cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5370
Views
0
Helpful
3
Replies

SLB and anyconnect with AutoPilot

with the attached photo, when we click the button for SBL, this is the popup we get. I tried checking with the network team and they were unsure on how to get the address to populate in this field. I am assuming there is an edit we can make to the .xml profile to allow a link to be in that field. oh, did i mention, this would be for the first time login after we wiped a device with with Microsoft Endpoint Manager for use with AutoPilot? 

After it logs in the first time, the link populates. that isn't an issue. it's at first launch after a device wipe for autopilot. I could have the endusers type in the address, but i dont want to make it too difficult for the enduser. ya'll know how well they follow directions. 

Thank you! 

Michael From Michigan. 

 

anyconnect.png

1 Accepted Solution

Accepted Solutions

you know how sometimes you can read something 100 times and not think anything of it, then all of a sudden you realize how dumb you were. the issue was a mixture of my and a coworkers fault. i was using a script that he had initially used. we finally sat down today and took a good look at the issue. well, this is what the script had looked like

Copy-Item .\Client_Profile.xml -Destination "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile" -Force
Start-Process msiexec.exe -Wait -ArgumentList '/I anyconnect-win-4.7.04056-core-vpn-predeploy-k9.msi /qn ALLUSERS=2
Start-Process msiexec.exe -Wait -ArgumentList '/I anyconnect-win-4.7.04056-gina-predeploy-k9.msi /norestart ALLUSERS=2 /qn'

Guess what? powershell can't copy the **bleep** .xml file before the folder is created! The folder isn't created until after those two .msi's are installd. grrrrrr. we just moved the copy-item below the install. everything works now.

View solution in original post

3 Replies 3

Hi,

They should create anyconnect profile using profile editor. This profile
can have one or more VPN gateways preconfigured for the users to select
from the drop-down.

This profile should be pushed to endusers (for example using AD GPO) so
that they can use it on the next time to login. The profile should be
located under

Windows XP

%ALLUSERSPROFILE%\Application Data\Cisco\Cisco AnyConnect Secure Mobility
Client\Profile
Windows Vista

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Windows 7

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Windows 8

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Windows 10

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Mac OS X

/opt/cisco/anyconnect/profile
Linux

/opt/cisco/anyconnect/profile

***** please remember to rate useful posts

yes. i understand that. this works fine after the user logs in for the first time. but we are working on autopilot. we want to be able to send a computer from dell directly to the enduser without our techs having to configure it. upon initial install before any user logs into the computer, the profile we have created isn't adding a link. 

below is the .xml file they created for me a couple weeks ago. 

<?xml version="1.0" encoding="UTF-8"?>

-<AnyConnectProfile xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.xmlsoap.org/encoding/">


-<ClientInitialization>

<UseStartBeforeLogon UserControllable="true">true</UseStartBeforeLogon>

<AutomaticCertSelection UserControllable="true">false</AutomaticCertSelection>

<ShowPreConnectMessage>false</ShowPreConnectMessage>

<CertificateStore>All</CertificateStore>

<CertificateStoreMac>All</CertificateStoreMac>

<CertificateStoreOverride>false</CertificateStoreOverride>

<ProxySettings>Native</ProxySettings>

<AllowLocalProxyConnections>true</AllowLocalProxyConnections>

<AuthenticationTimeout>60</AuthenticationTimeout>

<AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>

<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>

<LocalLanAccess UserControllable="true">false</LocalLanAccess>

<DisableCaptivePortalDetection UserControllable="true">false</DisableCaptivePortalDetection>

<ClearSmartcardPin UserControllable="true">true</ClearSmartcardPin>

<IPProtocolSupport>IPv4,IPv6</IPProtocolSupport>


-<AutoReconnect UserControllable="false">
true 
<AutoReconnectBehavior UserControllable="false">ReconnectAfterResume</AutoReconnectBehavior>

</AutoReconnect>

<SuspendOnConnectedStandby>false</SuspendOnConnectedStandby>

<AutoUpdate UserControllable="false">true</AutoUpdate>

<RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>

<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>

<LinuxLogonEnforcement>SingleLocalLogon</LinuxLogonEnforcement>

<WindowsVPNEstablishment>LocalUsersOnly</WindowsVPNEstablishment>

<LinuxVPNEstablishment>LocalUsersOnly</LinuxVPNEstablishment>

<AutomaticVPNPolicy>false</AutomaticVPNPolicy>


-<PPPExclusion UserControllable="false">
Disable 
<PPPExclusionServerIP UserControllable="false"/>

</PPPExclusion>

<EnableScripting UserControllable="false">false</EnableScripting>


-<EnableAutomaticServerSelection UserControllable="false">
false 
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>

<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>

</EnableAutomaticServerSelection>

<RetainVpnOnLogoff>false </RetainVpnOnLogoff>

<CaptivePortalRemediationBrowserFailover>false</CaptivePortalRemediationBrowserFailover>

<AllowManualHostInput>true</AllowManualHostInput>

</ClientInitialization>


-<ServerList>


-<HostEntry>

<HostName>Start Before Login:Secured</HostName>

<HostAddress>redacted</HostAddress>

<UserGroup>SBL</UserGroup>

</HostEntry>

</ServerList>

</AnyConnectProfile>

am i missing something in the profile, an option that we missed? 

you know how sometimes you can read something 100 times and not think anything of it, then all of a sudden you realize how dumb you were. the issue was a mixture of my and a coworkers fault. i was using a script that he had initially used. we finally sat down today and took a good look at the issue. well, this is what the script had looked like

Copy-Item .\Client_Profile.xml -Destination "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile" -Force
Start-Process msiexec.exe -Wait -ArgumentList '/I anyconnect-win-4.7.04056-core-vpn-predeploy-k9.msi /qn ALLUSERS=2
Start-Process msiexec.exe -Wait -ArgumentList '/I anyconnect-win-4.7.04056-gina-predeploy-k9.msi /norestart ALLUSERS=2 /qn'

Guess what? powershell can't copy the **bleep** .xml file before the folder is created! The folder isn't created until after those two .msi's are installd. grrrrrr. we just moved the copy-item below the install. everything works now.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: