cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1214
Views
0
Helpful
3
Replies

OSX Mavericks 10.9.4: Posture assessment failed: Hostscan Prelogin error.

costa basil
Level 1
Level 1

Hello:

I upgraded to a new computer running OSX Mavericks 10.9.4 and I am using the anyconnect-macosx-i386-2.5.2017-k9.dmg client (imposed by the company I work for).

Previously I had Mountain Lion 10.8.5 and never had any issues of this sort. Not sure if this helps, but I migrated to 10.9.4 by using the OSX migration assistant and copying the data from the old computer.

When try to connect now I get:  Posture assessment failed: Hostscan Prelogin error.

Below are the log entries (I replaced the name of the company with the word "company"). It seems to be an issue with the certificates, but I don't know exactly where.

Any ideas?

Thank you

2014-08-25 2:43:22.293 PM Cisco AnyConnect VPN Client[826]: Function: connect File: ClientIfcBase.cpp Line: 834 Connect requested
2014-08-25 2:43:22.293 PM Cisco AnyConnect VPN Client[826]: Function: connectRequest File: ConnectMgr.cpp Line: 445 Freeing CSD before making connect attempt.
2014-08-25 2:43:22.293 PM Cisco AnyConnect VPN Client[826]: Function: freeCsdApi File: ConnectMgr.cpp Line: 5428 Freeing CSD.
2014-08-25 2:43:22.294 PM Cisco AnyConnect VPN Client[826]: [libcsd][error][csd_free] unable to obtain libcsd context, exiting.
2014-08-25 2:43:22.294 PM Cisco AnyConnect VPN Client[826]: Function: freeCsdApi File: ConnectMgr.cpp Line: 5430 Done freeing CSD.
2014-08-25 2:43:22.294 PM Cisco AnyConnect VPN Client[826]: Function: addProfile File: ProfileMgr.cpp Line: 836 Invoked Function: found profile Return Code: 0 (0x00000000) Description: /opt/cisco/vpn/profile/companyanyconnectprofile-default-group-v1.xml
2014-08-25 2:43:22.295 PM Cisco AnyConnect VPN Client[826]: Function: addProfile File: ProfileMgr.cpp Line: 836 Invoked Function: found profile Return Code: 0 (0x00000000) Description: /opt/cisco/vpn/profile/companyanyconnectprofile-default-group-v1.xml
2014-08-25 2:43:22.296 PM Cisco AnyConnect VPN Client[826]: Function: resetCertRegistration File: ConnectMgr.cpp Line: 4005 Invoked Function: ConnectMgr :: resetCertRegistration Return Code: 0 (0x00000000) Description:  Match Key: Extended Match Key:     ClientAuth    (1.3.6.1.5.5.7.3.2) Custom Match Key: Distinguished Name Matching: Wildcard : Disabled  Operator : EqualMatchCase : Disabled     Name : ISSUER-CN   Pattern : company-CA1  Wildcard : Disabled  Operator : EqualMatchCase : Disabled     Name : ISSUER-DC     Pattern : company 
2014-08-25 2:43:22.306 PM Cisco AnyConnect VPN Client[826]: Function: enumerateCert File: Certificates/FileCertStore.cpp Line: 162 Invoked Function: enumerateCert Return Code: -31391730 (0xFE21000E) Description: CERTSTORE_ERROR_CERT_NOT_FOUND The /Users/UserName/.cisco/certificates/client/ directory was not found.
2014-08-25 2:43:22.306 PM Cisco AnyConnect VPN Client[826]: Function: Enumerate File: Certificates/FileCertStore.cpp Line: 123 Invoked Function: Enumerate Return Code: -31391730 (0xFE21000E) Description: CERTSTORE_ERROR_CERT_NOT_FOUND
2014-08-25 2:43:22.306 PM Cisco AnyConnect VPN Client[826]: Function: enumerateCert File: Certificates/FileCertStore.cpp Line: 162 Invoked Function: enumerateCert Return Code: -31391730 (0xFE21000E) Description: CERTSTORE_ERROR_CERT_NOT_FOUND The /opt/.cisco/certificates/client/ directory was not found.
2014-08-25 2:43:22.306 PM Cisco AnyConnect VPN Client[826]: Function: Enumerate File: Certificates/FileCertStore.cpp Line: 123 Invoked Function: Enumerate Return Code: -31391730 (0xFE21000E) Description: CERTSTORE_ERROR_CERT_NOT_FOUND
2014-08-25 2:43:22.308 PM Cisco AnyConnect VPN Client[826]: Function: GetClientCertificates File: Certificates/CertHelper.cpp Line: 645 Invoked Function: CCertStore::GetCertificates Return Code: -31326185 (0xFE220017) Description: CERTIFICATE_ERROR_VERIFY_DISTNAME_FAILED No certificates were found using                                 the specified certificate matching criteria
2014-08-25 2:43:22.308 PM Cisco AnyConnect VPN Client[826]: Function: getCertList File: ApiCert.cpp Line: 236 Invoked Function: CCertStore::Enumerate Return Code: -31326185 (0xFE220017) Description: CERTIFICATE_ERROR_VERIFY_DISTNAME_FAILED
2014-08-25 2:43:22.308 PM Cisco AnyConnect VPN Client[826]: Function: initiateConnect File: ConnectMgr.cpp Line: 536 Initiating connection to: https://<company site>
2014-08-25 2:43:22.701 PM Cisco AnyConnect VPN Client[826]: Function: getUserName File: CTransportCurlStatic.cpp Line: 1906 PasswordEntry username is UserName
2014-08-25 2:43:22.702 PM Cisco AnyConnect VPN Client[826]: Function: STLoadLibrary File: Utility/Win/HModuleMgr.cpp Line: 133 Invoked Function: dlopen Return Code: 0 (0x00000000) Description: dlopen(/Applications/Firefox.app/Contents/MacOS/libnss3.dylib, 1): Library not loaded: @executable_path/libmozglue.dylib   Referenced from: /Applications/Firefox.app/Contents/MacOS/libnss3.dylib   Reason: image not found
2014-08-25 2:43:22.702 PM Cisco AnyConnect VPN Client[826]: Function: loadLibs File: Certificates/NSSCertUtils.cpp Line: 1335 Invoked Function: CHModuleMgr::STLoadLibrary Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:22.702 PM Cisco AnyConnect VPN Client[826]: Function: CNSSCertUtils File: Certificates/NSSCertUtils.cpp Line: 281 Invoked Function: CNSSCertUtils::loadLibs Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:22.702 PM Cisco AnyConnect VPN Client[826]: Function: CNSSCertStore File: Certificates/NSSCertStore.cpp Line: 55 Invoked Function: CNSSCertUtils Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:22.702 PM Cisco AnyConnect VPN Client[826]: Function: addNSSStore File: Certificates/CollectiveCertStore.cpp Line: 999 Invoked Function: CNSSCertStore::CNSSCertStore Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:22.702 PM Cisco AnyConnect VPN Client[826]: Function: OpenStores File: Certificates/CollectiveCertStore.cpp Line: 248 Invoked Function: CCollectiveCertStore::addNSSStore Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:22.713 PM Cisco AnyConnect VPN Client[826]: Function: PeerCertVerifyCB File: CTransportCurlStatic.cpp Line: 877 Return success from VerifyServerCertificate
2014-08-25 2:43:23.656 PM Cisco AnyConnect VPN Client[826]: Function: getUserName File: CTransportCurlStatic.cpp Line: 1906 PasswordEntry username is UserName
2014-08-25 2:43:23.657 PM Cisco AnyConnect VPN Client[826]: Function: STLoadLibrary File: Utility/Win/HModuleMgr.cpp Line: 133 Invoked Function: dlopen Return Code: 0 (0x00000000) Description: dlopen(/Applications/Firefox.app/Contents/MacOS/libnss3.dylib, 1): Library not loaded: @executable_path/libmozglue.dylib   Referenced from: /Applications/Firefox.app/Contents/MacOS/libnss3.dylib   Reason: image not found
2014-08-25 2:43:23.657 PM Cisco AnyConnect VPN Client[826]: Function: loadLibs File: Certificates/NSSCertUtils.cpp Line: 1335 Invoked Function: CHModuleMgr::STLoadLibrary Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:23.657 PM Cisco AnyConnect VPN Client[826]: Function: CNSSCertUtils File: Certificates/NSSCertUtils.cpp Line: 281 Invoked Function: CNSSCertUtils::loadLibs Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:23.657 PM Cisco AnyConnect VPN Client[826]: Function: CNSSCertStore File: Certificates/NSSCertStore.cpp Line: 55 Invoked Function: CNSSCertUtils Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:23.657 PM Cisco AnyConnect VPN Client[826]: Function: addNSSStore File: Certificates/CollectiveCertStore.cpp Line: 999 Invoked Function: CNSSCertStore::CNSSCertStore Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:23.657 PM Cisco AnyConnect VPN Client[826]: Function: OpenStores File: Certificates/CollectiveCertStore.cpp Line: 248 Invoked Function: CCollectiveCertStore::addNSSStore Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:23.670 PM Cisco AnyConnect VPN Client[826]: Function: PeerCertVerifyCB File: CTransportCurlStatic.cpp Line: 877 Return success from VerifyServerCertificate
