Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6050
Views
10
Helpful
6
Replies

Updating AnyConnect Client On Remote Users

errMsg
Level 1
Level 1

‎05-01-2020 08:34 AM

I have a situation where I need to update the anyconnect client on 1000 remote users.  I am not finding an easy way to do this because the only way to push the new client requires the the computers to be connected to the VPN and if we push the client upgrade while they are on the VPN it will disconnect the VPN.  This is the proverbial "Catch 22".  

Im looking for any suggestions to update the anyconnect client while the computer is connected to the anyconnect client.

2 people had this problem
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎05-01-2020 12:16 PM

below guide should help :

 

https://www.petenetlive.com/KB/Article/0000704

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Rob Ingram
VIP
VIP

‎05-01-2020 01:21 PM

Hi,

If you upload the new AnyConnect package to the VPN headend (ASA or FTD) the client will auto-upgrade upon connection and then establish the VPN tunnel after upgrading. This is one of the most common methods to upgrade, the downside is it will upgrade all computers upon connecting to the VPN - you cannot control which users/computers receive the upgrade.

 

If you use Umbrella service and have the AnyConnect Umbrella Roaming Security Client in addtion to the VPN client, then this can auto-upgrade anyconnect (all modules) without having to be connected to a VPN, it just requires an internet connection.

 

Ultimately there will be some interruption during the upgrade, it's down to your organisation to determine what best fits in your environment.

 

HTH

giovanni.augusto
Level 1
Level 1

‎05-06-2020 05:54 AM

What about admin rights for users?

0 Helpful

Rob Ingram
VIP
VIP

‎05-06-2020 06:21 AM

Admin rights are not required when upgrading the client, admin rights are only required for the initial install.

0 Helpful

giovanni.augusto
Level 1
Level 1

‎05-06-2020 06:25 AM

Interesting,

 

In the past I remember we had some problems while upgrading Anyconnect through the firewall due to admin rights, we ended up upgrading them via SCCM.

 

When I have time I will try that again

0 Helpful

Michael Braun
Level 1
Level 1

‎05-08-2020 04:40 AM - edited ‎05-08-2020 04:41 AM

Hi Guys,

 

i would be careful with the ASA pushed install. We tried, had numerous problems with either the old client not to uninstall correctly or the new one not wanting to install.

We ended up with a broken uninstall and half of an install of the new one.

Effectively a manual clean up of registry and folders was needed to get rid of the broken remains following a clean install with admin rights. (it was not possible to just install after the broken upgrade, always came with an error during install - thus the cleanup)

This occurred from 4.6 as a base, upgrade to 4.7 and 4.8 same issue. I would not exclude potential install problems due to "security software" such as anti-virus or other vendor pre-installed software causing the install to fail. (HP e.g.)

In the end we stopped the push from the ASA and manually upgraded individual clients - painful but better than a failing client and them not being able to connect to HQ (especially now with all the home office workers)

 

Good Luck!

 

Markus

 

Customers Also Viewed These Support Documents