Failed to get configuration from secure gateway. Contact your system administrator.

Unanswered Question
Apr 15th, 2013

I have an ASA 5515 running 9.1(1).

One of my customers is attempting to connect with AnyConnect 3.1.02040 and after authenticating, he gets the message

Failed to get configuration from secure gateway. Contact your system administrator.

I have about 100 other customers who have not had this issue and can connect fine.

Since it appears to be localized to his PC, he's uninstalled and reinstall the client, but to no avail. He's using Windows 7 Pro.

On the ASA, while he is attempting to connect, I see this:

15:48:04|302014|<<<REMOTE IP>>>|51032|<<<ASA IP>>>|443|Teardown TCP connection 495403 for outside:<<<REMOTE IP>>>/51032 to identity:<<<ASA IP>>>/443 duration 0:00:00 bytes 8241 TCP Reset-I

14:48:04|725007|<<<REMOTE IP>>>|51032|||SSL session with client outside:<<<REMOTE IP>>>/51032 terminated.

14:48:04|113039|||||Group <GroupPolicy_AnyConnect> User <etpdeir> IP <<<<REMOTE IP>>>> AnyConnect parent session started.

14:48:04|734001|||||DAP: User etpdeir, Addr <<<REMOTE IP>>>, Connection AnyConnect: The following DAP records were selected for this connection: DfltAccessPolicy

14:48:04|113008|||||AAA transaction status ACCEPT : user = etpdeir

14:48:04|113019|||||Group = ibmdtsc, Username = etpdeir, IP = 124.128.162.43, Session disconnected. Session Type: AnyConnect-Parent, Duration: 0h:41m:41s, Bytes xmt: 885580, Bytes rcv: 1343, Reason: Connection Preempted

14:48:04|716002|||||Group <GroupPolicy_AnyConnect> User <etpdeir> IP <<<<REMOTE IP>>>> WebVPN session terminated: Connection Preempted.

14:48:04|113009|||||AAA retrieved default group policy (GroupPolicy_AnyConnect) for user = etpdeir

14:48:04|113004|||||AAA user authentication Successful : server =  172.29.128.126 : user = etpdeir

14:48:04|725002|<<<REMOTE IP>>>|51032|||Device completed SSL handshake with client outside:<<<REMOTE IP>>>/51032

14:48:03|725001|<<<REMOTE IP>>>|51032|||Starting SSL handshake with client outside:<<<REMOTE IP>>>/51032 for TLSv1 session.

15:48:03|302013|<<<REMOTE IP>>>|51032|<<<ASA IP>>>|443|Built inbound TCP connection 495403 for outside:<<<REMOTE IP>>>/51032 (<<<REMOTE IP>>>/51032) to identity:<<<ASA IP>>>/443 (<<<ASA IP>>>/443)

Any ideas?

I have this problem too.
5 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
oscardawgg Thu, 07/11/2013 - 12:40

Has there been any fix with this?  We are now running into the same issue.  Could it be a bad image that the devices are reaching for?

jeffrey.glandt1 Tue, 12/16/2014 - 23:41

i had this problem.  for me the cause had to do with internet explorer TLS settings.

in IE8 go to tools, internet options, advanced and under security I had to make sure Use TLS 1.0 was checked (only Use SSL 3.0 and Use TLS 1.1 were checked.  I left them checked.).

Actions

This Discussion

Related Content