Hello,

For ASA 5545, v-8.6(1)2 and AnyConnect v-3.1.0165, I'm trying to start an AnyConnect client tunnel on a remote RDP (both ends Windows 7) machine and am having problems. The RDP is configured to proxy smart card devices which generally works fine. I'm using current SafeNet eToken with current client software. When I start AnyConnect from client machines (no RDP), the tunnel opens with no problem using the smart card. When I try to start the tunnel on the remote machine via RDP, I'm prompted for cert selection and smart card PIN, but get a popup from AnyConnect: 'VPN connection terminated, smart card removed from reader'. When I try to start the tunnel via RDP but use the ASA web server to start, the tunnel starts up fine with the smart card.

For the problem condition, the Windows event log on the remote RDP machine shows 3 entires (see below) wrt acvpnagent show smart card removal errors but the USB device is always inserted. Also, in investigating, I changed the client profile 'server list' config to SSL instead of IPSec. Same failure but the popup does not show.

VPN connection terminated, Smartcard removed from reader.

Description: VPNMGR_ERROR_SMARTCARD_REMOVED:A smartcard required for the connection has been removed

Thanks in advance for any assistance.

Mike