One easy fix is to change the AnyConnect preferences on the AnyConnect client. There is only one checkbox regarding certificates. That way they can connect without having an issue.
The second solution would be to install the intermediate certificate authority on their boxes, as well as make sure they are going to the hostname of the certificate.
1. Verify hostname on certificate is the same hostname configured on the ASA. 2. Verify the certificate date is valid. 3. Verify the intermediate and root certificate are installed on ASA. 4. Verify the intermediate and root certificate are installed on client. 5. Verify that the certificates show up as valid on the client. 6. Upgrade AnyConnect client. 7. You could delete certificates on client and re-install them. In small case, I have seen them get corrupted.
check what you suggested and everything seems fine, as far as a most users are aware the VPN was working Friday. As far as I'm aware there have been no changes over the weekend.
