cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2819
Views
2
Helpful
12
Replies

AnyConnect VPN Refusing to Authenticate

SeeSharp
Level 1
Level 1

Hello,

I've been having an issue with my VPN for about a year now where any attempt to log in simply fails. So far, I haven't needed it to work from home, but now I do. There is no "invalid credentials" error or anything and there is no attempted connection. Whenever I try to log in, it immediately fails and then only prints the message "login failed" on the UI. In the "Message History" tab, the only message that gets printed is "User credentials entered." Nothing else. 

I have worked with both the IT department and the Networking department at my organization and neither of them have been able to figure this out. 

Has anyone seen this issue before? Does anyone know how it can be fixed or how I can effectively troubleshoot it? Any help would be greatly appreciated.

Thanks!

System Specs: 

Cisco AnyConnect Security Mobility Client Version 4.10.05111

OS: Microsoft Windows 10 Enterprise, Version 10.0.19045

Manufacturer: Dell

Model: Latitude 7490

System Type: x64-based PC

1 Accepted Solution

Accepted Solutions

They also said my AD account's security ID is null,

this information they seeing in the EVENT Log, so IT people can fix this, this is nothing to do with Cisco.

So i would suggest to follow up with your IT for solution.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

12 Replies 12

balaji.bandi
Hall of Fame
Hall of Fame

If you are authentication against AD - then suggest to change the password simple with out any special character and test it.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

This was attempted a few times. They tried resetting the password to a short string of numbers and letters multiple times and it got the same result. IT checked my account in AD and said there was nothing obviously wrong with it.

marce1000
VIP
VIP

 

  >...I have worked with both the IT department and the Networking department at my organization and neither of them have been able to figure this out. 
  - Yet their task is simple : they need to examine the anyconnect-terminating-vpn-server's (typical ASA or other) logs and check the authentication entries for your attempts and their status, 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

I'm not sure if they checked these logs specifically, but they did check the logs on my device and there was no authentication entry whatsoever. I will double check with them and see if they have.

cgarringer
Level 1
Level 1

Are you using MFA?    If so the initial authentication would work, but the overall would be a reject if the MFA device/system rejected it.     In my experience the logs would be showing successful login, but the user would get a fail.

We do use MFA. By the device rejecting the login, do you mean not approving the login on your MFA device? Or do you mean the MFA device isn't receiving a request to log in?

It could be either one. If the MFA talks to your phone then the MFA system could have the wrong #, wrong username, or the app is not setup correctly on the phone.

You IT Team able to troubleshoot this, where this Failing, as community we do not have any visibility of your setup.

as your IT to run debug

1. check against AD is OK

2. is the 2 FACT authentication have any errors ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Have been troubleshooting with them for the past day or so once again. We have found one lead. It is a server-side issue, the server is rejecting all of my attempts to sign in immediately. Doesn't even attempt to perform 2-factor auth. 

They said I wasn't added to the right group, but they added me to this group and I'm still getting locked out. They also said my AD account's security ID is null, and I have no idea what that means, but it seems important?

They also said my AD account's security ID is null,

this information they seeing in the EVENT Log, so IT people can fix this, this is nothing to do with Cisco.

So i would suggest to follow up with your IT for solution.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yeah I agree, it has to be an issue with my account in AD. 

Sure - but if you see any issue with cisco any connect you most welcome to comment here so community can help you.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help