10-08-2020 06:48 AM - edited 07-05-2021 12:37 PM
Hi,
I have seen this behavior on other users macbooks as well. When Anyconnect version changes keychain prompts for password 3x and providing the user enters the correct pw 3x it goes away. From researching this it appears to be related to one or more certificates that Anyconnect does not need, thus prompting for password multiple times. How does one know which certificates are causing this issue and fix it or is this related to some other issue with Anyconnect?
Thanks
10-08-2020 11:47 PM - edited 10-08-2020 11:47 PM
You might want to try the latest release of AnyConnect, as it contains various changes, including support for OS X 11 beta2, for Apple devices.
Release notes: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/release/notes/release-notes-anyconnect-4-9.html
10-09-2020 05:39 AM
Patoberli, from your link I found this is the release notes, do you think this is what's prompting anyconnect keychain for password 3x?
Permission Popups During Initial AnyConnect HostScan or System Scan Launch (CSCvq64942)
macOS 10.15 (and later) requires that applications obtain user permissions for access to Desktop, Documents, Downloads, and Network Volume folders. To grant this access, you may see popups during an initial launch of HostScan, System Scan (when ISE posture is enabled on the network), or DART (when ISE posture or HostScan is installed). ISE posture and HostScan use OPSWAT for posture assessment on endpoints, and the posture checks access these folders based on the product and policies configured.
At these popups, you must click OK to have access to these folders and to continue with the posture flow. If you click Don't Allow, the endpoint may not remain compliant, and the posture assessment and remediation may fail without access to these folders.
To Remedy a Don't Allow Selection
To see these popups again and grant access to the folders, edit cached settings:
Open System Preferences.
Navigate to Security & Privacy > Privacy > Files and Folders > .
Delete folder access related cache details in the Cisco AnyConnect Secure Mobility Client folder.
The permission popups will reappear with a subsequent start of posture, and the user can click OK to grant access.
10-13-2020 03:42 AM
Yes this sounds like your issue.
You might get less prompts if the users only select the AnyConnect module, but I haven't tested that myself.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: