Hello.

I'm facing an annoying problem.

I'm trying to use a machine certificate to authenticate anyconnect to an asa.

All works properly if end user is an administrator.

If I try to connect with a non-administrator user, it fails to use the certificate (No valid certificates available for authentication).

I read many posts and docs, I've found that we must set "Certificate Store Override" to permit to anyconnect to open machine certificate using service account, but also checking this setting it doesn't work.

I've double checked xml profile into client, and it's downloaded properly (it contains "true" in "Certificate Store Override" setting).

But, checking security event viewer, I can see that anyconnect try to open the store using the user account and not the service account.

Tried with different versions of anyconnect (3.x and 4.x), with no luck.

I've followed this document:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac03vpn.html

and it looks like the only necessary thing is to check "Certificate Store Override" and to be sure that xml is downloaded to client.

Any help will be greatly appreciated.

Daniele