×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

AnyConnect client 2.4 and machine certficate

Unanswered Question
Oct 23rd, 2009
User Badges:

Hi All!


I'm trying to configure AnyConnect to use our domain issued machine certificate for authentication together with radius otp password.


My problem is that the AnyConnect client does not find my machine certficate.


I have configured an xml file with:


<CertificateStore>Machine</CertificateStore>


<AutomaticCertSelection UserControllable="false">false</AutomaticCertSelection>


The Anyconnect client starts and I see a popup with "Looking for credential tiles" and directly "No certficates found", this on a Windows 7 and on a Windows XP I also get an popup to choose certficate but it is empty.


Also see part of a message that I do believe means "No certificates meet the application criteria" on the Windows 7 machine.


Please, anyone else that has tried this and have some suggestions, really need this to work!


Thanks!


/Johan


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Yudong Wu Fri, 10/23/2009 - 13:34
User Badges:
  • Gold, 750 points or more

1. can you confirm if machine cert is installed?

2. can you confirm if the user has the right to access machine cert.

If I remember correctly, "true" should let regular user to use "machine cert".

AgressoAB Sun, 10/25/2009 - 04:49
User Badges:

Thanks for replying! :)


Yes, the machine cert is there and i'm local admin on the computer, also tried the CertificateStoreOverride in the xml file but no luck.


There must be some kind of criteria that the AnyConnect client looks at but cannot find in my cert?


Is the config one the firewall involved in this first stage when the AnyConnect client looks for the certificate, could it be a config error on the firewall?

Yudong Wu Mon, 10/26/2009 - 09:17
User Badges:
  • Gold, 750 points or more

If PC does have the machine cert and user does have the access right to it, could you please verify if your machine cert is valid?

Based on "get an popup to choose certificate but it is empty", I am thinking a issue with your machine cert.


On ASA side, do you have ID cert and CA cert installed?

AgressoAB Mon, 10/26/2009 - 11:31
User Badges:

Yes, ID cert and CA cert install, it works.


The machine cert worked when I tried the Cisco IPSEC VPN client, it finds it and I can connect and authenticate, but not with the AnyConnect.


Thanks!


/Johan


Yudong Wu Mon, 10/26/2009 - 14:37
User Badges:
  • Gold, 750 points or more

can you try to disable "User Account Control" and try it again?

If it still does not work, please open a case with TAC.

AgressoAB Tue, 10/27/2009 - 04:38
User Badges:

UAC disabled, same error, TAC case opened, thanks for your help!


/Johan


Actions

This Discussion