I am facing a weird issue with ASA, we desire to setup client based authentication with the Microsoft CA server. The setup is complete, the client machine got a certificate and authenticates well with CA while logged in as an Administrator. However if logged in as a normal user, I couldn't connect as the Anyconnect client doesn't display prompts for keying the credentials. Please have a look at the attached snapshot for more details. Appreciate anyone help with this issue.
Message was edited by: Aurecon Group - This issue is now resolved
If you are using user certs, note that every user needs to have it's own cert (the screenshot shows that this user does not have a cert in its personal cert store).
If using machine certs, make sure the cert is in the machine store (and not in administrator's user store), and that <CertificateStoreOverride> is set to true in the profile (and that
Thanks for the reply, really appreciate that. We are trying to deploy Machine certificate, I did confirmed that the cert is stored int the machine. It works well if login as an admin, but doesn't work if login as a normal user. <CertificateStoreOverride> is also set, but not working.
ok, just to be sure: you do have
Does the client download the profile ok? I.e. is the profile on the disk the same as on the ASA?
Last but not least, check the logs, there is a separate Anyconnect category of logs in the Windows Event Viewer. There should be log entries saying wich CertificateStore and CertificateStoreOverride settings are being applied, and possibly an entry telling you more about why it is failing.
Finally we resolved the issue, with the help of cisco tech. We were missing the server details in the profile we created, on adding those details things are good. Thank you very much for your help.