2014-08-25 2:43:24.219 PM Cisco AnyConnect VPN Client[826]: Function: setPromptAttributes File: ConnectMgr.cpp Line: 2786 CA is disabled
2014-08-25 2:43:24.219 PM Cisco AnyConnect VPN Client[826]: Function: processPromptData File: SDIMgr.cpp Line: 238 Authentication type is not SDI
2014-08-25 2:43:24.219 PM Cisco AnyConnect VPN Client[826]: Function: processIfcData File: ConnectMgr.cpp Line: 2104 Certificate authentication requested from gateway, no valid certs found in users cert store.
2014-08-25 2:43:24.219 PM Cisco AnyConnect VPN Client[826]: Function: processCSDData File: ConnectMgr.cpp Line: 2265 CSD detected, proceeding to download.
2014-08-25 2:43:24.219 PM Cisco AnyConnect VPN Client[826]: Function: getCSDUpdateFileContent File: ConnectIfc.cpp Line: 1182 Invoked Function: getCSDUpdateFileContent Return Code: 0 (0x00000000) Description: CSD version file located
2014-08-25 2:43:24.608 PM Cisco AnyConnect VPN Client[826]: Function: getUserName File: CTransportCurlStatic.cpp Line: 1906 PasswordEntry username is UserName
2014-08-25 2:43:24.608 PM Cisco AnyConnect VPN Client[826]: Function: STLoadLibrary File: Utility/Win/HModuleMgr.cpp Line: 133 Invoked Function: dlopen Return Code: 0 (0x00000000) Description: dlopen(/Applications/Firefox.app/Contents/MacOS/libnss3.dylib, 1): Library not loaded: @executable_path/libmozglue.dylib   Referenced from: /Applications/Firefox.app/Contents/MacOS/libnss3.dylib   Reason: image not found
2014-08-25 2:43:24.608 PM Cisco AnyConnect VPN Client[826]: Function: loadLibs File: Certificates/NSSCertUtils.cpp Line: 1335 Invoked Function: CHModuleMgr::STLoadLibrary Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:24.608 PM Cisco AnyConnect VPN Client[826]: Function: CNSSCertUtils File: Certificates/NSSCertUtils.cpp Line: 281 Invoked Function: CNSSCertUtils::loadLibs Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:24.608 PM Cisco AnyConnect VPN Client[826]: Function: CNSSCertStore File: Certificates/NSSCertStore.cpp Line: 55 Invoked Function: CNSSCertUtils Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:24.608 PM Cisco AnyConnect VPN Client[826]: Function: addNSSStore File: Certificates/CollectiveCertStore.cpp Line: 999 Invoked Function: CNSSCertStore::CNSSCertStore Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:24.608 PM Cisco AnyConnect VPN Client[826]: Function: OpenStores File: Certificates/CollectiveCertStore.cpp Line: 248 Invoked Function: CCollectiveCertStore::addNSSStore Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED
2014-08-25 2:43:24.620 PM Cisco AnyConnect VPN Client[826]: Function: PeerCertVerifyCB File: CTransportCurlStatic.cpp Line: 877 Return success from VerifyServerCertificate
2014-08-25 2:43:25.122 PM Cisco AnyConnect VPN Client[826]: [libcsd][all][csd_init] hello
2014-08-25 2:43:25.122 PM Cisco AnyConnect VPN Client[826]: [libcsd][all][csd_init] libcsd.dylib version 3.6.181
2014-08-25 2:43:25.123 PM Cisco AnyConnect VPN Client[826]: [libcsd][error][transport_init_hash] failed to initialize cert verification.
2014-08-25 2:43:25.123 PM Cisco AnyConnect VPN Client[826]: [libcsd][error][csd_prelogin] unable to init cert verification.
2014-08-25 2:43:25.123 PM Cisco AnyConnect VPN Client[826]: Function: doCsdApiLaunch File: ConnectMgr.cpp Line: 5741 Invoked Function: csd_prelogin Return Code: -1 (0xFFFFFFFF) Description: unknown
2014-08-25 2:43:25.125 PM Cisco AnyConnect VPN Client[826]: [libcsd][all][csd_free] goodbye.
