I know this has been done to death by the looks of the websites/posts I've found but I'm still getting nowhere.
Win7 PC's at a remote location. Users have never logged onto them, and I need SBL.
pre-Installed the Anyconnect client v 3.1.04066, with the SBL addon
However nothing I do seems to permit me to use SBL.
I press C+A+D, and try switch user, but I get no icon on the lower right to run the SBL window.
Is there something I'm missing here?
In addition to installing the SBL addon have you also edited/setup the XML profile that AnyConnect uses with the settings for SBL?
To enable SBL we needed GINA module installed on your machine and a a profile with SBL enabled.
If you are looking for it to be pre-installed then make sure you have this 2 things there on your PC.
You can download the GINA module from the cisco site. It comes in budle with the ISO file and you have to manually import the profile.
In case if you already have both of them and still its not working we would need a DART logs from the machine,.
Thanks for your responses,
I've got the SBL installed as well, it was installed as part of the anyconnect package. Where do I locate the XML profile for anyconnect? I've done a search and find c:\program files\cisco\cisco anyconnect secure mobility client\acsock.xml, but this has no entries for either "start" or "SBL".
Is this the correct file?
I've located 4 other xml files under C:\programdata\cisco\cisco anyconnect secure mobility client\
I assume it's one or more of these.
Note, the latest version 3.1 of anyconnect seems to have a different folder structure to the previous 3.0 version.
The first time that I installed AnyConnect for a customer who wanted support for SBL I found the XML profile and actually edited the XML code to create the entries that we needed. After that I discovered that it is possible to edit/create the profile through ASDM and this is generally an easier process. So my advice to you is to look into ASDM as the way to get the entries that you need in the profile.
Thanks for that Richard, But the problem is for me to edit via ASDM, means all of the machines will have to be brought to site, for the users to log on, so we can obtain cached credentials, so the VPN can be initiated to download the profile.
This isn't an issue for a couple of users, but if we have 50 or 60, then it will be very labour intensive, with hours wasted in travelling time.
Although can someone confirm if I do this through the ASDM route on one machine, then copy the profile and put it on all other machines it will work?
Is it possible for those PCs to connect to the ASA from where they are? If so the XML profile could be loaded automatically and remotely.
For some it's possible, but for most it will mean physically picking them up and moving them to do this.
I have SBL working now on the client side. I created the profile on the asa and connected to the test machine used for getting this working. However I'm getting the certificate error caused with AC3.1, and the client logon then VPN logon prompts me to connect anyway, however the SBL VPN authentication terminates with a trusted network error.
Does anyone know of a way to ignore and use the self cert or will I have to go down the route of purchasing a new certificate?
I am not aware of a way to use the self signed certificate without getting the error. If you do not want users to see those error/warning messages then I believe that you need to purchase a public certificate.
Thanks for your help.
Looks like it might have to be a new certificate, because without it the SBL won't connect. And our users are now complaining that they have to click to continue at the cert warning.