04-19-2011 04:24 AM
Hello, we are using Cisco VPN client to access our corporate network.
I have 5 new notebooks Dell Latitude E6410 OS Windows 7 Professional x64, with identical hardware configuration.
I downloaded Cisco VPN Client 5.0.07.440 (64 bit) and installed it on all notebooks. It works fine on 3 notebooks, while on 2 notebooks the VPN connection fails with error:
Secure VPN collection terminated locally by the client.
Reason 403: Unable to contact the security gateway
We use a smartcard for VPN access (etoken from Aladdin)
Here an extract from Cisco log:
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7600
...Sev=Info/6 CERT/0x63600026 Attempting to find a Certificate using Serial Hash.
...Sev=Info/6 CERT/0x63600027 Found a Certificate using Serial Hash.
...Sev=Info/6 CERT/0x63600026 Attempting to find a Certificate using Serial Hash.
...Sev=Info/6 CERT/0x63600027 Found a Certificate using Serial Hash.
...Sev=Info/6 CERT/0x63600026 Attempting to find a Certificate using Serial Hash.
...Sev=Info/6 CERT/0x63600027 Found a Certificate using Serial Hash.
...Sev=Info/4 CERT/0x63600015 Cert (cn=<omissis>,ou=Remote,ou=Users,ou=<omissis>,dc=it,dc=<omissis>,dc=local) verification succeeded.
...Sev=Info/4 CM/0x63100002 Begin connection process
...Sev=Info/4 CM/0x63100004 Establish secure connection
...Sev=Info/4 CM/0x63100024 Attempt connection with server "<omissis>"
...Sev=Info/6 IKE/0x6300003B Attempting to establish a connection with <omissis>.
...Sev=Warning/2 CERT/0xA3600009 Could not load certificate cn=<omissis>,ou=Remote,ou=Users,ou=<omissis>,dc=it,dc=<omissis>,dc=local from store Microsoft User Certificate. Reason: store empty
...Sev=Warning/2 CERT/0xA3600004 If you are using a smartcard or token containing a certificate, verify that it is plugged in and try again.
...Sev=Warning/2 IKE/0xE3000008 Unable to open certificate (cn=<omissis>,ou=Remote,ou=Users,ou=<omissis>,dc=it,dc=<omissis>,dc=local). If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again.
...Sev=Warning/2 IKE/0xE300009B Failed to open my certificate (Connection:240)
...Sev=Warning/2 IKE/0xE300009A Failed to set up connection data
...Sev=Info/4 CM/0x6310001C Unable to contact server "<omissis>"
...Sev=Info/5 CM/0x63100025 Initializing CVPNDrv
...Sev=Info/6 CM/0x63100046 Set tunnel established flag in registry to 0.
...Sev=Info/4 IKE/0x63000001 IKE received signal to terminate VPN connection
------------------<cut>------------------
It seems the problem is in the certificate, but I verified and Cisco client says it's ok. It's also the only valid certificate in MMC->Certificates->Personal.
Furthermore, also using other smartcard (etokens) of other users it doesn't work.
Any suggestion?
Thanks,
01-02-2013 09:43 AM
Hi, Was there any solution to this? I am having exactly the same issue on Windows 8.
01-21-2013 01:39 AM
Hi,
Was there any solution to this? I am also having exactly the same issue on Windows 8 x64 (with etoken from Aladdin).
01-21-2013 03:40 AM
it looks like the client sees the certificate but cannot use it's private key for some reason. It's porbably got smth to do with pki-client, installed on that Windows PCs.
01-22-2013 03:40 AM
Go through the steps on the Citrix website it worked for our users using Windows 7 Prof
01-22-2013 04:48 AM
Thanks but I did this already (How to fix DNE installation and other problems) and wasn't solving my problem.
I am open to any more suggestions.
08-14-2013 07:11 AM
Same issue here, Windows 8 Pro 64bit, eToken (Aladdin) Pro (V.with Cisco Systems VPN Client Version 5.0.07.0440 -> VPN Error-Log :
20 12:59:24.194 08/14/13 Sev=Warning/2 CERT/0xA3600383
Could not load certificate cn=uxyz (VPN),ou=VPN,o=uxyz GmbH,st=Germany,c=DE from store Microsoft User Certificate. Reason: store empty
21 12:59:24.195 08/14/13 Sev=Warning/2 CERT/0xA3600456
If you are using a smartcard or token containing a certificate, verify that it is plugged in and try again.
22 12:59:24.195 08/14/13 Sev=Warning/2 IKE/0xE3000234
Unable to open certificate (cn=uxyz (VPN),ou=VPN,o=xyz GmbH,st=Germany,c=DE).
If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again.
VPN-Client Responding : Error 403
Thanks in advance for any ideas or solution !!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide