03-09-2017 03:09 AM
I installed Anyconnect. When I login I get these two errors.
03-09-2017 05:23 AM
Are you using any features like Always On or Trusted network detection with Anyconnect? This would require you to have trusted certificate on the ASA. Can you share what the Connection profile and Client XML profile settings are on the ASA?
And I believe the "no valid certificate" error is usually seen when you have set it do client certificate authentication. I have seen this pop up as a warning even during a AAA only connection if you have one other tunnel-group set to cert auth.
03-09-2017 10:15 PM
It's installed on a Windows Server 2016 hosted on AWS. I did no changes just a clean install. It runs fine on my Windows 7 machine.
It seemed to me that there are no certificates for Anyconnect so I exported one from my machine and installed it here on the server. Didn't work. Please help..
03-16-2017 11:59 AM
Are you using client certificate based authentication on the ASA? When you exported the certificate from your Windows 7 machine and re-imported it, did you export the private key along with the certificate?
03-17-2017 01:49 AM
I am not sure if I imported the private key along. Any help how can I do that?
03-16-2017 03:10 AM
Any idea how to resolve the issue?
10-26-2017 01:37 PM
Hello @arpit,
Can you share the DART file for AnyConnect in order to verify what happens when it tries to check the certificate on the machine?
HTH
Gio
02-04-2019 09:19 AM
10-26-2017 01:21 PM
This seemed like an odd issue, to me. I have a user that is getting this exact same error but this tunnel group on this ASA is not even configured for certificate authentication. I'm pasting the user's message below because the user provided log messages for the failures. I'm going to request the successful attempt logs, too. I wouldn't have believed this if I didn't see the URL myself. However, after reading the posts above I decided to look at the DAP and found that always on is enabled on every policy in the DAPs. Now I'm wondering if that is the culprit.
I seem to have difficulty connecting to the VPN and get the error that "No valid certificates available for authentication." This isn't the first time I've had this issue, but it was the first time it took so long to get it to finally connect. |
Here is the log from my trying yesterday morning. I'm not sure what eventually made it work, but it did. Is there something I am doing wrong? It took me 20 minutes before I was able to get connected. Unfortunately I didn't go back and add the log messages from the successful connection. |
10/25/2017 |
6:12:14 AM Ready to connect. |
6:13:57 AM Contacting [URL ENABLED FOR ANYCONNECT ON ASA]. |
6:14:57 AM Connection attempt has failed. |
6:14:58 AM No valid certificates available for authentication. |
6:14:58 AM Connection attempt has failed. |
6:15:14 AM Contacting [URL ENABLED FOR ANYCONNECT ON ASA]. |
6:16:14 AM Connection attempt has failed. |
6:16:15 AM No valid certificates available for authentication. |
6:16:15 AM Connection attempt has failed. |
6:16:40 AM Contacting [URL ENABLED FOR ANYCONNECT ON ASA]. |
6:17:40 AM Connection attempt has failed. |
6:17:41 AM No valid certificates available for authentication. |
6:17:41 AM Connection attempt has failed. |
6:17:49 AM Contacting [URL ENABLED FOR ANYCONNECT ON ASA]. |
6:18:49 AM Connection attempt has failed. |
6:18:50 AM No valid certificates available for authentication. |
6:18:50 AM Connection attempt has failed. |
6:19:07 AM Contacting [URL ENABLED FOR ANYCONNECT ON ASA]. |
6:20:07 AM Connection attempt has failed. |
6:20:08 AM No valid certificates available for authentication. |
6:20:08 AM Connection attempt has failed. |
REBOOT |
10/25/2017 |
6:24:46 AM Ready to connect. |
6:28:02 AM Contacting [URL ENABLED FOR ANYCONNECT ON ASA]. |
6:29:02 AM Connection attempt has failed. |
6:29:03 AM No valid certificates available for authentication. |
6:29:03 AM Connection attempt has failed. |
6:30:04 AM Contacting [URL ENABLED FOR ANYCONNECT ON ASA]. |
6:31:04 AM Connection attempt has failed. |
6:31:05 AM No valid certificates available for authentication. |
6:31:05 AM Connection attempt has failed. |
6:31:49 AM Contacting [URL ENABLED FOR ANYCONNECT ON ASA]. |
6:32:19 AM User credentials entered. |
6:32:19 AM Establishing VPN session... |
6:33:10 AM Connection attempt has failed. |
12-13-2017 09:36 AM
Hello Chris,
Did you find a solution to your issue? We are in the same boat. No certificate authentication enabled, but we still get this error.
I see in the error log that the client is submitting a certificate, and the ASA reports "Certificate validation failed. No suitable trustpoints found to validate certificate serial number"... with the serial number of a certificate in the client machine (self-signed, and self-selected - that is, we did not specify which one to use).
I have seen a page that mentioned that certificate validation is mandatory (?!), and I wonder if it is being used in *addition* to whatever you use for authentication. https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116111-11611-config-double-authen-00.html#anc9
Thank you,
Pablo
02-06-2023 12:43 AM
Buenos dias.
Tengo un problema a la hora de realizar la conexion de cisco anyconnect.
Necesitaria ayuda para poder solucionar este tema.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide