Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3750
Views
0
Helpful
2
Replies

Problem witch Anyconnect - Reading computer certificate

Go to solution
Christian Nielsen
Level 1
Level 1

‎12-12-2014 01:44 AM - edited ‎02-21-2020 07:59 PM

Hi everyone.

We are having an issue with our Windows 8.1 domain computer and Anyconnect.
We have deployed computer certificates to all our domain computers, and use them for our wireless networks, which works great.
 

When Anyconnect is started as a domain user, it wont allow us to connect using the machine certificate. We get an error message saying: "Certificate validation failure" and the message history says: "No valid certificates available for authentication". 

If we run anyconnect as an administrator, there are no problems, and the connection is established right away.

We have tried giving domain users read access to: HKLM\software\microsoft\systemcertificates, but it didn´t help.

We have tested the same setup on OSX Yosemite, and there it works fine.

We have had succes deploying a user certificate to the user(Windows 8.1), but we will prefer using the computer certificate.

Any ideas? If you need more information, please let me know.

 

Best Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Robert Moore
Level 1
Level 1

‎01-24-2015 12:25 PM

From: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac03vpn.html

"In the Preferences (Part 1) pane of Profile Editor, use the Certificate Store list box to configure in which certificate store AnyConnect searches for certificates. Use the Certificate Store Override checkbox to allow AnyConnect to search the machine certificate store for users with non-administrative privileges."

Rob.
 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Robert Moore
Level 1
Level 1

‎01-24-2015 12:25 PM

From: http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac03vpn.html

"In the Preferences (Part 1) pane of Profile Editor, use the Certificate Store list box to configure in which certificate store AnyConnect searches for certificates. Use the Certificate Store Override checkbox to allow AnyConnect to search the machine certificate store for users with non-administrative privileges."

Rob.
 

0 Helpful

Go to solution
Christian Nielsen
Level 1
Level 1
In response to Robert Moore

‎02-02-2015 04:34 AM

Hi Rob,

 

Thanks a million, I could swear we tried this option, but I'm guessing we forgot to select the machine store. 

I'll test it out some more, but it seems like it worked :)

0 Helpful
Customers Also Viewed These Support Documents