cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
77834
Views
5
Helpful
7
Replies

Start Before Logon (SBl) on Windows 10 - Nothing on Login Screen?

rory.schmitz
Level 1
Level 1
Hello, How does a person get the AnyConnect SBL prompt to appear on a Windows 10 Enterprise laptop? This is a domain joined PC. I have already installed Mobility Client and SBL Login Module v3.1.14018. What is supposed to happen and where on the screen am I supposed to be able to login to the VPN ahead of the Windows Login? I haven't been able to find official documentation that outlines this process for Windows 10.
7 Replies 7

Bogdan Nita
VIP Alumni
VIP Alumni

There should be an icon in the bottom right corner. (see picture)

Check these video for configuration: 

http://www.labminutes.com/sec0131_ssl_vpn_anyconnect_secure_mobility_start_before_logon

 

Thanks.  Looks like I missed a couple steps in this whole process.  On the part where you edit the Group Policy > AnyConnect Client (SSL-Client) > Uncheck Optional Client Modules to Download > Select SBL/GINA option.  I don't have that option available so how do I make it available to select?

Do you have the anyconnect package on the flash ?

It should also be enabled under webvpn:

webvpn
 anyconnect image disk0:/<anyconnect-pkg-name> 1

Hello, from the screenshot, this is what I currently have loaded.  We still have a lot of clients using the highlighted one at the top so I left that in there for now.  The next screenshot is the options I see when trying to select which modules to download.

 

We are using outdated versions of our images as well, but uncertain if we need to upgrade or not?

 

Cisco Adaptive Security Appliance Software Version 8.4(3)9
Device Manager Version 6.4(7)

 

 

VPN_Software_Flash.JPG

VPN_Modules.JPG

No idea why it is not showing up.

Older version should not be a problem.

Here is a guide for SBL for 8.X, and the procedure is the same:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/107598-sbl.html

 

Did you try to configure it from CLI ? Commands should be something like this for 8.4:

hostname(config)# group-policy CCVPNTUNNEL internal
hostname(config)# group-policy CCVPNTUNNEL attributes
hostname(config-group-policy)# webvpn
hostame(config-group-webvpn)# svc modules value vpngina

 

Thank you for the link and the commands.  Prior to seeing this, I had recreated a new client profile, connection profile, and group policy specifically for SBL.  The options still did not show up under the 'optional client modules to download' section so I just manually typed in 'vpngina', applied and saved.  Then I rebooted the laptop and the icon appeared under Windows 10's login screen.  And the best part, I was able to successfully sign into the VPN using the SBL module.  Does that even make sense why that would work?

 

I believe your commands you gave me in your last comment would have done the same thing, but it just seems very strange to me if the proper client software package was loaded, why the option wouldn't be there from the drop-down menu of the modules section?  I guess I'm happy either way, but would love to understand why.

 

I really appreciate your assistance and suggestions.  I'll let you post back if you'd like and then accept your comments as the solution.

I am glad I could help and that it is working.

I guess it is some sort of bug in the ASDM not showing the option.