Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
835
Views
0
Helpful
3
Replies

Anyconnect v4.9.01095 and Macos Catalina v10.15.7 keychain prompts for password 3x

deanr0057
Level 1
Level 1

‎10-08-2020 06:48 AM - edited ‎07-05-2021 12:37 PM

Hi,

 

I have seen this behavior on other users macbooks as well. When Anyconnect version changes keychain prompts for password 3x and providing the user enters the correct pw 3x it goes away. From researching this it appears to be related to one or more certificates that Anyconnect does not need, thus prompting for password multiple times. How does one know which certificates are causing this issue and fix it or is this related to some other issue with Anyconnect?

 

Thanks

Labels:
0 Helpful
3 Replies 3

patoberli
VIP Alumni
VIP Alumni

‎10-08-2020 11:47 PM - edited ‎10-08-2020 11:47 PM

You might want to try the latest release of AnyConnect, as it contains various changes, including support for OS X 11 beta2, for Apple devices.

Release notes: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/release/notes/release-notes-anyconnect-4-9.html

0 Helpful

deanr0057
Level 1
Level 1
In response to patoberli

‎10-09-2020 05:39 AM

Patoberli, from your link I found this is the release notes, do you think this is what's prompting anyconnect keychain for password 3x?
Permission Popups During Initial AnyConnect HostScan or System Scan Launch (CSCvq64942)

macOS 10.15 (and later) requires that applications obtain user permissions for access to Desktop, Documents, Downloads, and Network Volume folders. To grant this access, you may see popups during an initial launch of HostScan, System Scan (when ISE posture is enabled on the network), or DART (when ISE posture or HostScan is installed). ISE posture and HostScan use OPSWAT for posture assessment on endpoints, and the posture checks access these folders based on the product and policies configured.

At these popups, you must click OK to have access to these folders and to continue with the posture flow. If you click Don't Allow, the endpoint may not remain compliant, and the posture assessment and remediation may fail without access to these folders.

To Remedy a Don't Allow Selection
To see these popups again and grant access to the folders, edit cached settings:

Open System Preferences.

Navigate to Security & Privacy > Privacy > Files and Folders > .

Delete folder access related cache details in the Cisco AnyConnect Secure Mobility Client folder.

The permission popups will reappear with a subsequent start of posture, and the user can click OK to grant access.

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to deanr0057

‎10-13-2020 03:42 AM

Yes this sounds like your issue.

You might get less prompts if the users only select the AnyConnect module, but I haven't tested that myself.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card