Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
49043
Views
0
Helpful
16
Replies

Cisco AnyConnect: Connection attempt has failed

jennwee
Level 1
Level 1

‎11-03-2017 06:42 PM - edited ‎03-12-2019 04:42 AM

Dear experts,

 

I must admit that I'm facing strange issue with my Cisco AnyConnect.

When I try to connect VPN through Cisco AnyConnect via my home WiFi or LAN cable, my success rate is only 1 out of 30 times or lower (what I want to highlight is the failure rate is not 100%).

When I check the "Message History", it keeps showing "Connection attempt has failed".... then "No valid certificates available for authentication". 

I have disabled the fire wall in my modem/router, but the issue still persist... Again, I still manage to connect once in awhile after many attempts without changing any setting...

 

When I switch my internet connection to my mobile hotspot, then it works 99% through the first attempt.

Can someone help me with this issue? I'm really in dilemma now

 

Thank you

 

Jenn Wee

1 person had this problem
Labels:
0 Helpful
16 Replies 16

Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-04-2017 05:58 AM

The error you are seeing is typically an issue with Anyconnect not picking up the client's certificate correctly.

 

What is your operating system version and AnyConnect version?

 

There were some incompatibilities with certain client certificates noted with OS X and Anyconnect 4.3.x.

 

https://supportforums.cisco.com/t5/vpn/anyconnect-4-3-05017-quot-no-valid-certificates-available-for/td-p/3081365

0 Helpful

jennwee
Level 1
Level 1
In response to Marvin Rhoads

‎11-04-2017 08:29 PM

Dear Marvin,

 

My OS is Window 7 and my Cisco AnyConnect version 4.4.02034.

But I don't think it is the compatible issue.

As highlighted, if I use the same laptop to connect my Cisco AnyConnect via my mobile network (personal hotspot), then there is no issue....

 

Thanks

Jenn Wee

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎11-04-2017 06:06 AM

When its working fine, do you use username/password to authenticate. If so,
then this error message isn't relevant to your problem.

When you aren't able to connect to VPN, can you browse the VPN gateway
using https://##anyconnect-url###:443.
0 Helpful

jennwee
Level 1
Level 1
In response to Mohammed al Baqari

‎11-04-2017 08:37 PM

Dear Mohammed Baqari,

 

Yes, I need to use Username & Password for authentication every time... Usually if I able to reach this stage (Authentication phase), then I can successfully connect to VPN.

The problem I'm facing not allow me to go into that stage yet (if I connect via my home WiFi/LAN).....

 

I tried to browse the address below (https://##anyconnect-url###:443.) but it doesn't work.. just copy the address in the browser right?

 

Thanks

 

Jenn Wee

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to jennwee

‎11-04-2017 08:43 PM

If you are using username and password (vs client certificate) for authentication then the error message you are getting would seem to point to some corruption of your preferences file that's causing AnyConnect to try something that doesn't work well on LAN but works fine on hotspot.

 

That's quite odd (I've never seen it).

 

Have you ever tried on a different PC at home and if so do you see the same results with that? What about if you take your laptop to a different location with local wi-fi?

0 Helpful

jennwee
Level 1
Level 1
In response to Marvin Rhoads

‎11-04-2017 09:17 PM

Dear Marvin,

 

Yup, I must admit that it quite odd as well.

I tried to bring my laptop to my hometown and connect via different WiFi, it seems like I'm facing the same issue. The only common thing is the network is coming from same ISP..

Can ISP network cause problem?

 

Thanks

 

Jenn Wee

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to jennwee

‎11-04-2017 10:01 PM

It can be caused by the ISP, especially if your VPN profile uses a non-standard port (i.e. anything other than tcp/443). It is also true in some countries where the government regulates Internet access a bit more than is the norm worldwide.

 

Are you able to share what country you are in and your VPN profile (xml file)? You can find the latter in the folder  "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile.

 

There is also a file in "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client" called preferences_global.xml that may be informative.

0 Helpful

jennwee
Level 1
Level 1
In response to Marvin Rhoads

‎11-04-2017 10:13 PM

Dear Marvin,

 

Is the file hidden? I try to check the folder but I can't locate xml file.

As I'm using company laptop, I don't have the admin right to see those hidden files...

 

However, there is another question if the issue is link to ISP. How come my failure rate is not 100%? As highlighted in my earlier email, I do able to connect to VPN after multiple times of trying without changing anything though the success rate is very low (which prompt me to the authentication phase)..

 

Thanks

 

Jenn Wee

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to jennwee

‎11-04-2017 10:53 PM

ISP access restrictions sometimes (fail to) work intermittently.

 

If it's a company laptop perhaps your company's admin can open a case with Cisco TAC and work with them to look at the connection attempts in real time. Have you asked them if any other staff using that ISP have similar issues?

0 Helpful

jennwee
Level 1
Level 1
In response to Marvin Rhoads

‎11-05-2017 03:54 AM

Dear Marvin,

 

Nope that I know...

But nevertheless, I will try to open ticket and request my IT to investigate further.

Thank you for all the comments.

 

Jenn Wee

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to jennwee

‎11-05-2017 04:57 AM

If you are using username/password for authentication then the error
related to the certificate isn't relevant. This error is due to
configuration on the firewall. It is configured for certificate and
password authentication. In this case anyconnect client will try
certificate followed by password. But you clearly don't have client
authentication certificate hence you are seeing this error.

Now if you aren't able to browse the URL during the problem then its
problem with your service provider. They might be intercepting the
encrypted traffic and dropping it. I have seen this with some providers
especially in Indonesia.
0 Helpful

jennwee
Level 1
Level 1
In response to Mohammed al Baqari

‎11-05-2017 05:08 AM

Thanks Mohammed

Yup, I believe the issue (80% of the chances) should be coming from the service provider...

The problem now is how should I log ticket to them as their Tier 1 support is quite bad... I don't think they can fix the issue...

 

Any other possible solution? How about install the certificate locally? Will it help?

 

Jenn Wee

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to jennwee

‎11-05-2017 09:34 AM

Unfortunately it won't help. The only option you got is to work on 4g if
you know it works
0 Helpful

jennwee
Level 1
Level 1
In response to Mohammed al Baqari

‎11-08-2017 07:29 AM

Dear Mohammed,

 

Thank you for the comment.

I have logged ticket with my IT support and let's see if issue can be resolved.

I will try with other WiFi (but with same ISP), let's see if I'm still facing same issue or not

 

Thanks

 

JW

0 Helpful
Customers Also Viewed These Support Documents