cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
48474
Views
10
Helpful
7
Replies

Cisco Anyconnect VPN client disconnects 1-2 seconds after connecting

Craddockc
Level 3
Level 3

Community,

I am experiencing an issue wherein several users attempt to connect to the VPN using anyconnect, it connects to the external IP on the firewall, prompts for credentials, and after entering their credentials it connects and then immediately disconnects. Our syslog server shows the following:

May 3 11:37:38 10.100.98.4 : %ASA-4-722041: TunnelGroup <DefaultWEBVPNGroup> GroupPolicy <CsrVPN> User <jgoggin> IP <38.x.x.66> No IPv6 address available for SVC connection

May 3 11:37:13 10.100.98.4 : %ASA-4-113019: Group = DefaultWEBVPNGroup, Username = jgoggin, IP = 38.x.x.66, Session disconnected. Session Type: AnyConnect-Parent, Duration: 0h:00m:02s, Bytes xmt: 10727, Bytes rcv: 3399, Reason: User Requested

May 3 11:37:28 10.100.98.4 : %ASA-4-113019: Group = DefaultWEBVPNGroup, Username = jgoggin, IP = 38.x.x.66, Session disconnected. Session Type: AnyConnect-Parent, Duration: 0h:00m:04s, Bytes xmt: 10727, Bytes rcv: 3399, Reason: User Requested

May 3 13:10:35 10.100.98.4 : %ASA-4-722041: TunnelGroup <DefaultWEBVPNGroup> GroupPolicy <CsrVPN> User <jhall> IP <38.116.28.66> No IPv6 address available for SVC connection

May 3 13:10:36 10.100.98.4 : %ASA-4-113019: Group = DefaultWEBVPNGroup, Username = jhall, IP = 38.x.x.66, Session disconnected. Session Type: AnyConnect-Parent, Duration: 0h:00m:03s, Bytes xmt: 10728, Bytes rcv: 3407, Reason: User Requested

May 3 15:07:58 10.100.98.4 : %ASA-4-113019: Group = DefaultWEBVPNGroup, Username = sdolan, IP = 38.x.x.66, Session disconnected. Session Type: AnyConnect-Parent, Duration: 0h:00m:04s, Bytes xmt: 10727, Bytes rcv: 3399, Reason: User Requested

Please notice that the duration of the tunnel is only a few seconds and that the Reason is "User requested" eventhough the anyconnect client disconnected automatically. I did notice that all the users who were having this issue were in the CsrVPN group. Users in other groups dont seem to be affected. Also, not all users in the CsrVPN group are having this issue, just a few.  If we move the user in Active Directory to a different Group Policy group, they can get on without issue. 

A couple of users who were having this issue (jgoggin above is one of them), all of a sudden were able to connect again "magically" after awhile.

Has anyone run into this before? Thanks.

7 Replies 7

Try to install DART and get diagnostics when the problem takes place

Mohammed,

Ive attached the DART files, one from a success and one from a failure. Please note that when I move the user from the DevVPN or CsrVPN group in AD to our PocVPN group it works. When I move the user back to either of the other 2 groups in AD it fails. Ive pasted below where the failure starts to occur. At this point I have no idea why group policy would cause this failure but it definitely seems to be related. 

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnagent

Description : Function: CSocketTransport::callbackHandler
File: .\IPC\SocketTransport.cpp
Line: 1830
Invoked Function: ::WSARecv/::WSARecvFrom
Return Code: 10058 (0x0000274A)
Description: A request to send or receive data was disallowed because the socket had already been shut down in that direction with a previous shutdown call.

Zero bytes transferred

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnagent

Description : Function: CTlsProtocol::OnSocketReadComplete
File: .\TlsProtocol.cpp
Line: 766
Invoked Function: CSocketTransport::readSocket
Return Code: -31588336 (0xFE1E0010)
Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was shutdown by the operating system or a remote peer.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnagent

Description : Function: CCstpProtocol::OnTunnelReadComplete
File: .\CstpProtocol.cpp
Line: 1393
Invoked Function: CSslProtocol::OnTunnelReadComplete
Return Code: -31588336 (0xFE1E0010)
Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was shutdown by the operating system or a remote peer.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnagent

Description : Function: CTunnelStateMgr::OnTunnelInitiateComplete
File: .\TunnelStateMgr.cpp
Line: 1210
Invoked Function: Initiate tunnel callback status
Return Code: -31588336 (0xFE1E0010)
Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was shutdown by the operating system or a remote peer.
SSL tunnel state 0

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnagent

Description : Function: CTlsTunnelMgr::OnTunnelInitiateComplete
File: .\TlsTunnelMgr.cpp
Line: 1088
Invoked Function: CTlsTunnelMgr::OnTunnelInitiateComplete
Return Code: -31588336 (0xFE1E0010)
Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was shutdown by the operating system or a remote peer.
callback

