04-19-2011 04:24 AM
Hello, we are using Cisco VPN client to access our corporate network.
I have 5 new notebooks Dell Latitude E6410 OS Windows 7 Professional x64, with identical hardware configuration.
I downloaded Cisco VPN Client 5.0.07.440 (64 bit) and installed it on all notebooks. It works fine on 3 notebooks, while on 2 notebooks the VPN connection fails with error:
Secure VPN collection terminated locally by the client.
Reason 403: Unable to contact the security gateway
We use a smartcard for VPN access (etoken from Aladdin)
Here an extract from Cisco log:
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7600
...Sev=Info/6 CERT/0x63600026 Attempting to find a Certificate using Serial Hash.
...Sev=Info/6 CERT/0x63600027 Found a Certificate using Serial Hash.
...Sev=Info/6 CERT/0x63600026 Attempting to find a Certificate using Serial Hash.
...Sev=Info/6 CERT/0x63600027 Found a Certificate using Serial Hash.
...Sev=Info/6 CERT/0x63600026 Attempting to find a Certificate using Serial Hash.
...Sev=Info/6 CERT/0x63600027 Found a Certificate using Serial Hash.
...Sev=Info/4 CERT/0x63600015 Cert (cn=<omissis>,ou=Remote,ou=Users,ou=<omissis>,dc=it,dc=<omissis>,dc=local) verification succeeded.
...Sev=Info/4 CM/0x63100002 Begin connection process
...Sev=Info/4 CM/0x63100004 Establish secure connection
...Sev=Info/4 CM/0x63100024 Attempt connection with server "<omissis>"
...Sev=Info/6 IKE/0x6300003B Attempting to establish a connection with <omissis>.
...Sev=Warning/2 CERT/0xA3600009 Could not load certificate cn=<omissis>,ou=Remote,ou=Users,ou=<omissis>,dc=it,dc=<omissis>,dc=local from store Microsoft User Certificate. Reason: store empty
...Sev=Warning/2 CERT/0xA3600004 If you are using a smartcard or token containing a certificate, verify that it is plugged in and try again.
...Sev=Warning/2 IKE/0xE3000008 Unable to open certificate (cn=<omissis>,ou=Remote,ou=Users,ou=<omissis>,dc=it,dc=<omissis>,dc=local). If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again.
...Sev=Warning/2 IKE/0xE300009B Failed to open my certificate (Connection:240)
...Sev=Warning/2 IKE/0xE300009A Failed to set up connection data
...Sev=Info/4 CM/0x6310001C Unable to contact server "<omissis>"
...Sev=Info/5 CM/0x63100025 Initializing CVPNDrv
...Sev=Info/6 CM/0x63100046 Set tunnel established flag in registry to 0.
...Sev=Info/4 IKE/0x63000001 IKE received signal to terminate VPN connection
------------------<cut>------------------
It seems the problem is in the certificate, but I verified and Cisco client says it's ok. It's also the only valid certificate in MMC->Certificates->Personal.
Furthermore, also using other smartcard (etokens) of other users it doesn't work.
Any suggestion?
Thanks,
01-02-2013 09:43 AM
Hi, Was there any solution to this? I am having exactly the same issue on Windows 8.
01-21-2013 01:39 AM
Hi,
Was there any solution to this? I am also having exactly the same issue on Windows 8 x64 (with etoken from Aladdin).
01-21-2013 03:40 AM
it looks like the client sees the certificate but cannot use it's private key for some reason. It's porbably got smth to do with pki-client, installed on that Windows PCs.
01-22-2013 03:40 AM
Go through the steps on the Citrix website it worked for our users using Windows 7 Prof
01-22-2013 04:48 AM
Thanks but I did this already (How to fix DNE installation and other problems) and wasn't solving my problem.
I am open to any more suggestions.
08-14-2013 07:11 AM
Same issue here, Windows 8 Pro 64bit, eToken (Aladdin) Pro (V.with Cisco Systems VPN Client Version 5.0.07.0440 -> VPN Error-Log :
20 12:59:24.194 08/14/13 Sev=Warning/2 CERT/0xA3600383
Could not load certificate cn=uxyz (VPN),ou=VPN,o=uxyz GmbH,st=Germany,c=DE from store Microsoft User Certificate. Reason: store empty
21 12:59:24.195 08/14/13 Sev=Warning/2 CERT/0xA3600456
If you are using a smartcard or token containing a certificate, verify that it is plugged in and try again.
22 12:59:24.195 08/14/13 Sev=Warning/2 IKE/0xE3000234
Unable to open certificate (cn=uxyz (VPN),ou=VPN,o=xyz GmbH,st=Germany,c=DE).
If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again.
VPN-Client Responding : Error 403
Thanks in advance for any ideas or solution !!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: