Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

9971 fails authentication with ASA Anyconnect

I've had a tac case open for almost a month and 5 engineers cannot figure out why no phones can authenticate with an ASA that is configured with anyconnect but windows laptops can despite using the same exact credentials.  All 5 engineers have gone through the config and have confirmed that the config on the ASA and CUCM are correct.

When running debug crypto ca 255, I get the following in the ASA.  Any ideas?

ASA# debug crypto ca 255
ASA# CERT_API: Authenticate session 1, non-blocking cb=0x8be78a0
CERT API thread wakes up!
CERT_API: process msg cmd=0, session=1
CERT_API: Async locked for session 1

CRYPTO_PKI: Checking to see if an identical cert is
already in the database...

CRYPTO_PKI: looking for cert in handle=ab3d12b0, digest=
2a 4c e4 67 57 70 cc 08 9e 20 41 f6 a7 6c XX XX    |  *L.gWp... A..l.

CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND
CRYPTO_PKI: Cert not found in database.

CRYPTO_PKI: Looking for suitable trustpoints...

CRYPTO_PKI: Storage context locked by thread CERT API

CRYPTO_PKI: Found a suitable authenticated trustpoint anyconnect_Cisco_Manufacturing_CA_trustpoint.

CRYPTO_PKI(make trustedCerts list)CRYPTO_PKI:check_key_usage: ExtendedKeyUsage extension not found.
CRYPTO_PKI:check_key_usage:Key Usage check OK

CRYPTO_PKI: Certificate validation: Successful, status: 0. Attempting to retrieve revocation status if necessary

CRYPTO_PKI:Certificate validated. serial number: 5A8B49E400000017XXXX, subject name:  cn=CP-9951-SEPa45630XXXXea,ou=VTG,o=Cisco Systems Inc.,serialNumber=PID:CP-9951 SN:FCH1603XXXX.

CRYPTO_PKI: Storage context released by thread CERT API

CRYPTO_PKI: Certificate validated without revocation check
CERT_API: calling user callback=0x8be78a0 with status=0
CERT_API: Async unlocked for session 1
CERT_API: process msg cmd=1, session=1
CERT_API: Async locked for session 1
CERT_API: Async unlocked for session 1
CERT API thread sleeps!

  • IP Telephony
New Member

9971 fails authentication with ASA Anyconnect


This widget could not be displayed.