escalated within Cisco. I was hoping someone may have experienced and overcome the problem.
-js
02-24-2016 07:39 PM
Have you tired copying the profile.xml (or whatever you've named it on your ASA) to the appropriate directory for a new install?
i.e. in Windows 7 it is in the hidden folder C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Compare a working client to a non-working one based on the contents there (if you haven't already).
02-25-2016 12:14 PM
We have deleted the profile and verified that it was gone from flash. We recreated the profile and still experienced he problem.. To verify that it was being downloaded, we changed the split tunneling configuration and saw the change on the preferences tab.
02-19-2018 12:11 AM
Check my blog post about similar issue:
https://akosbakos.ch/acnamfd-sys-issue-aka-cisco-anyconnect-upgrade-process/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide