VPN Client Issue after Vista Upgrade

Unanswered Question
Apr 21st, 2009

Not sure if this should be posted here, if not please let me know.

My organization has recently implemented Vista via an Upgrade-in-Place Process that takes an imaged system (Windows XP Pro - 32bit) and upgrades the system with a network image of Windows Vista Enterprise. Applications are left installed and herein lies my problem.

I'm using Cisco VPN Client 5.0.04, the client worked fine before the upgrade, after the upgrade, not so well.

While troubleshooting I noted the Cisco Systems VPN Adapter was no longer listed as being installed under Network Adapters in the Windows Device Manager, there was however an adapter, labled 6to4 adapter with an exclamation point. I went through the uninstall process for the Cisco VPN Client, rebooted and reinstalled. When trying to connect, I can use one of two pcf files (both are a back up of one another), the first connection profile goes through the motion of connection, tries to contact the security gateway, and states "Not Connected"

I enabled logging on the connection and tried again. Here's an excerpt from that log:

09:37:18.278 04/21/09 Sev=Warning/2 CERT/0xA3600038

Successfully added Key Usage fields to be matched.

7 09:37:19.792 04/21/09 Sev=Warning/2 CERT/0xA3600038

Successfully added Key Usage fields to be matched.

8 09:37:20.338 04/21/09 Sev=Warning/2 CERT/0xE3600001

Failed to launch application using cert pipe due to error: 0x800b010a.

9 09:37:20.338 04/21/09 Sev=Warning/2 IKE/0xE300009B

Failed to generate signature: Signature generation failed (SigUtil:97)

10 09:37:20.338 04/21/09 Sev=Warning/2 IKE/0xE300009B

Failed to build Signature payload (MsgHandlerMM:489)

11 09:37:20.338 04/21/09 Sev=Warning/2 IKE/0xE300009B

Failed to build MM msg5 (NavigatorMM:312)

12 09:37:20.338 04/21/09 Sev=Warning/2 IKE/0xE30000A7

Unexpected SW error occurred while processing Identity Protection (Main Mode) negotiator:(Navigator:2263)

Has anyone seen this behavior after an upgrade from XP to Vista? I'm I going to have to start with a fresh install? I appreciate any suggestions or advice.

Thanks,

Jimi

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
persianman Fri, 05/11/2012 - 07:00

Greetings,

I am currently facing the exact same problem with the exact same errors.

I am currently running Win 7 x86 with VPN Client Version 5.0.07.0410. I know the error has to do something with the certificate chain, but I am just lost as to whether a proper setting has not been turned on or if there is even something that is actively denying it.

Any help is greatly appreciated.

-Bardia

persianman Mon, 05/14/2012 - 11:01

I finally figured out this problem and I feel it should at least be shared for another person who runs into this problem.

The problem was resolved by loading my personal certificates (the one that is read by the smart card reader and used to authenticate me on VPN) needed to be added to the personal certificates folder in the Local Machine layer.

I did this by opening up an MMC window --> Adding the certificates snap-in (in windows 7 it distinguishes 3 different layers, so choose the local user and the computer layer) --> and then copying the certificates in the personal folder located under Certificates - Current User into the personal folder located in Local Machine.

The most likely reason this happened to me is that the image I was working with had security settings blocking the certificates to be read at the current user level and not at the local machine level. Therefore, it's a problem with out image and the security policies put in place at the registry level and/or group policies placed in Active Directory. This is more of a workaround than an actual fix to the problem, but at least it pinpoints where the break is happening.

Now I can push the image back to the developers to review the security policies placed in the image.

Actions

This Discussion