×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Unable to connect to Internet once connected via AnyConnect VPN

Unanswered Question
May 26th, 2014
User Badges:

Hello Everyone,

 

I know you have seen a number of these types of questions but I have a issue that is rather irritating to me.

 

OS: Windows 8.1 Pro

32-bit or 64-bit: 64-bit

AnyConnect version: anyconnect-win-3.0.5080-web-deploy-k9

 

Whenever I install the AnyConnect vpn on a new Windows 8.1 or Windows 8 machine I always seem to have the following issue... Unable to connect to the internet once the VPN is connected. I am able to access the VPN sites without a hitch and anything that requires the VPN works fine. But anything outside the VPN gives me an error such as bad DNS probe or Unable to connect.

 

I have been able to fix this in the past by using a regsvr32 command but I no longer remember which DLL I needed to re-register. I have found the following errors in my Windows Event viewer after installing and attempting to connect.

Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 394
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.

--

Function: wWinMain
File: .\InstallHelper.cpp
Line: 239
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

--

Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 394
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.

 

--

Function: wWinMain
File: .\InstallHelper.cpp
Line: 239
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

--

Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 394
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.

 

--

Function: wWinMain
File: .\InstallHelper.cpp
Line: 239
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

--

Function: URL::URL
File: .\Utility\URL.cpp
Line: 46
Invoked Function: URL::setURL
Return Code: -28508150 (0xFE4D000A)
Description: URL_ERROR_BAD_URL
parameter=

--

Function: CHttpProbeAsync::OnOpenRequestComplete
File: .\IP\HttpProbeAsync.cpp
Line: 254
Invoked Function: CHttpSessionAsync::OnOpenRequestComplete
Return Code: -31522780 (0xFE1F0024)
Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

--

Function: CNetEnvironment::TestAccessToSG
File: .\NetEnvironment.cpp
Line: 1024
Invoked Function: CNetEnvironment::analyzeHttpResponse
Return Code: -28901363 (0xFE47000D)
Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

--

Function: CThread::invokeRun
File: .\Utility\Thread.cpp
Line: 376
Invoked Function: IRunnable::Run
Return Code: -32047093 (0xFE17000B)
Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

--

Function: CNetEnvironment::logProbeFailure
File: .\NetEnvironment.cpp
Line: 1073
Invoked Function: CHttpProbeAsync::SendProbe
Return Code: -27000818 (0xFE64000E)
Description: HTTP_PROBE_ASYNC_ERROR_CANNOT_CONNECT
HTTP (host: mus.cisco.com)

 

----------------

 

Troubleshooting steps taken:

Uninstalled VPN completely

Reinstalled as Administrator

Searched far and wide on google for possible fixes

Set AnyConnect adapter to the following settings:

Original settings: http://puu.sh/926tB.png

Modified: 

http://puu.sh/926ye.png 

http://puu.sh/926zp.png

 

Ensured that ICS was turned off on primary connection.

 

 

So, anyone got any ideas on what to do from here? I am officially lost.

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marvin Rhoads Mon, 05/26/2014 - 10:09
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

First off, is the VPN configured to allow split tunneling? It's not always allowed by the ASA policy. You can check if only certain remote networks or all networks (0.0.0.0 0.0.0.0) are to use the VPN via the AnyConnect details (call up AnyConnect while on VPN, click the gear icon and choose VPN, route details on the resultant display).

Second, AnyConnect 3.0.5080 is about 2-1/2 years old and is not officially supported for use with Windows 8 (much less 8.1).

Would it be possible to install a more recent AnyConnect version that supports Windows 8.1?

Reference.

kurotsuki007 Mon, 05/26/2014 - 10:20
User Badges:

Unfortunately, I am unsure if I am able to get a newer version of the AnyConnect. The version that I listed is the one that is provided from my employer and I don't know if their systems can handle a newer version at all.

Marvin Rhoads Mon, 05/26/2014 - 10:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Re the version, you'd have to take that up with your employer then. Updating the AnyConnect pkg file on an ASA is a simple 5-minute task but they may want to hold off for reasons of their own. Still, if they expect you to connect with a current OS they should be keeping the packages more up to date.

What about the first question I asked?

kurotsuki007 Mon, 05/26/2014 - 11:12
User Badges:

Sorry about that, I did not notice the first question. Please check the attachment for the exported stats from the advanced config. Also, it does state that Split is enabled.

kurotsuki007 Mon, 05/26/2014 - 11:17
User Badges:

I was able to update the version to 3.1.02026 but I still am unable to connect to the internet once connected to it.

Marvin Rhoads Mon, 05/26/2014 - 13:14
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

3.1.02026 supports Windows 8. Were you not able to get a copy of 3.1.04072 (or later 3.1.05060 is current) which is recommended to support Windows 8.1?

Is it just the DNS lookups that fail? i.e. - what happens if you ping 8.8.8.8?

kurotsuki007 Mon, 05/26/2014 - 13:25
User Badges:

Unfortunately no I was not able to get a newer version than 3.1.02026. I am unable to download it from the Cisco website due to my employer having the contract and not myself.

 

C:\Windows\system32>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=38ms TTL=46
Reply from 8.8.8.8: bytes=32 time=37ms TTL=46
Reply from 8.8.8.8: bytes=32 time=36ms TTL=46
Reply from 8.8.8.8: bytes=32 time=38ms TTL=46

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 36ms, Maximum = 38ms, Average = 37ms

 

C:\Windows\system32>tracert google.com
Unable to resolve target system name google.com.

Andres Villarroel Fri, 05/29/2015 - 09:53
User Badges:

Rodrigo,

 

Are you having the same issue using the latest AnyConnect 3.1.08009?

kurotsuki007 Mon, 05/26/2014 - 16:24
User Badges:

I have also attached the latest Event View log for you. I just installed version 3.1.04072 and I am still having the same issue.

Attachment: 
Marvin Rhoads Mon, 05/26/2014 - 16:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

As we can see from your successful ping and failed name resolution, it's DNS that's failing. Your logs indicate you are getting two DNS server entries via the VPN but the AnyConnect client isn't working well with Windows 8.1 split DNS 

I'm not positive it's fixed in the latest AnyConnect but it's worth a try. Send me a PM for a link to the latest installer.

Marvin Rhoads Tue, 05/27/2014 - 05:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Sorry, but your account isn't allowing PM replies. If you want to PM me your email I can reply to that.

kurotsuki007 Tue, 05/27/2014 - 08:23
User Badges:

I sent you a new message with my email. However I think I found the root cause of my issue...

 

When looking at my default DNS servers they were listed as IPv6, IPv4, IPv4 in that order. So when the VPN attempted to connect it attempted the IPv6 DNS first but failed as the VPN is set up to not use IPv6. I simply disabled my IPv6 for the time being until I can get a better fix.

Marvin Rhoads Tue, 05/27/2014 - 12:17
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

OK, emailed you a link to the latest installer just in case. Glad you found a work around.

kurotsuki007 Mon, 05/26/2014 - 20:40
User Badges:

I found a temporary workaround for now...

The VPN connection was using the WINS connections as DNS connections instead of using my systems DNS. I forced it to connect to 8.8.4.4 and 8.8.8.8 and have temporarily resolved my issue.

 

Nevermind, workaround was not as I expected... Changing the DNS on the VPN only allowed connection to ip's instead of FQDNs

kurotsuki007 Mon, 05/26/2014 - 12:45
User Badges:

Anyone else have any ideas? I need to get this issue fixed so I can work again.

Actions

This Discussion