Cisco AnyConnect 4.10 issue after Profile XML Overwrite.
We are seeing this behavior in 4.10.04071 but we did not see with 4.10.00093.
I feel I must give you a flow of the install from our environment so you could see where the issue may be.
- SCCM deployment of both prelogin (gina) app and then mobility app, and finally XML dropped in ProgramData Profile folder with default servers via install.cmd.
- For a client specific config (where our issue comes from), a Computer GPO overwrites the Profile XML with the client one.
- For some, they get that error and CAC is dead in the water. The only fix is to use FixMe or similar to remote to PC, delete the user's Preference.xml and restart. (end user is restricted from C:)
- When we see this issue, the previously overwritten connections are listed, though no longer in the xml. (due to the preferences.xml I'm sure.) The DNS issue pops up when trying to make a connection.
We noticed this when pushing an upgrade to the desktops (both in-place and full un/reinstalls) from a working .00093 build this definitely shows up.
We've discovered that if we delete the Preferences.xml in the user profile folder, the issue goes away. I know there is a "client certificate preference" section which may be an issue if created from previous version of the app.
At first, our site support would clear DNS and it would work temporarily but then comes back (this is not the fix). But I believe the 1st resolution is working ... so far.
We don't really believe it is a true DNS issue.
Any idea what has changed to where this would happen?
Are there other steps in this scenario where this could be avoided? We've already built a client-specific installer which deploys the client VPN connection during imaging and fresh deployments to avoid the issue. Results are TBD.
