cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4205
Views
0
Helpful
3
Replies

Cisco Anyconnect Client - stuck on "Checking for profile updates"

Hello everybody,

 

I´d like to request help wth a problem using the Cisco Anyconnect Secure Mobility Client. Since about a week I can´t get past the "Checking for profile updates..." (see the attached screenshot).

I searched the forum and found users with similar issues, however I did not find any solution.

Can anybody point me in the right direction what could be the issue here?

 

Thanks for help!

 

 

 

 
3 Replies 3

what is the anyconnect headend configured at firewall. also what version is you using on anyconnect? also have to create a anyconnect profile on the ASA. what does it look like?

please do not forget to rate.

Marko Krenker
Level 1
Level 1

I had the exact same issue!

Windows event viewer was reporting most useful information, which wasn't available in debugging webvpn anyconnect:

 
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Function: ConnectMgr::getProfileConfiguredOnSG
File: ConnectMgr.cpp
Line: 11006
VPN Profile entry not present

The problem was, that path to profile XML file, which is set on group-policy was missing in webwpn config context

I'm not sure at what point it disappeared from the config, but recently we were making ASA sw update, so this might be the cause.

 

 

Config:

group-policy ClientVPN-AD attributes
  dns-server value 10.x.y.10
  vpn-session-timeout 1440
  vpn-tunnel-protocol ssl-client
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPNClientAccess
  webvpn
    anyconnect ssl dtls enable
    anyconnect profiles value ClientVPN-Profile type user   <-- profile setting

webvpn
 enable Outside
 http-headers
  hsts-server
   enable
   max-age 31536000
   no preload
  hsts-client
   enable
  x-content-type-options
  x-xss-protection
  content-security-policy
 anyconnect image disk0:/anyconnect-win-4.8.01090-webdeploy-k9.pkg 1
 anyconnect image disk0:/anyconnect-linux64-4.8.01090-webdeploy-k9.pkg 2
 anyconnect image disk0:/anyconnect-macos-4.8.01090-webdeploy-k9.pkg 3
 anyconnect profiles ClientVPN-Profile disk0:/profile-config.xml   <-- Missing part
 anyconnect enable

Hope this is the case for you.

 

Kind regards, Marko

Just found the root cause:

We have an HA pair, and the actual config file for the connection profile was missing on secondary device, so when it was put to active mode during upgrading process, apparently config pointing to missing file was  removed.

 

Lesson learned: always replicate all resources of config to all the devices in HA cluster