Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2819
Views
2
Helpful
12
Replies

AnyConnect VPN Refusing to Authenticate

Go to solution
SeeSharp
Level 1
Level 1

‎10-12-2023 08:52 AM

Hello,

I've been having an issue with my VPN for about a year now where any attempt to log in simply fails. So far, I haven't needed it to work from home, but now I do. There is no "invalid credentials" error or anything and there is no attempted connection. Whenever I try to log in, it immediately fails and then only prints the message "login failed" on the UI. In the "Message History" tab, the only message that gets printed is "User credentials entered." Nothing else. 

I have worked with both the IT department and the Networking department at my organization and neither of them have been able to figure this out. 

Has anyone seen this issue before? Does anyone know how it can be fixed or how I can effectively troubleshoot it? Any help would be greatly appreciated.

Thanks!

System Specs: 

Cisco AnyConnect Security Mobility Client Version 4.10.05111

OS: Microsoft Windows 10 Enterprise, Version 10.0.19045

Manufacturer: Dell

Model: Latitude 7490

System Type: x64-based PC

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to SeeSharp

‎10-13-2023 11:08 AM 

They also said my AD account's security ID is null,

this information they seeing in the EVENT Log, so IT people can fix this, this is nothing to do with Cisco.

So i would suggest to follow up with your IT for solution.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
12 Replies 12

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-12-2023 09:15 AM

If you are authentication against AD - then suggest to change the password simple with out any special character and test it.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
SeeSharp
Level 1
Level 1
In response to balaji.bandi

‎10-12-2023 09:54 AM

This was attempted a few times. They tried resetting the password to a short string of numbers and letters multiple times and it got the same result. IT checked my account in AD and said there was nothing obviously wrong with it.

0 Helpful

Go to solution
marce1000
VIP
VIP

‎10-12-2023 09:35 AM

 

  >...I have worked with both the IT department and the Networking department at my organization and neither of them have been able to figure this out. 
  - Yet their task is simple : they need to examine the anyconnect-terminating-vpn-server's (typical ASA or other) logs and check the authentication entries for your attempts and their status, 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
SeeSharp
Level 1
Level 1
In response to marce1000

‎10-12-2023 10:03 AM

I'm not sure if they checked these logs specifically, but they did check the logs on my device and there was no authentication entry whatsoever. I will double check with them and see if they have.

0 Helpful

Go to solution
cgarringer
Level 1
Level 1

‎10-12-2023 10:08 AM

Are you using MFA?    If so the initial authentication would work, but the overall would be a reject if the MFA device/system rejected it.     In my experience the logs would be showing successful login, but the user would get a fail.

0 Helpful

Go to solution
SeeSharp
Level 1
Level 1
In response to cgarringer

‎10-12-2023 10:26 AM

We do use MFA. By the device rejecting the login, do you mean not approving the login on your MFA device? Or do you mean the MFA device isn't receiving a request to log in?

0 Helpful

Go to solution
cgarringer
Level 1
Level 1
In response to SeeSharp

‎10-12-2023 10:39 AM

It could be either one. If the MFA talks to your phone then the MFA system could have the wrong #, wrong username, or the app is not setup correctly on the phone.
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to SeeSharp

‎10-13-2023 01:14 AM

You IT Team able to troubleshoot this, where this Failing, as community we do not have any visibility of your setup.

as your IT to run debug

1. check against AD is OK

2. is the 2 FACT authentication have any errors ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
SeeSharp
Level 1
Level 1
In response to balaji.bandi

‎10-13-2023 11:02 AM

Have been troubleshooting with them for the past day or so once again. We have found one lead. It is a server-side issue, the server is rejecting all of my attempts to sign in immediately. Doesn't even attempt to perform 2-factor auth. 

They said I wasn't added to the right group, but they added me to this group and I'm still getting locked out. They also said my AD account's security ID is null, and I have no idea what that means, but it seems important?

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to SeeSharp

‎10-13-2023 11:08 AM 

They also said my AD account's security ID is null,

this information they seeing in the EVENT Log, so IT people can fix this, this is nothing to do with Cisco.

So i would suggest to follow up with your IT for solution.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
SeeSharp
Level 1
Level 1
In response to balaji.bandi

‎10-13-2023 11:11 AM

Yeah I agree, it has to be an issue with my account in AD. 

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to SeeSharp

‎10-13-2023 11:16 AM

Sure - but if you see any issue with cisco any connect you most welcome to comment here so community can help you.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Customers Also Viewed These Support Documents