Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4017
Views
0
Helpful
3
Replies

Cisco Anyconnect Client - stuck on "Checking for profile updates"

ChristianLehmann02448
Level 1
Level 1

‎03-19-2021 12:25 AM - edited ‎03-19-2021 12:25 AM

Hello everybody,

 

I´d like to request help wth a problem using the Cisco Anyconnect Secure Mobility Client. Since about a week I can´t get past the "Checking for profile updates..." (see the attached screenshot).

I searched the forum and found users with similar issues, however I did not find any solution.

Can anybody point me in the right direction what could be the issue here?

 

Thanks for help!

 

 

 

 
2 people had this problem
Labels:
Preview file
70 KB
0 Helpful
3 Replies 3

Sheraz.Salim
VIP
VIP

‎03-19-2021 03:06 AM

what is the anyconnect headend configured at firewall. also what version is you using on anyconnect? also have to create a anyconnect profile on the ASA. what does it look like?

please do not forget to rate.
0 Helpful

Marko Krenker
Level 1
Level 1

‎07-08-2021 01:23 AM

I had the exact same issue!

Windows event viewer was reporting most useful information, which wasn't available in debugging webvpn anyconnect:

 
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Function: ConnectMgr::getProfileConfiguredOnSG
File: ConnectMgr.cpp
Line: 11006
VPN Profile entry not present

The problem was, that path to profile XML file, which is set on group-policy was missing in webwpn config context

I'm not sure at what point it disappeared from the config, but recently we were making ASA sw update, so this might be the cause.

 

 

Config:

group-policy ClientVPN-AD attributes
  dns-server value 10.x.y.10
  vpn-session-timeout 1440
  vpn-tunnel-protocol ssl-client
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPNClientAccess
  webvpn
    anyconnect ssl dtls enable
    anyconnect profiles value ClientVPN-Profile type user   <-- profile setting

webvpn
 enable Outside
 http-headers
  hsts-server
   enable
   max-age 31536000
   no preload
  hsts-client
   enable
  x-content-type-options
  x-xss-protection
  content-security-policy
 anyconnect image disk0:/anyconnect-win-4.8.01090-webdeploy-k9.pkg 1
 anyconnect image disk0:/anyconnect-linux64-4.8.01090-webdeploy-k9.pkg 2
 anyconnect image disk0:/anyconnect-macos-4.8.01090-webdeploy-k9.pkg 3
 anyconnect profiles ClientVPN-Profile disk0:/profile-config.xml   <-- Missing part
 anyconnect enable

Hope this is the case for you.

 

Kind regards, Marko

0 Helpful

Marko Krenker
Level 1
Level 1
In response to Marko Krenker

‎07-08-2021 01:31 AM

Just found the root cause:

We have an HA pair, and the actual config file for the connection profile was missing on secondary device, so when it was put to active mode during upgrading process, apparently config pointing to missing file was  removed.

 

Lesson learned: always replicate all resources of config to all the devices in HA cluster

0 Helpful
Customers Also Viewed These Support Documents