Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco VPN Software Client Error - Can you decode?

Hi there. I don't have access to this system, only the info below. The Cisco VPN client has not been working recently and it appears it can't pull a cert. Not sure, this isn't my arena. Can you decode this and tell me what's wrong?

A fingerprint system attempts to communicate with a VPN (Concentrator or router) hub site but cannot do so. No communications for 3 days.

The Log:

Cisco Systems VPN Client Version 4.0.3 (A)

Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 5.1.2600

1 15:44:23.225 10/14/05 Sev=Warning/2 CERT/0xA360000A

Could not load certificate cn=XXXXXXX34,ou=XXXX-XXX-FINGERPRINT-SYSTEM,o=XXXX,l=Washington,st=DC,c=US from store Microsoft User Certificate. Reason: cert not found

2 15:44:23.225 10/14/05 Sev=Warning/2 CERT/0xA3600004

If you are using a smartcard or token containing a certificate, verify that it is plugged in and try again.

3 15:44:23.225 10/14/05 Sev=Warning/2 IKE/0xE3000007

Unable to open certificate (cn=XXXXXXX,ou=XXXX-XXX-FINGERPRINT-SYSTEM,o=XXXX,l=Washington,st=DC,c=US).

If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again.

4 15:44:23.225 10/14/05 Sev=Warning/2 IKE/0xE3000099

Failed to open my certificate (Connection:196)

5 15:44:23.225 10/14/05 Sev=Warning/2 IKE/0xE3000098

Failed to set up connection data

New Member

Re: Cisco VPN Software Client Error - Can you decode?

You're right about it not being able to pull the cert.

My guess is that something has sent the fingerprint reader a bit screwy. It could be something as simple as the user's profile became locked and a new one created - which would give them a new (and empty) certificate store. Does the reader work for other operations, e.g. system logon, file encrypt/decrypt, etc?

If using 2k or XP check that the user doesn't have multiple profile folders in Doc&Settings. If he/she does then its a fair bet that once they re-enroll they'll be working again. Have them try this even if their profiles are good, as it should create a new known good cert.

Also check the contents of the user's cert store: Start>Run>mmc, then press Ctrl+M > Add > Certificates [My User Account] and have a look in Personal>Certificates

If this still doesn't work, what's the fingerprint system being used, perhaps that'll give a clue for a workaround.



CreatePlease login to create content