cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3372
Views
0
Helpful
11
Replies

Cisco AnyConnect on Windows Server 2016

AOertel
Level 1
Level 1

Hello Community,

we are forced by a supplier to start using Cisco AnyConnect for VPN connections.

From our workstations running Windows 10 / 11 it is working fine.

But for specific applications we want to use our terminalserver, since it requires an extra security dongle to log in.
After downloading the provided (by the supplier) Cisco AnyConnect Client and installing it (without error messages) I have tried to get the VPN starting in the same way I did on the workstations.

On the server i however got stuck with this problem:
AOertel_0-1683184407930.png

This is the software version provided:

AOertel_1-1683184448505.png

That is the preferences for this connection:

AOertel_2-1683184527546.png

It would be great someone could tell me what this error message could mean.
After hours of crawling the internet, calling the supplier for technical help and even trying Cisco technical support directly (no service contract, therefore no help by them) this is my last chance on finding some solution for this problem.

If I have missed out some needed informations for troubleshooting please be patient with me and ask me, so i can deliver the needed information as quickly as possible!

Thanks in advance

 



 

11 Replies 11

@AOertel hi, i did not seen any official document about anyconnect compatibility with windows server OS versions. i guess this can because compatibility issues. can you share the log in anyconnect?

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

AOertel
Level 1
Level 1

Hi Kasun,

sadly i have encountered the compatibility list as well, but hoped i still could it get running.
The log is attached.
I have taken it from: C:\Users\<myname>\.cisco\vpn\log

If that is not the correct one or if there is another place where to look, please give me a hint

@AOertel log is in anyconnect it self. you can see 'message history' tab in any connect. 

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

AOertel
Level 1
Level 1

Hello Kasun,
here is the requested log:

AOertel_0-1683267851221.png

 

Salman Mahajan
Cisco Employee
Cisco Employee

@AOertel 
As per the error , disconnection is triggered from the Headend Side . We would also need to check from Firewall side . 
Can you provide DART Log from client Side and " show log " output from FW . 

Marvin Rhoads
Hall of Fame
Hall of Fame

AnyConnect 4.9/4.10 and Secure Client 5.0 work OK on Windows Server 2016, 2019 and 2022. They are not listed in the compatibility guide because Cisco does not test them. I've used them personally though and can confirm based on that.

As noted, the error seen is resulting from something on the headend side. It could be any of several things. For example, a Posture Check to validate your OS version. Only the firewall administrator would be able to find the root cause as it would be indicated in their logs.

Are you config certificate auth  in asa?

AOertel
Level 1
Level 1

Hi all,

sorry for the late reply.

Since I am the Administrator of our IT-Systems i could do a check on my firewall but i would need some assistance from you (if possible)

A quick information on the topology:
I am running Cisco AnyConnect on a TerminalServer (WindowsServer 2016 Datacenter) which is hosted in an Azure-Environment.
The outgoing connections are routed through a virtualized Fortigate Firewall (hosted in Azure as well).

I would like to provide any logs from the firewall if this could help. But I have not heard of "DART Logs" yet.
Maybe someone can enlighten me, so I can provide those asap.

 

Thanks in advance.

AOertel
Level 1
Level 1

./push

maybe someone who can assist me on this?

It seems that your session doesn't get authorized. If you have DART module installed then you can open up AnyConnect main window, click on the cog icon bottom left, you should see a "Diagnostics" botton in AnyConnect VPN tab in the bottom left area. When you click on that "Diagnostics" botton it should start generating the DART bundle compressed file. Once the file is generated you can decompress it and look for the AnyConnect logs.

Another way to troubleshoot this issue would be to enable some debugs on the remote firewall, some useful debugs would be:

debug webvpn 127
debug webvpn anyconnect 127

If those don't return enough output to find out the issue, you can higher the level from 127 to 255 which is the maximum.

AOertel
Level 1
Level 1

Hi Aref,

thanks for your quick answer.

On clicking the small cog I can only see this:

 

AOertel_0-1687774971195.png

None of the tabs show a "Diagnostics" button, so i assume the Client which was provided (by an external party, which we are working together with) does not have DART?!

I am trying to get a version provided which has DART included.

Sadly we do not have access to the remote firewall.

I will update this as soon as we have some news.