Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1916
Views
0
Helpful
1
Replies

AnyConnect intermittent connection issues

matthewceroni
Level 1
Level 1

‎08-14-2013 12:46 PM - edited ‎02-21-2020 07:05 PM

We have a few remote access VPN portals setup on Cisco ASA 5510.

Every now and then we get reports from users saying that it will not accept their credentials. After some time if they try again it will work. I have been trying to track down the issue but so far haven't been able to pin point it.

What I have so far is as follows (we are authenticating against AD).

From the console with debug ldap 255 on I see the following.

For a successfull login

There are two queries of AD/LDAP. First one is of reqType = 1 (New request Session, context 0xa854d828, reqType = 1) while the second query is of reqType = 0 (New request Session, context 0xa854d828, reqType = 0).

I am assuming this is authorization followed by authentication?

When the user reports that they can login failed, only the first request gets called. If I follow that debug log through it seems to indicate that it was successfull:

[18823] Session Start

[18823] New request Session, context 0xa854d828, reqType = 1

[18823] Fiber started

[18823] Creating LDAP context with uri=ldap://192.168.2.xx:389

[18823] Connect to LDAP server: ldap://192.168.2.21:389, status = Successful

[18823] supportedLDAPVersion: value = 3

[18823] supportedLDAPVersion: value = 2

[18823] Binding as administrator

[18823] Performing Simple authentication for asaldap to 192.168.2.xx

[18823] LDAP Search:

        Base DN = [dc=clairmail,dc=local]

        Filter  = [sAMAccountName=mceroni]

        Scope   = [SUBTREE]

[18823] User DN = [CN=XXXXXXXXXXXXXXXXX]

[18823] Talking to Active Directory server 192.168.2.21

[18823] Reading password policy for USERNAME, XXXXXXXXXXXXXXXXXX

[18823] Read bad password count 0

[18823] Binding as user

[18823] Performing Simple authentication for USERNAME to 192.168.2.XX

[18823] Processing LDAP response for user USERNAME

[18823] Authentication successful for USERNAME to 192.168.2.XX

[18823] Retrieved User Attributes:

It then lists out all the AD attributes and ends with

[18823] Fiber exit Tx=687 bytes Rx=9871 bytes, status=1

[18823] Session End

So as far as I can tell it was successfull but the second query never kicked off.

I then checked the event view for the AnyConnect client itself and noted the following error: CERTIFICATE_ERROR_VERIFY_KEYUSAGE_NOT_FOUND: No Key Usages were found in the certificate

Not sure if this is the cause as right now I am not able to successfully authenticate to see if this message still shows up or not.

Any help in further troubleshooting would be appreciated.

Thanks

Labels:
0 Helpful
1 Reply 1

paolo bevilacqua
Hall of Fame
Hall of Fame

‎08-17-2013 10:11 AM

Wrong forum, post in "Security - VPN". You can move your posting using the Actions panel on the right.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents