Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9569
Views
5
Helpful
6
Replies

Cisco VPN client on Windows 7 Professional x64. Connection fails.

e.brambilla.pilz.it
Level 1
Level 1

‎04-19-2011 04:24 AM

Hello, we are using Cisco VPN client to access our corporate network.

I have 5 new notebooks Dell Latitude E6410 OS Windows 7 Professional x64, with identical hardware configuration.

I downloaded Cisco VPN Client 5.0.07.440 (64 bit) and installed it on all notebooks. It works fine on 3 notebooks, while on 2 notebooks the VPN connection fails with error:

Secure VPN collection terminated locally by the client.

Reason 403: Unable to contact the security gateway

We use a smartcard for VPN access (etoken from Aladdin)

Here an extract from Cisco log:

Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7600

...Sev=Info/6    CERT/0x63600026 Attempting to find a Certificate using Serial Hash.
...Sev=Info/6    CERT/0x63600027 Found a Certificate using Serial Hash.
...Sev=Info/6    CERT/0x63600026 Attempting to find a Certificate using Serial Hash.
...Sev=Info/6    CERT/0x63600027 Found a Certificate using Serial Hash.
...Sev=Info/6    CERT/0x63600026 Attempting to find a Certificate using Serial Hash.
...Sev=Info/6    CERT/0x63600027 Found a Certificate using Serial Hash.
...Sev=Info/4    CERT/0x63600015 Cert (cn=<omissis>,ou=Remote,ou=Users,ou=<omissis>,dc=it,dc=<omissis>,dc=local) verification succeeded.
...Sev=Info/4    CM/0x63100002 Begin connection process
...Sev=Info/4    CM/0x63100004 Establish secure connection
...Sev=Info/4    CM/0x63100024 Attempt connection with server "<omissis>"
...Sev=Info/6    IKE/0x6300003B Attempting to establish a connection with <omissis>.
...Sev=Warning/2    CERT/0xA3600009 Could not load certificate cn=<omissis>,ou=Remote,ou=Users,ou=<omissis>,dc=it,dc=<omissis>,dc=local from store Microsoft User Certificate. Reason: store empty
...Sev=Warning/2    CERT/0xA3600004 If you are using a smartcard or token containing a certificate, verify that it is plugged in and try again.
...Sev=Warning/2    IKE/0xE3000008 Unable to open certificate (cn=<omissis>,ou=Remote,ou=Users,ou=<omissis>,dc=it,dc=<omissis>,dc=local). If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again.
...Sev=Warning/2    IKE/0xE300009B Failed to open my certificate (Connection:240)
...Sev=Warning/2    IKE/0xE300009A Failed to set up connection data
...Sev=Info/4    CM/0x6310001C Unable to contact server "<omissis>"
...Sev=Info/5    CM/0x63100025 Initializing CVPNDrv
...Sev=Info/6    CM/0x63100046 Set tunnel established flag in registry to 0.
...Sev=Info/4    IKE/0x63000001 IKE received signal to terminate VPN connection
------------------<cut>------------------

It seems the problem is in the certificate, but I verified and Cisco client says it's ok. It's also the only valid certificate in MMC->Certificates->Personal.

Furthermore, also using other smartcard (etokens) of other users it doesn't work.

Any suggestion?

Thanks,

Labels:
0 Helpful
6 Replies 6

matthew.carr
Level 1
Level 1

‎01-02-2013 09:43 AM

Hi, Was there any solution to this? I am having exactly the same issue on Windows 8.

0 Helpful

szauerviktor
Level 1
Level 1

‎01-21-2013 01:39 AM

Hi,

Was there any solution to this? I am also having exactly the same issue on Windows 8 x64 (with etoken from Aladdin).

0 Helpful

Andrew Phirsov
Level 7
Level 7

‎01-21-2013 03:40 AM

it looks like the client sees the certificate but cannot use it's private key for some reason. It's porbably got smth to do with pki-client, installed on that Windows PCs.

Marco Ferreira
Level 1
Level 1
In response to Andrew Phirsov

‎01-22-2013 03:40 AM

Go through the steps on the Citrix website it worked for our users using Windows 7 Prof

http://www.citrix.com/lang/English/lp/lp_1680845.asp

szauerviktor
Level 1
Level 1
In response to Marco Ferreira

‎01-22-2013 04:48 AM


Thanks but I did this already (How to fix DNE installation and other problems) and wasn't solving my problem.

I am open to any more suggestions.

0 Helpful

NorbertWagner
Level 1
Level 1

‎08-14-2013 07:11 AM

Same issue here, Windows 8 Pro 64bit, eToken (Aladdin) Pro (V.with Cisco Systems VPN Client Version 5.0.07.0440 -> VPN Error-Log :

20     12:59:24.194  08/14/13  Sev=Warning/2      CERT/0xA3600383

Could not load certificate cn=uxyz (VPN),ou=VPN,o=uxyz GmbH,st=Germany,c=DE from store Microsoft User Certificate. Reason: store empty

21     12:59:24.195  08/14/13  Sev=Warning/2      CERT/0xA3600456

If you are using a smartcard or token containing a certificate, verify that it is plugged in and try again.

22     12:59:24.195  08/14/13  Sev=Warning/2      IKE/0xE3000234

Unable to open certificate (cn=uxyz (VPN),ou=VPN,o=xyz GmbH,st=Germany,c=DE).

If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again.


VPN-Client Responding : Error 403

Thanks in advance for any ideas or solution !!

0 Helpful
Customers Also Viewed These Support Documents