Hello,
I am having an issue with some users trying to login to our SSL VPN (Anyconnect) via ASA5505 8.2(1). Authentication is done via AD. From the same computer, the client finds the DNS name and unlocks the login username and password. When I enter a username and password and click connect, it is instantly rejected with login failure with the following event log:
Function: ConnectMgr::setPromptAttributes
File: .\ConnectMgr.cpp
Line: 2657
Invoked Function: setPromptAttributes
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Error text:
Login failed.
If I change the user account to another user (from the same PC), login works perfectly fine - this is only happening with 3 or 4 users - I have compared the user accounts of a failing account and a successful account and they are identical in AD.
This has been driving me crazy - as a work around for the failing users, I just created a temporary account which works perfectly fine. The request doesn't even seem to hit the ASA (there is nothing in the logs that show a failed attempt). Still troubleshooting and looking at certificate's at this point. Any help/suggestions would be greatly appreciated!! Thanks.
Regards.
After a little more testing, seems somehow related to users being in to many groups in AD.
Message was edited by: Rich Viola