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnagent

Description : Function: CVpnMgr::processInitiateTunnelComplete
File: .\VpnMgr.cpp
Line: 5680
Invoked Function: Initiate Tunnel Status Code
Return Code: -31588336 (0xFE1E0010)
Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was shutdown by the operating system or a remote peer.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnagent

Description : Function: CNetEnvironment::logProbeFailure
File: .\NetEnvironment.cpp
Line: 1417
The HTTPS probe to 38.116.28.2 resulted in a redirect.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnagent

Description : Function: CNetEnvironment::analyzeHttpResponse
File: .\NetEnvironment.cpp
Line: 1616
SG (38.116.28.2) contacted

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnagent

Description : Termination reason code 16:
Failed to fully establish a connection to the secure gateway (proxy authentication, handshake, bad cert, etc.).

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Warning
Source : acvpnagent

Description : Function: CVpnMgr::main
File: .\VpnMgr.cpp
Line: 1791
Invoked Function: CVpnMgr::initiateTunnel
Return Code: -32964592 (0xFE090010)
Description: VPNMGR_ERROR_TERMINATING:The requested function could not be performed or was aborted because the VPN session is terminating.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnagent

Description : Termination reason code 16:
Failed to fully establish a connection to the secure gateway (proxy authentication, handshake, bad cert, etc.).

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnagent

Description : Function: CTND::OnTunnelStateChange
File: .\TND.cpp
Line: 1970
tunnel state change notification (new 3, old 0)

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnagent

Description : The Primary SSL connection to the secure gateway is being torn down.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnagent

Description : Function: CTND::OnTunnelStateChange
File: .\TND.cpp
Line: 1970
tunnel state change notification (new 3, old 3)

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnagent

Description : Function: CCstpProtocol::terminateTunnel
File: .\CstpProtocol.cpp
Line: 500
Tunnel going down without close-message being sent

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Warning
Source : acvpnagent

Description : A SSL Alert was sent by the client during a write operation. Severity: warning Description: close notify

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnagent

Description : The Primary SSL connection to the secure gateway is down.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnagent

Description : Function: CTND::OnTunnelStateChange
File: .\TND.cpp
Line: 1970
tunnel state change notification (new 3, old 3)

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : VPN state: Disconnecting
Network state: Network Accessible
Network control state: Network Access: Available
Network type: Undefined

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : Function: ClientIfcBase::getStateMessage
File: .\ClientIfcBase.cpp
Line: 2268
Disconnect in progress.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : Message type information sent to the user:
Disconnect in progress, please wait...

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Warning
Source : acvpnui

Description : Function: CScriptingMgr::TunnelStateChange
File: .\Scripting\ScriptingMgr.cpp
Line: 200
Ignoring queued scripting event (2) which was never processed.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnagent

Description : Function: FileMove
File: .\Utility\NativeSysFileCopy.cpp
Line: 548
Replacing file C:\Windows\system32\drivers\etc\hosts, with file C:\Windows\system32\drivers\etc\hosts.ac

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Warning
Source : acvpnagent

Description : Function: CHostConfigMgr::DeterminePublicInterface
File: .\HostConfigMgr.cpp
Line: 2345
Invoked Function: CHostConfigMgr::updatePotentialPublicAddresses
Return Code: -28835833 (0xFE480007)
Description: HOSTCONFIGMGR_ERROR_NOT_INITIALIZED

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnagent

Description : Function: CMainThread::applyHostConfigForNoVpn
File: .\MainThread.cpp
Line: 10367
Invoked Function: CHostConfigMgr::DeterminePublicInterface
Return Code: -28835833 (0xFE480007)
Description: HOSTCONFIGMGR_ERROR_NOT_INITIALIZED

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnagent

Description : Function: CMainThread::RestoreHostConfigToPreAuthConditions
File: .\MainThread.cpp
Line: 12466
Invoked Function: CMainThread::applyHostConfigForNoVpn
Return Code: -28835833 (0xFE480007)
Description: HOSTCONFIGMGR_ERROR_NOT_INITIALIZED

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnagent

Description : Function: CMainThread::startVpnTunnel
File: .\MainThread.cpp
Line: 1939
Invoked Function: CMainThread::RestoreHostConfigToPreAuthConditions
Return Code: -28835833 (0xFE480007)
Description: HOSTCONFIGMGR_ERROR_NOT_INITIALIZED

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : Function: AgentIfc::suppressTerminateErrorPopup
File: .\AgentIfc.cpp
Line: 513
AgentIfc :: suppressTerminateErrorPopup[5]. - [YES]

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : Message type error sent to the user:
The VPN client failed to establish a connection.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnagent

Description : Function: CLoginUtils::SetAnyConnectLaunchAtLogin
File: .\Utility\LoginUtils.cpp
Line: 70
Invoked Function: changeAnyConnectRunKeyValue
Return Code: -28246007 (0xFE510009)
Description: LOGINUTILS_ERROR_UNEXPECTED

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnagent

Description : Function: CMainThread::startVpnTunnel
File: .\MainThread.cpp
Line: 1980
Invoked Function: CLoginUtilsMgr::SetAnyConnectLaunchAtLogin
Return Code: -28246007 (0xFE510009)
Description: LOGINUTILS_ERROR_UNEXPECTED

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnagent

Description : Function: CTND::OnTunnelStateChange
File: .\TND.cpp
Line: 1970
tunnel state change notification (new 4, old 3)

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnagent

Description : Cisco AnyConnect Secure Mobility Client connection terminated.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnagent

Description : Function: CMainThread::Run
File: .\MainThread.cpp
Line: 471
Invoked Function: CMainThread::startVpnTunnel
Return Code: -28246007 (0xFE510009)
Description: LOGINUTILS_ERROR_UNEXPECTED

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpndownloader

Description : Function: CThread::WaitForCompletion
File: ..\Common\Utility\Thread.cpp
Line: 299
The thread (0x00000948) has successfully completed execution.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpndownloader

Description : Cisco AnyConnect Secure Mobility Client Downloader exiting, version 4.2.01035 , return code 3 [0x00000003]

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnui

Description : Function: ConnectMgr::launchCachedDownloader
File: .\ConnectMgr.cpp
Line: 6848
Invoked Function: ConnectMgr :: launchCachedDownloader
Return Code: 3 (0x00000003)
Description: Cached Downloader terminated abnormally

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : Using default preferences. Some settings (e.g. certificate matching) may not function as expected if a local profile is expected to be used. Verify that the selected host is in the server list section of the profile and that the profile is configured on the secure gateway.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Warning
Source : acvpnui

Description : Function: ProfileMgr::getProfileNameFromHost
File: .\ProfileMgr.cpp
Line: 808
No profile available for host vpn.cedardoc.com.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Warning
Source : acvpnui

Description : Function: ProfileMgr::getProfileNameFromHost
File: .\ProfileMgr.cpp
Line: 808
No profile available for host vpn.cedardoc.com.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Warning
Source : acvpnui

Description : Function: ProfileMgr::getProfileNameFromHost
File: .\ProfileMgr.cpp
Line: 808
No profile available for host vpn.cedardoc.com.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Warning
Source : acvpnui

Description : Function: ConnectMgr::reloadPreferencesAfterUpdates
File: .\ConnectMgr.cpp
Line: 9263
Secure gateway (vpn.cedardoc.com) was not found in profile .

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : Message type information sent to the user:
Connection attempt has failed.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : Message type error sent to the user:
AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnui

Description : Function: ConnectMgr::processIfcData
File: .\ConnectMgr.cpp
Line: 3099
Invoked Function: ConnectMgr::initiateTunnel
Return Code: -29622263 (0xFE3C0009)
Description: CONNECTMGR_ERROR_UNEXPECTED

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : Function: CTransportWinHttp::setResponseData
File: .\CTransportWinHttp.cpp
Line: 1632
Invoked Function: WinHttpQueryHeaders
Return Code: 12150 (0x00002F76)
Description: The requested header was not found

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Error
Source : acvpnui

Description : Function: ConnectMgr::sendResponse
File: .\ConnectMgr.cpp
Line: 4981
ConnectMgr::processIfcData failed

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : VPN state: Disconnected
Network state: Network Accessible
Network control state: Network Access: Available
Network type: Undefined

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : Function: ConnectMgr::setConnectRequestComplete
File: .\ConnectMgr.cpp
Line: 9074
Connect request complete. Proceeding to cleanup.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : Function: ConnectMgr::cancelUserAuth
File: .\ConnectMgr.cpp
Line: 4642
Authentication cancelled

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : VPN state: Disconnected
Network state: Network Accessible
Network control state: Network Access: Available
Network type: Undefined

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : Function: ConnectMgr::setConnectRequestComplete
File: .\ConnectMgr.cpp
Line: 9074
Connect request complete. Proceeding to cleanup.

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Warning
Source : acvpnui

Description : Function: CVpnApiShim::ClosePopup
File: .\ApiShim.cpp
Line: 1995
No popup found of the given ID

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Warning
Source : acvpnui

Description : Function: CVpnApiShim::ClosePopup
File: .\ApiShim.cpp
Line: 1995
No popup found of the given ID

******************************************

Date : 05/04/2017
Time : 12:18:43
Type : Information
Source : acvpnui

Description : Message type information sent to the user:
Ready to connect.

