Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

Rare, but weird AnyConnect problem

Hey folks!

I have the following setup:

Laptop connects to wireless via WLC using Cisco Anyconnect client.  (WPA2 Enterprise AES,  with 802.1x configuration password/EAP-FAST)

WLC authenticates user ID via ACS.

ACS queries AD for user ID and passes or fails.

 

Occasionally, we have a user that cannot login, no matter what laptop he/she uses.

ACS failed attempts log shows the following:

EAP-FAST user was provisioned with new PAC

The only fix we've found is to create a new instance of the same SSID and have them login using that.

Once they trust the server cert, they can login to any laptop.

I assume it's because they "accidentally" chose to not trust the server certificate.  They always tell me they didn't do it  :)~

My question is this.  Why does that "accident" follow them from laptop to laptop?

Also, is there an easier fix than having them create an entirely new wireless connection in the AnyConnect client?

 

Thanks!

 

Ven

Ven Taylor
45
Views
0
Helpful
0
Replies
CreatePlease to create content