Unable to connect to Internet once connected via AnyConnect VPN

kurotsuki007 · ‎05-26-2014

Hello Everyone,

I know you have seen a number of these types of questions but I have a issue that is rather irritating to me.

OS: Windows 8.1 Pro

32-bit or 64-bit: 64-bit

AnyConnect version: anyconnect-win-3.0.5080-web-deploy-k9

Whenever I install the AnyConnect vpn on a new Windows 8.1 or Windows 8 machine I always seem to have the following issue... Unable to connect to the internet once the VPN is connected. I am able to access the VPN sites without a hitch and anything that requires the VPN works fine. But anything outside the VPN gives me an error such as bad DNS probe or Unable to connect.

I have been able to fix this in the past by using a regsvr32 command but I no longer remember which DLL I needed to re-register. I have found the following errors in my Windows Event viewer after installing and attempting to connect.

Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 394
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.

--

Function: wWinMain
File: .\InstallHelper.cpp
Line: 239
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

--

Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 394
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.

--

Function: wWinMain
File: .\InstallHelper.cpp
Line: 239
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

--

Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 394
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.

--

Function: wWinMain
File: .\InstallHelper.cpp
Line: 239
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

--

Function: URL::URL
File: .\Utility\URL.cpp
Line: 46
Invoked Function: URL::setURL
Return Code: -28508150 (0xFE4D000A)
Description: URL_ERROR_BAD_URL
parameter=

--

Function: CHttpProbeAsync::OnOpenRequestComplete
File: .\IP\HttpProbeAsync.cpp
Line: 254
Invoked Function: CHttpSessionAsync::OnOpenRequestComplete
Return Code: -31522780 (0xFE1F0024)
Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

--

Function: CNetEnvironment::TestAccessToSG
File: .\NetEnvironment.cpp
Line: 1024
Invoked Function: CNetEnvironment::analyzeHttpResponse
Return Code: -28901363 (0xFE47000D)
Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

--

Function: CThread::invokeRun
File: .\Utility\Thread.cpp
Line: 376
Invoked Function: IRunnable::Run
Return Code: -32047093 (0xFE17000B)
Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

--

Function: CNetEnvironment::logProbeFailure
File: .\NetEnvironment.cpp
Line: 1073
Invoked Function: CHttpProbeAsync::SendProbe
Return Code: -27000818 (0xFE64000E)
Description: HTTP_PROBE_ASYNC_ERROR_CANNOT_CONNECT
HTTP (host: mus.cisco.com)

----------------

Troubleshooting steps taken:

Uninstalled VPN completely

Reinstalled as Administrator

Searched far and wide on google for possible fixes

Set AnyConnect adapter to the following settings:

Original settings: http://puu.sh/926tB.png

Modified:

http://puu.sh/926ye.png

http://puu.sh/926zp.png

Ensured that ICS was turned off on primary connection.

So, anyone got any ideas on what to do from here? I am officially lost.

Marvin Rhoads · ‎05-26-2014

First off, is the VPN configured to allow split tunneling? It's not always allowed by the ASA policy. You can check if only certain remote networks or all networks (0.0.0.0 0.0.0.0) are to use the VPN via the AnyConnect details (call up AnyConnect while on VPN, click the gear icon and choose VPN, route details on the resultant display).

Second, AnyConnect 3.0.5080 is about 2-1/2 years old and is not officially supported for use with Windows 8 (much less 8.1).

Would it be possible to install a more recent AnyConnect version that supports Windows 8.1?

Reference.

kurotsuki007 · ‎05-26-2014

Unfortunately, I am unsure if I am able to get a newer version of the AnyConnect. The version that I listed is the one that is provided from my employer and I don't know if their systems can handle a newer version at all.

Marvin Rhoads · ‎05-26-2014

Re the version, you'd have to take that up with your employer then. Updating the AnyConnect pkg file on an ASA is a simple 5-minute task but they may want to hold off for reasons of their own. Still, if they expect you to connect with a current OS they should be keeping the packages more up to date.

What about the first question I asked?

kurotsuki007 · ‎05-26-2014

Sorry about that, I did not notice the first question. Please check the attachment for the exported stats from the advanced config. Also, it does state that Split is enabled.

kurotsuki007 · ‎05-26-2014

I was able to update the version to 3.1.02026 but I still am unable to connect to the internet once connected to it.

Marvin Rhoads · ‎05-26-2014

3.1.02026 supports Windows 8. Were you not able to get a copy of 3.1.04072 (or later 3.1.05060 is current) which is recommended to support Windows 8.1?

Is it just the DNS lookups that fail? i.e. - what happens if you ping 8.8.8.8?

kurotsuki007 · ‎05-26-2014

Unfortunately no I was not able to get a newer version than 3.1.02026. I am unable to download it from the Cisco website due to my employer having the contract and not myself.

C:\Windows\system32>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=38ms TTL=46
Reply from 8.8.8.8: bytes=32 time=37ms TTL=46
Reply from 8.8.8.8: bytes=32 time=36ms TTL=46
Reply from 8.8.8.8: bytes=32 time=38ms TTL=46

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 38ms, Average = 37ms

C:\Windows\system32>tracert google.com
Unable to resolve target system name google.com.

Rodrigo Garcia Gallardo · ‎05-28-2015

Hi Kurotsuki,

did you get this to work?, I have the same issue :(

Kind regards

Andres Villarroel · ‎05-29-2015

Rodrigo,

Are you having the same issue using the latest AnyConnect 3.1.08009?

kurotsuki007 · ‎05-26-2014

I have also attached the latest Event View log for you. I just installed version 3.1.04072 and I am still having the same issue.

Marvin Rhoads · ‎05-26-2014

As we can see from your successful ping and failed name resolution, it's DNS that's failing. Your logs indicate you are getting two DNS server entries via the VPN but the AnyConnect client isn't working well with Windows 8.1 split DNS

I'm not positive it's fixed in the latest AnyConnect but it's worth a try. Send me a PM for a link to the latest installer.

kurotsuki007 · ‎05-26-2014

I sent you a message as you had requested.

Marvin Rhoads · ‎05-27-2014

Sorry, but your account isn't allowing PM replies. If you want to PM me your email I can reply to that.

kurotsuki007 · ‎05-27-2014

I sent you a new message with my email. However I think I found the root cause of my issue...

When looking at my default DNS servers they were listed as IPv6, IPv4, IPv4 in that order. So when the VPN attempted to connect it attempted the IPv6 DNS first but failed as the VPN is set up to not use IPv6. I simply disabled my IPv6 for the time being until I can get a better fix.