09-14-2015 04:14 AM
Hello
I'm from a German speaking country and we use Cisco ASA running 9.1(6).6. The issue was also existing in older releases like 8.2.x and 8.4.x.
We discovered that users don't get access (username/password error) when they use an umlaut (äöü) or a percent (%) sign in their passwords.
The ASA authenticates the users on a Windows 2008 R2 based Radius (NPS role).
Are there any compatibility settings that I could make on the ASA side or the NPS side to get passwords with äöü working?
Thanks
09-14-2015 05:47 AM
Finally I found it!
After testing many settings and stuff I solved it, äöü and % in the password works now!
You have to enable under "Remote Access VPN" - "Network (Client) Access" - "AnyConnect Connection Profiles" in the DefaultWEBVPNGroup profile under Advanced - General the option "Enable Password Management".
Please note that the Radius Server also needs to have enabled MS-CHAP-V2 in the Network Policies (on Server 2008R2 or newer, tested with 2012R2).
This here helped: http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/117641-config-asa-00.html
I did not need to enable it in any other AnyConnect Connection Profile to have it working for all :)
03-23-2020 02:20 AM
Please note, in my case it stopped working when the active directory was upgraded to Server 2016 with recommended security settings. I had to fall back now and äöü isn't working anymore.
So far I haven't found a working and save solution for Server 2016 or newer :(
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide