cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
28426
Views
0
Helpful
20
Replies

Windows 7 64 bit VPN client problems

fossellag
Level 1
Level 1

Hi there,

I am currently running Windows 7 Professional 64 bit and Cisco VPN client 5.0.07.0240. I am able to connect to my corporate network and work ok however connecting is a very long process!

Connecting in terms of time is broken down as follows:

Opening VPN client program: 70 seconds.

Click connect and wait for user credentials dialogue box: 30 seconds.

Enter credentials and click ok then "Authenticating user": 90 seconds.

"Negotiating Security Policies": 60 seconds.

User Credentials box re-appears, re-enter credentials as dialogue box is empty and click ok: 90 seconds.

"Authenticating User" and then connection establised: 120 seconds.

I have a colleague running 64 bit Windows 7 (ultimate edition) who is using the same version and doesn't have these issues!

Any ideas anyone?!?

Cheers,

Gary

1 Accepted Solution

Accepted Solutions

Gary, thanks for the update. So disabling the firewall and restarting the vpn service did not help . Could you please try and install the version 5.0.07.0290 ?

Before you do that I would like to know if you are importing the .pcf files for the VPN Client. If yes, please try and recreate a .pcf file on the PC and then try and use that file to connect. Also I see that the existing .pcf file you are using is a read-only file. Could you change that and give write permissions to the file and try connecting. If thess two steps do not help then lets install the version 5.0.07.0290.

Thanks,

Namit

View solution in original post

20 Replies 20

Jitendriya Athavale
Cisco Employee
Cisco Employee

do win xp or vista users to the same vpn headend face the issue

and the friend you were alking about does he connect to the same headend

please enable logs on the client and see if it is the traffic that is slow while connecting or something to do with PC

also try disabling any firewall, anti virus you have and try connecting

Will have to get back to you regarding users on other OS's as the client they use is a lot older.

My colleague is connecting to the same headend as me. Please find logs attached. Thanks.

looking at the logs it looks like there are times in between when nothing happens, i saw once before the xauth was

launced (user credentials). there was a lag of 10 sec and nothing happened

and again there was a idling for a duration of 30 sec again right after phase 1 came up

look slike there is something on the client which is delaying this

lets try this if possible can you ask your friend to send the logs too at the highest level and lets compare them with your logs at highest level

did u try disabling firewall/anti virus and try

Hello again.

To be honest, I did forget to disable both AV and Windows Firewall this morning. Attached are the latest set of logs with both of these services stopped.

I have asked my colleague to setup logging for when he logs in tomorrow morning so I should be able to post those logs tomorrow morning.

Thanks.

Gary

I just remembered something regarding other OS's. I had a 32bit XP machine that previously ran version 4.8.01.0300 (connecting to the same headend), this machine had the same issues when I uninstalled and upgraded to version 5.0.05.0290 a few months ago...

i see the same delays, lets wait for your friend to get back with debugs

also is it possible that you collect debugs on asa when you connect

I had issues with vista / windows 7 both 32 bit and 64 bit. I am myself using a windows 64 bit with older version of cisco client and it works like a champ. But the other day a user came up with windows 7 32 bit with the new version of cisco client and it would not load at all, I tried updating the citrix DNE update for windows 7 but it dint help either.


With no hope or help after uninstalling/installing ( using microsoft uninstall etc ) no help. Then tried this open source client "shrewsoft" , and it worked just fine.

so , check out that client and see if it helps you.

Thanks

Manish

Here are my colleague's logs. I will see if I can get hold of the logs at the other end..

.

here are the deviations i found

  • 3      20:44:24.908  09/20/10  Sev=Info/6    GUI/0x63B00011

          Reloaded the Certificates in all Certificate Stores successfully.

          4      20:44:46.404  09/20/10  Sev=Info/4    CM/0x63100002

          Begin connection process


you lost 20 + sec , but on the other end the connections starts directly from "begin connection process"

  • then right after the connection establishment is being tried, i see
  • 4      20:44:46.404  09/20/10  Sev=Info/4    CM/0x63100002

    Begin connection process

    5      20:45:16.840  09/20/10  Sev=Info/4    CM/0x63100004

    Establish secure connection

    we lose 30 sec here comapared to that of your collegue

    • then after it says lauch xauth application

             28     20:45:17.074  09/20/10  Sev=Info/4    CM/0x63100015

                         Launch xAuth application

                29     20:45:27.188  09/20/10  Sev=Info/6    IKE/0x63000055

                         Sent a keepalive on the IPSec SA

              36     20:45:57.733  09/20/10  Sev=Info/4    CM/0x63100017    

                        xAuth application returned

              again it takes around30 sec for the xauth application to be launched


    • here again we lose 30 sec after phase 1 is up when comapred to your collegue

         41     20:45:58.092  09/20/10  Sev=Info/4    CM/0x6310000E

                   Established Phase 1 SA.  1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system

           42     20:46:28.512  09/20/10  Sev=Info/5    IKE/0x6300005E

                   Client sending a firewall request to concentrator

    • again 20 sec

                   57     20:47:29.384  09/20/10  Sev=Info/4    CM/0x63100019


                        Mode Config data received




                   58     20:47:59.804  09/20/10  Sev=Info/4    IKE/0x63000056


                             Received a key request from Driver: Local IP = 10.249.128.10, GW IP = 213.249.231.100, Remote IP = 0.0.0.0

    after this for some reason it dicards the request (probably because it timesout) and starts the entire process again and the same delay again

    were you prompted to authenticate twice during this negotiation or just once

    i dunno for sure what is going on, lets see if someone can help, i will try to search some stuff and get back to you

    Namit Agarwal
    Cisco Employee
    Cisco Employee

    Hi Gary,

    You and your friend both using the same type of internet connection ? I just want to find out if you are using wireless connection.

    Regards,

    Namit

    Hi Namit,

    I can confirm that both my colleague and I use wireless. I have tested wired (and wi-fi disabled) with the same results.

    It is very odd that the VPN client takes just over 1 minute to launch and even more bizarrely my DVD drive gets queried just before launch.

    Regards,

    Gary

    Gary,

    After the connection is established, does the traffic present any problems ? Is the traffic flow normal or do you latency there as well ? Also could you please paste the contents of  the following files from the PC running into issues

    1) the client connection profile file with the extension .pcf under the path C:\Program Files\Cisco Systems\VPN Client\Profiles

    2) vpnclient.ini file under the path C:\Program Files\Cisco Systems\VPN Client

    Regards,

    Namit

    Traffic flow appears normal (have not monitored/checked) but I am able to get on with work as usual and connect to all relevant corporate systems with seemingly normal performance/response.

    Contents of vpnclient.ini:

    [main]
    ClientLanguage=
    EnableLog=1
    [GUI]
    DefaultConnectionEntry=myconnection
    WindowWidth=629
    WindowHeight=330
    WindowX=497
    WindowY=257
    VisibleTab=0
    ConnectionAttribute=0
    AdvancedView=1
    LogWindowWidth=0
    LogWindowHeight=0
    LogWindowX=0
    LogWindowY=0
    [LOG.IKE]
    LogLevel=3
    [LOG.CM]
    LogLevel=3
    [LOG.PPP]
    LogLevel=3
    [LOG.DIALER]
    LogLevel=1
    [LOG.CVPND]
    LogLevel=3
    [LOG.XAUTH]
    LogLevel=3
    [LOG.CERT]
    LogLevel=3
    [LOG.IPSEC]
    LogLevel=3
    [LOG.CLI]
    LogLevel=3
    [LOG.FIREWALL]
    LogLevel=3
    [LOG.GUI]
    LogLevel=3

    PCF file:

    [main]
    !Description=myconnection
    !Host=xxx.xxx.xxx.xxx
    !AuthType=1
    !GroupName=myconnection
    !GroupPwd=
    !enc_GroupPwd=xxxxxxxxxxxxxxxxxxxxxxxxx

    EnableISPConnect=0
    ISPConnectType=0
    ISPConnect=UCST RAS direct on Q
    ISPPhonebook=C:\WINDOWS\system32\Ras\Ucstras.pbk
    ISPCommand=
    Username=
    !SaveUserPassword=0
    !UserPassword=
    !enc_UserPassword=
    !NTDomain=
    !EnableBackup=1
    !BackupServer=xxx.xxx.xxx.xxx
    !EnableMSLogon=1
    !MSLogonType=0
    !EnableNat=1
    !TunnelingMode=0
    !TcpTunnelingPort=10000
    !CertStore=0
    !CertName=
    !CertPath=
    !CertSubjectName=
    !CertSerialHash=00000000000000000000000000000000
    !SendCertChain=0
    !PeerTimeout=90
    !EnableLocalLAN=0

    Regards,

    Gary

    Gary,

    Thanks for the details. The files look standard config. You have mentioned that your colleague runs the same version of the VPN Client on Windows 7  Ultimate and it works normally for him. On your system for Windows 7 Professional  was it a clean OS installation or upgrade from some OS like other Windows 7 or Windows Vista ?

    Please try the following steps

    1) disable the firewall on your system running Win 7 Pro , if any

    2) Please try restarting the service of the VPN client. (cvpnd.exe).

    3) Is it possible to uninstall and reinstall the VPN Client ? How do you determine that the DVD drive is queried before the VPN Client starts, does the drive light come up ?

    Regards,

    Namit

    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: