Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3584
Views
0
Helpful
11
Replies

Cisco AnyConnect on Windows Server 2016

AOertel
Level 1
Level 1

‎05-04-2023 12:22 AM

Hello Community,

we are forced by a supplier to start using Cisco AnyConnect for VPN connections.

From our workstations running Windows 10 / 11 it is working fine.

But for specific applications we want to use our terminalserver, since it requires an extra security dongle to log in.
After downloading the provided (by the supplier) Cisco AnyConnect Client and installing it (without error messages) I have tried to get the VPN starting in the same way I did on the workstations.

On the server i however got stuck with this problem:
AOertel_0-1683184407930.png

This is the software version provided:

AOertel_1-1683184448505.png

That is the preferences for this connection:

AOertel_2-1683184527546.png

It would be great someone could tell me what this error message could mean.
After hours of crawling the internet, calling the supplier for technical help and even trying Cisco technical support directly (no service contract, therefore no help by them) this is my last chance on finding some solution for this problem.

If I have missed out some needed informations for troubleshooting please be patient with me and ask me, so i can deliver the needed information as quickly as possible!

Thanks in advance

 



 

Labels:
0 Helpful
11 Replies 11

Kasun Bandara
VIP
VIP

‎05-04-2023 01:39 AM - edited ‎05-04-2023 01:42 AM

@AOertel hi, i did not seen any official document about anyconnect compatibility with windows server OS versions. i guess this can because compatibility issues. can you share the log in anyconnect?

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

AOertel
Level 1
Level 1

‎05-04-2023 01:45 AM

Hi Kasun,

sadly i have encountered the compatibility list as well, but hoped i still could it get running.
The log is attached.
I have taken it from: C:\Users\<myname>\.cisco\vpn\log

If that is not the correct one or if there is another place where to look, please give me a hint

Preview file
32 KB
0 Helpful

Kasun Bandara
VIP
VIP
In response to AOertel

‎05-04-2023 05:20 AM

@AOertel log is in anyconnect it self. you can see 'message history' tab in any connect. 

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

AOertel
Level 1
Level 1

‎05-04-2023 11:24 PM

Hello Kasun,
here is the requested log:

AOertel_0-1683267851221.png

 

0 Helpful

Salman Mahajan
Cisco Employee
Cisco Employee

‎05-05-2023 12:00 AM

@AOertel 
As per the error , disconnection is triggered from the Headend Side . We would also need to check from Firewall side . 
Can you provide DART Log from client Side and " show log " output from FW . 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-05-2023 08:30 AM - edited ‎05-05-2023 08:32 AM

AnyConnect 4.9/4.10 and Secure Client 5.0 work OK on Windows Server 2016, 2019 and 2022. They are not listed in the compatibility guide because Cisco does not test them. I've used them personally though and can confirm based on that.

As noted, the error seen is resulting from something on the headend side. It could be any of several things. For example, a Posture Check to validate your OS version. Only the firewall administrator would be able to find the root cause as it would be indicated in their logs.

0 Helpful

MHM Cisco World
VIP
VIP

‎05-05-2023 08:50 AM

Are you config certificate auth  in asa?

0 Helpful

AOertel
Level 1
Level 1

‎05-24-2023 11:50 PM

Hi all,

sorry for the late reply.

Since I am the Administrator of our IT-Systems i could do a check on my firewall but i would need some assistance from you (if possible)

A quick information on the topology:
I am running Cisco AnyConnect on a TerminalServer (WindowsServer 2016 Datacenter) which is hosted in an Azure-Environment.
The outgoing connections are routed through a virtualized Fortigate Firewall (hosted in Azure as well).

I would like to provide any logs from the firewall if this could help. But I have not heard of "DART Logs" yet.
Maybe someone can enlighten me, so I can provide those asap.

 

Thanks in advance.

0 Helpful

AOertel
Level 1
Level 1

‎06-26-2023 02:39 AM

./push

maybe someone who can assist me on this?

0 Helpful

Aref Alsouqi
VIP
VIP
In response to AOertel

‎06-26-2023 03:17 AM

It seems that your session doesn't get authorized. If you have DART module installed then you can open up AnyConnect main window, click on the cog icon bottom left, you should see a "Diagnostics" botton in AnyConnect VPN tab in the bottom left area. When you click on that "Diagnostics" botton it should start generating the DART bundle compressed file. Once the file is generated you can decompress it and look for the AnyConnect logs.

Another way to troubleshoot this issue would be to enable some debugs on the remote firewall, some useful debugs would be:

debug webvpn 127
debug webvpn anyconnect 127

If those don't return enough output to find out the issue, you can higher the level from 127 to 255 which is the maximum.

0 Helpful

AOertel
Level 1
Level 1

‎06-26-2023 03:38 AM

Hi Aref,

thanks for your quick answer.

On clicking the small cog I can only see this:

 

AOertel_0-1687774971195.png

None of the tabs show a "Diagnostics" button, so i assume the Client which was provided (by an external party, which we are working together with) does not have DART?!

I am trying to get a version provided which has DART included.

Sadly we do not have access to the remote firewall.

I will update this as soon as we have some news.

0 Helpful
Customers Also Viewed These Support Documents