This is my first post, and I hope I am placing this in the correct group.
I have several associates that I am supporting who are working at a customer site. Two of those associates have recently started experiencing BSoD shortly after connecting to the customers network using the AnyConnect client v2.4.1012. I do not know for sure that AnyConnect is causing the problem, or is conflicting with something resulting in the blue screen, but in searching it appears it may be. The two associates having the problem also have the AT&T Global Dialer client installed on their assigned computer, and I have seen this has been a problem in the past with v2.2, though this was supposedly resolved. The other curious thing is that this just started happening, though they have been using the client for several months now, and the AT&T client has been installed the entire time.
So, all of that said, has anybody else been experiencing issues with the dreaded BSoD with v2.4.x?
All computers are XP SP3, Windows firewall disabled, McAfee 8.7.0i, and Verizon VZ Connect. The only computers with this problem are the ones with the AT&T dialer, and like I said, this just started to happen after several months without an issue.
I would really like to avoid removing the AT&T client as they need that to connect to a different customer's network. Worse comes to worse I will unistall it as the customer using the Cisco client is a bit higher priority right now.
Thank you in advance
Nothing rings a bell straight away.
If you can share a few more details...
- is CSD being used
- is compression configured and used for those users?
- any recent updates for any of the mentioned products?
- have those users by any chance tried reinstalling clients?
I'll have to verify, but I do not believe CSD is used. Not sure about compression either.
We don't currently use the client in our office, this is something our customer uses, so I am not intimately familiar with the product. The client software is pushed to the users computer when they connect for the first time to the clients site, which I assume is typical. So they get certificate and then client and then they are off and running. I do know they have mentioned that they once in a while will see an update pushed to their computer when they connect to the customers network over the VPN, and it looks like an update for the Cisco client. They do not have administrator rights, so I don't know whether the update succeeds or not, though I don't see any failures in the event log.
You ask if they have tried reinstalling, oddly enough on one of the computers that most recently experienced the BSoD I just reinstalled the client. And I had to do this because all of the sudden out of the blue the client vanished from his computer. Gone, nothing there except shortcuts to noexistant software. And again the user does not have rights to add/remove, I have to log in to install the software. Only thing I can figure is an update ran and terminated, though I saw no error, and wiped out the folder.
Also, MS pushed some update last night, which were installed. However, the BSoD issue only cropped up for one additional user out of 4, so I can't just assume it was Windows updates that caused it. All the computers are same make and model at same patch level.
I do also know the customer tries to push group policies to my users computers from their Windows AD network.
Can printer drivers cause issues?
One of the users will be in the office Friday and I will unistall the AT&T dialer and unistall and reinstall the AnyConnect client.
I doubt printer drivers cause an issue unless for some reason driver database got corrupted ...
You are correct anyconnect clinet updates are pushed from headend. One test I can think of is to check if working clients run a different version (maybe pushed recently from headend). I belive 2.5 is latest available for anyconnect, but I'm not following release cycyle.
Usually extracting DART information would provide more info. However, it's quite extensive in volume and I guess you'd need to open a TAC case to have it analyzed. Anyhoo it's something to think of once you have the actual PC in front of you.
I just remembered something else, though I don't know all the particulars like what the proxy server is, etc. The BSoD apparently always happens right after they attempt to connect to the internet through the customers proxy server. So, in order they:
1) Launch the client
2) provide the credentials
3) are authenticated and connect to the network
4) Launch Internet Explorer
5) are challenged for credentials with a web form page
6) provide credentials
7) BSoD and OS restarts
Again, only 2 of my 4 users down there are experiencing any issues.
They have to have web access because the warehouse management system they are working on uses a web UI.
It's just getting weirder and weirder, I'd suggest having a DART pkg file handy to install it on affected PC and gather it after BSoD.
At least it does not ring any bells. Answers to questions I asked before would most likely be helpful to narrow things down.
Thank you for your responses. I think I resolved the problem. For whatever reason, even though both the AT&T Global Dialer and the AnyConnect client have been installed on the computers for perhaps a year now, the AT&T dialer has started to conflict with the AnyConnect Client, or maybe more specifically with whatever system is providing authentication to allow internet access once the users have VPNed into the customer'e network. Now that the AT&T software is uninstalled the problem has gone away. Or at least for now it has.
That sound very odd.
Was the At&T client installer or updated after anyconnect has been installed?
Sorry it took so long for me to reply, I was out of the office
Yes, odd, and annoying. I sort of suspected it was the other VPN client since the BSoD message hinted that the error was a driver and the VPN clients are basically network 'devices'. The only thing I couldn't and still can't figure out is why the form page for the customers proxy server is causing the system to blow up.
But to answer you question, the AT&T Global dialer was installed first on these notebooks, then the AnyConnect client a few months later. And again, they both worked without a problem on the computers for quite some time before this issue popped up. Second, the AT&T client has not been updated since first installed. It appears on the other hand, according to my associates, that the customer who uses the AnyConnect client pushes client and policy updates to their computers from time to time, and I suspect that is what 'broke' the ability for the two clients to exist on the some computer.
To expand on this further, the customer in question previously had our consultants use a Nortel dialer, then switch to the AnyConnect client. The Nortel dialer was uninstalled. The AT&T Global dialer worked all along without a hitch until just recently.
Well yes, Anyconnect will be pushed from headend when an newer version is installed there.
Also newer profiles altering some system veriables and much more) will be pushed from headend.
What would be to interesting to try is to perform an installation of a standalone anyconnect client on a machine which was affected by the problem before.Ie have both at&t and anyconnect again, but instead of relying on Anyconnect being pushed from headend, install it locally.
If the problem is still reproducible, we could gather a DART bundle and most likely have it analyzed by someone in BU or TAC. That will however require SR opened.
Here is the BSoD message:
DRIVER_IRQL_NOT LESS OR EQUAL
Then a bunch of the usual blah blah blah and then the technical info
*** STOP: 0x00000001 (0x00000000, 0x00000002, 0x00000008, 0x00000000)
I've found a variety of suggestions of what could cause that error.
I asked one of the users to check and see if they use compression and it looks like they do not. I also asked to see if they can get DART from the customer.