we are forced by a supplier to start using Cisco AnyConnect for VPN connections.
From our workstations running Windows 10 / 11 it is working fine.
But for specific applications we want to use our terminalserver, since it requires an extra security dongle to log in.
After downloading the provided (by the supplier) Cisco AnyConnect Client and installing it (without error messages) I have tried to get the VPN starting in the same way I did on the workstations.
On the server i however got stuck with this problem:
This is the software version provided:
That is the preferences for this connection:
It would be great someone could tell me what this error message could mean.
After hours of crawling the internet, calling the supplier for technical help and even trying Cisco technical support directly (no service contract, therefore no help by them) this is my last chance on finding some solution for this problem.
If I have missed out some needed informations for troubleshooting please be patient with me and ask me, so i can deliver the needed information as quickly as possible!
Thanks in advance
AnyConnect 4.9/4.10 and Secure Client 5.0 work OK on Windows Server 2016, 2019 and 2022. They are not listed in the compatibility guide because Cisco does not test them. I've used them personally though and can confirm based on that.
As noted, the error seen is resulting from something on the headend side. It could be any of several things. For example, a Posture Check to validate your OS version. Only the firewall administrator would be able to find the root cause as it would be indicated in their logs.
sorry for the late reply.
Since I am the Administrator of our IT-Systems i could do a check on my firewall but i would need some assistance from you (if possible)
A quick information on the topology:
I am running Cisco AnyConnect on a TerminalServer (WindowsServer 2016 Datacenter) which is hosted in an Azure-Environment.
The outgoing connections are routed through a virtualized Fortigate Firewall (hosted in Azure as well).
I would like to provide any logs from the firewall if this could help. But I have not heard of "DART Logs" yet.
Maybe someone can enlighten me, so I can provide those asap.
Thanks in advance.
It seems that your session doesn't get authorized. If you have DART module installed then you can open up AnyConnect main window, click on the cog icon bottom left, you should see a "Diagnostics" botton in AnyConnect VPN tab in the bottom left area. When you click on that "Diagnostics" botton it should start generating the DART bundle compressed file. Once the file is generated you can decompress it and look for the AnyConnect logs.
Another way to troubleshoot this issue would be to enable some debugs on the remote firewall, some useful debugs would be:
debug webvpn 127
debug webvpn anyconnect 127
If those don't return enough output to find out the issue, you can higher the level from 127 to 255 which is the maximum.
thanks for your quick answer.
On clicking the small cog I can only see this:
None of the tabs show a "Diagnostics" button, so i assume the Client which was provided (by an external party, which we are working together with) does not have DART?!
I am trying to get a version provided which has DART included.
Sadly we do not have access to the remote firewall.
I will update this as soon as we have some news.