******************************************

Date : 05/04/2017
Time : 12:18:44
Type : Information
Source : acvpnui

Description : VPN state: Disconnected
Network state: Network Accessible
Network control state: Network Access: Available
Network type: Undefined

******************************************

Date : 05/04/2017
Time : 12:18:44
Type : Information
Source : acvpnui

Description : Function: ConnectMgr::setConnectRequestComplete
File: .\ConnectMgr.cpp
Line: 9074
Connect request complete. Proceeding to cleanup.

******************************************

Date : 05/04/2017
Time : 12:18:44
Type : Information
Source : acvpnui

Description : Message type information sent to the user:
Ready to connect.

******************************************

Date : 05/04/2017
Time : 12:18:44
Type : Warning
Source : acvpnui

Description : Function: CVpnApiShim::ClosePopup
File: .\ApiShim.cpp
Line: 1995
No popup found of the given ID

******************************************

Date : 05/04/2017
Time : 12:18:44
Type : Warning
Source : acvpnui

Description : Function: CScriptingMgr::TunnelStateChange
File: .\Scripting\ScriptingMgr.cpp
Line: 200
Ignoring queued scripting event (2) which was never processed.

******************************************

Date : 05/04/2017
Time : 12:18:44
Type : Information
Source : acvpnui

Description : Cisco AnyConnect Secure Mobility Client Statistics at Disconnect:

Cisco AnyConnect Secure Mobility Client Version 4.2.01035

VPN Stats
Bytes Received: 0
Bytes Sent: 0
Compressed Bytes Received: 0
Compressed Bytes Sent: 0
Compressed Packets Received: 0
Compressed Packets Sent: 0
Control Bytes Received: 0
Control Bytes Sent: 0
Control Packets Received: 0
Control Packets Sent: 0
Encrypted Bytes Received: 0
Encrypted Bytes Sent: 0
Encrypted Packets Received: 0
Encrypted Packets Sent: 0
Inbound Bypassed Packets: 0
Inbound Discarded Packets: 0
Outbound Bypassed Packets: 0
Outbound Discarded Packets: 0
Packets Received: 0
Packets Sent: 0
Time Connected: 00:00:00

******************************************

Date : 05/04/2017
Time : 12:18:44
Type : Warning
Source : acvpnui

Description : Function: MOutlineListBox::ParseXml
File: .\ModuleControl.cpp
Line: 1693
Invalid XML for a row, not enough columns

******************************************

Date : 05/04/2017
Time : 12:18:44
Type : Warning
Source : acvpnui

Description : Function: MOutlineListBox::ParseXml
File: .\ModuleControl.cpp
Line: 1693
Invalid XML for a row, not enough columns

******************************************

Date : 05/04/2017
Time : 12:18:44
Type : Warning
Source : acvpnui

Description : Function: MOutlineListBox::ParseXml
File: .\ModuleControl.cpp
Line: 1693
Invalid XML for a row, not enough columns

******************************************

Date : 05/04/2017
Time : 12:18:48
Type : Information
Source : acvpnagent

Description : Function: CThread::createThread
File: .\Utility\Thread.cpp
Line: 238
The thread (0x00000918) has been successfully created.

******************************************

Date : 05/04/2017
Time : 12:18:48
Type : Error
Source : acvpnagent

Description : Function: CThread::invokeRun
File: .\Utility\Thread.cpp
Line: 435
Invoked Function: IRunnable::Run
Return Code: -32112629 (0xFE16000B)
Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

******************************************

Date : 05/04/2017
Time : 12:18:53
Type : Information
Source : acvpnagent

Description : Function: CThread::WaitForCompletion
File: .\Utility\Thread.cpp
Line: 299
The thread (0x00000918) has successfully completed execution.

******************************************

experiencing something similar, problem just cleared on its own.

any update on this?

Luis,

My issue also seems to be clearing on its own. I did go ahead and upload the latest Anyconnect images (4.4.x) for both Mac and Windows to my ASA's, forcing people to update the next time they connect to VPN. After the updates it seems to be working again for affected users. Still cant explain what caused it. 

I've got the same issue, I can connect using the client to one of my ASAs but noe the other, the one I cannot connect to is a new configuration, but both are running the same ASA version and use the same XML...  I've re-checked everything I can think of at least 3 times, the authentication says it's completed, but then it dies exactly the same way.

bpersonick,

Make sure the images that reside in the "Anyconnect Client Software" section of the ASA are the same versions that the clients are running. TAC found that the versions running on my clients weren't in this repository. They stated that this could cause clients to disconnect intermittently. After doing this, the problem slowly started to resolve itself for me. 

I think this would be a good practice. However, in environments that are running multiple different versions of the same operating system, it would be hard to find a version of the client that works with all the different clients, hardware, vendor, etc.