Anyconnect 2.5 installation on XP fails

Answered Question
Jul 29th, 2010
User Badges:

Is anyone else having trouble with Anyconnect 2.5 installing on Windows XP?  Once it fails, I can have the user click on the manual installation link and that works perfectly.  However, the auto installation fails.  The users have admin rights.  2.5 also installs on Vista and Windows 7 without any problems.  I get the following error on XP installations attempts...


In the Event log,  I get a large number of events similiar to this...

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Event Type:    Error
Event Source:    vpndownloader
Event Category:    (1)
Event ID:    2
Date:        7/29/2010
Time:        9:07:11 AM
User:        N/A
Computer:    LVAK349
The description for Event ID ( 2 ) in Source ( vpndownloader ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Function: CManifestMgr::ProcessManifests
File: .\ManifestMgr.cpp
Line: 658
Invoked Function: GetManifest
Return Code: 0 (0x00000000)
Description: Failed to get main manifest


Correct Answer by balajirajahpb about 6 years 11 months ago

Can you please check what are the ssl encryption that you allowed like as below.

ssl encryption aes128-sha1 3des-sha1



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Todd Pula Thu, 07/29/2010 - 10:14
User Badges:
  • Silver, 250 points or more

Is this affecting one XP machine or multiple?  I would start by making sure that the WebVPN portal URL is added to the trusted site list in your browser.  I would also make sure that there are no restrictions enabled in the browser to run ActiveX or Java applets.

oemoralesjr Thu, 07/29/2010 - 10:40
User Badges:

It is all XP machines. We have even gone as far as trying machines not on the domain to ensure something with a GP was causing this. We have tried IE6 IE7, IE8, and FF as well. The site is added the trusted list as well.

atsarou Fri, 07/30/2010 - 03:09
User Badges:

Hi, it could be posiible that you have blocked active X components on your XP mashines. Try to add exception into web browser to allow active X from gateway, or add it to trusted

Kind regards, Andrei

oemoralesjr Mon, 08/02/2010 - 08:48
User Badges:

Its not Group policy.  Any XP machine gets the same error, even machines that have never been on a domain.

Correct Answer
balajirajahpb Tue, 08/03/2010 - 12:37
User Badges:

Can you please check what are the ssl encryption that you allowed like as below.

ssl encryption aes128-sha1 3des-sha1



oemoralesjr Tue, 08/03/2010 - 13:19
User Badges:


Yes, I did. I figured this out yesterday and you are right on. I changed logging levels to debug and saw the Ciphers being proposed by the ASA and the ones from the client and realized that there was not a common cipher.


This Discussion