12-12-2014 01:44 AM - edited 02-21-2020 07:59 PM
Hi everyone.
We are having an issue with our Windows 8.1 domain computer and Anyconnect.
We have deployed computer certificates to all our domain computers, and use them for our wireless networks, which works great.
When Anyconnect is started as a domain user, it wont allow us to connect using the machine certificate. We get an error message saying: "Certificate validation failure" and the message history says: "No valid certificates available for authentication".
If we run anyconnect as an administrator, there are no problems, and the connection is established right away.
We have tried giving domain users read access to: HKLM\software\microsoft\systemcertificates, but it didn´t help.
We have tested the same setup on OSX Yosemite, and there it works fine.
We have had succes deploying a user certificate to the user(Windows 8.1), but we will prefer using the computer certificate.
Any ideas? If you need more information, please let me know.
Best Regards
Solved! Go to Solution.
01-24-2015 12:25 PM
From: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac03vpn.html
"In the Preferences (Part 1) pane of Profile Editor, use the Certificate Store list box to configure in which certificate store AnyConnect searches for certificates. Use the Certificate Store Override checkbox to allow AnyConnect to search the machine certificate store for users with non-administrative privileges."
Rob.
01-24-2015 12:25 PM
From: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac03vpn.html
"In the Preferences (Part 1) pane of Profile Editor, use the Certificate Store list box to configure in which certificate store AnyConnect searches for certificates. Use the Certificate Store Override checkbox to allow AnyConnect to search the machine certificate store for users with non-administrative privileges."
Rob.
02-02-2015 04:34 AM
Hi Rob,
Thanks a million, I could swear we tried this option, but I'm guessing we forgot to select the machine store.
I'll test it out some more, but it seems like it worked :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide