Users are getting a Certificate validation error when trying to connect to vpn through the Cisco anyconnect client. We have them delete the profiles folder in the c: drive and they can connect fine. They could delete the folder everytime but the users would get frustrated. All of these users have the correct cert, but it's been a growing issue.
HI Charles, a coupl of questions to understand your environement.
What versions of ASA and AnyConnect client is this occurring on?
What OS plaforms do you see the problem with?
Did cert-authentication ever work, or is this a random problem?
anyconnect version 2.4
OS platforms is XP and 7
Yes the cert auth did work, then after a disconnect they get the certificate validation error.
Hope this helps!
Yeah the certs are still valid, when we delete the profile folder from there pc they connect fine.
Nothing has changed config wise either.
ASA ver is 8.2(2)
ADSM ver 6.2(5)
Charles, thi sneeds to be debugged further to diagnose the problem.
Looking At AnyConnect (AC) 2.5.x and even 3.x Release Notes, there are some bug fixes for certifcates in there.
If you are willing to do some testing yourself on a problematic PC, you could try to get a new AnyConnect (AC) 2.5.x on a PC to see if the issue goes away.
If the above is not possible then I recommend you open a TAC case and attach the DART and if possible wireshark trace on the PC for the AC connection attempt .
DART is the Diagnostic AnyConnect Reporting Tool and its installation/use is explained here http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/administration/guide/ac08managemonitortbs.html#wp1055965