2014-08-25 2:43:25.125 PM Cisco AnyConnect VPN Client[826]: Function: launchCSDStub File: ConnectMgr.cpp Line: 5525 Freeing CSD for update.
2014-08-25 2:43:25.125 PM Cisco AnyConnect VPN Client[826]: [libcsd][error][csd_free] unable to obtain libcsd context, exiting.
2014-08-25 2:43:25.125 PM Cisco AnyConnect VPN Client[826]: Function: launchCSDStub File: ConnectMgr.cpp Line: 5527 Done freeing CSD for update.
2014-08-25 2:43:25.125 PM Cisco AnyConnect VPN Client[826]: Function: launchCSDStub File: ConnectMgr.cpp Line: 5529 Unloading CSD DLL for update.
2014-08-25 2:43:25.125 PM Cisco AnyConnect VPN Client[826]: Function: launchCSDStub File: ConnectMgr.cpp Line: 5553 Done unloading CSD DLL for update.
2014-08-25 2:43:25.125 PM Cisco AnyConnect VPN Client[826]: Function: getCSDStub File: ConnectIfc.cpp Line: 1336 Invoked Function: getCSDStub Return Code: 0 (0x00000000) Description: CSD Stub located
2014-08-25 2:43:25.810 PM Cisco AnyConnect VPN Client[826]: [libcsd][all][csd_init] hello
2014-08-25 2:43:25.810 PM Cisco AnyConnect VPN Client[826]: [libcsd][all][csd_init] libcsd.dylib version 3.6.181
2014-08-25 2:43:25.810 PM Cisco AnyConnect VPN Client[826]: [libcsd][error][transport_init_hash] failed to initialize cert verification.
2014-08-25 2:43:25.810 PM Cisco AnyConnect VPN Client[826]: [libcsd][error][csd_prelogin] unable to init cert verification.
2014-08-25 2:43:25.810 PM Cisco AnyConnect VPN Client[826]: Function: doCsdApiLaunch File: ConnectMgr.cpp Line: 5741 Invoked Function: csd_prelogin Return Code: -1 (0xFFFFFFFF) Description: unknown
2014-08-25 2:43:25.810 PM Cisco AnyConnect VPN Client[826]: Function: processCSDData File: ConnectMgr.cpp Line: 2276 Invoked Function: launchCSDStub Return Code: 0 (0x00000000) Description: returned 0 and response 9
2014-08-25 2:43:25.810 PM Cisco AnyConnect VPN Client[826]: Posture assessment failed: Hostscan Prelogin error..
2014-08-25 2:43:25.810 PM Cisco AnyConnect VPN Client[826]: Function: initiateConnect File: ConnectMgr.cpp Line: 541 Connection failed.
2014-08-25 2:43:25.810 PM Cisco AnyConnect VPN Client[826]: Function: setState File: ClientIfcBase.cpp Line: 1224 Disconnected
2014-08-25 2:43:25.811 PM Cisco AnyConnect VPN Client[826]: Function: setState File: ClientIfcBase.cpp Line: 1282 Freeing CSD in DISCONNECTED state
2014-08-25 2:43:25.811 PM Cisco AnyConnect VPN Client[826]: Function: freeCsdApi File: ConnectMgr.cpp Line: 5428 Freeing CSD.
2014-08-25 2:43:25.812 PM Cisco AnyConnect VPN Client[826]: [libcsd][all][csd_free] goodbye.
2014-08-25 2:43:25.812 PM Cisco AnyConnect VPN Client[826]: Function: freeCsdApi File: ConnectMgr.cpp Line: 5430 Done freeing CSD.
2014-08-25 2:43:25.812 PM Cisco AnyConnect VPN Client[826]: Function: run File: ConnectMgr.cpp Line: 379 Invoked Function: ConnectMgr::initiateConnect Return Code: -29556727 (0xFE3D0009) Description: CONNECTMGR_ERROR_UNEXPECTED
2014-08-25 2:43:25.883 PM Cisco AnyConnect VPN Client[826]: State: Disconnected

 

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

AnyConnect VPN client 2.5 end of sales was announced almost 3 years ago. It only supports OS X through version 10.6 (reference).

Mavericks (aka OS X Version 10.9) was released in October 2013.  AnyConnect 3.1 introduced Mavericks support and your company would be advised to upgrade the OS X AnyConnect image to a current version - 3.1.06073 or 4.0.00048 - to ensure support for all the latest operating systems.

Thank you for taking the time to answer. The company I am working for did not notify me about the upgrade. I am not too sure where they are at on the server side but now I will ask.

 

Thanks

You're welcome.

If they have an active support contract on the ASA they are entitled to download the latest client and make it available to you either as an offline installation image or as a web deployment package directly from the ASA itself.