Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

posture assessment failed.Hostscan CSD prelogin verification failed

 

 

Hi Team,

While I am unable to connect cisco anyconnect vpn.

"posture assessment failed.Hostscan CSD prelogin verification failed"

 

Please let us know how to fix the issue.

 

Thanks

Naga

Everyone's tags (1)
6 REPLIES

Make sure your Host scan

Make sure your Host scan version matches the Anyconnect version (or use the anyconnect image for hostscan also).

 

 

Cisco Employee

Hi, It seems you have

Hi,

 

It seems you have prelogin polices defined on the ASA whose check the end client is failing.

Please check those settings.

 

http://www.cisco.com/c/en/us/td/docs/security/csd/csd34/configuration/guide/csd34cfg/CSDpretu.html

This document will provided the link to implement it in your case reverse engineer it.

 

You can also obtain Cscan logs from the end client machine and see where it is failing.

Path on windows 7

C:\Users\username\AppData\Local\Cisco\Cisco HostScan\log

New Member

I have the same issue, but

I have the same issue, but may have extenuating circumstances:

I have a Lenovo Laptop running LINUX with a Windows 7 KVM running inside it.

I connect to a customers system and until about 3 months ago it was working just fine, no issues at all, but then the customer upgrade their AnyConnect software and ever since then I am getting the error "Posture Assessment Failed: Hostscan CSD prelogin verification failed."

The customer says the rules require a valid OS (Windows 7 is valid the customer says), that the system must be running a valid Anti-Virus (I am running Symantec, and it is up to date,  which the customer says), and you must be running a firewall (I am, it is being managed by the Symantec Antivirus, and that too is valid according to the customer).

What I do not understand, is that no-one seems to be able to tell me what is failing.

Also in an above comment about where the log for this is, I do not see even the path that is mentioned (You can also obtain Cscan logs from the end client machine and see where it is failing. Path on windows 7 C:\Users\username\AppData\Local\Cisco\Cisco HostScan\log)

I am not sure how much of this is due to the LINUX/WINDOWS 7 KVM but I really need some help solving this issue.

Cisco Employee

After trying numerous

After trying numerous suggested options, A complete Uninstall of Cisco Anyconnect and re-install as described below worked for me.

Uninstallation

  1. Open the Control Panel and click on Uninstall a program.
     
  2. Select Cisco AnyConnect Secure Mobiliy Client and click the Uninstall link at the top of the list of programs.
     
  3. Follow through the complete procedure.
     
  4. Select Cisco AnyConnect Diagnostic and Reporting Tool and click the Uninstall link at the top of the list of programs.
     
  5. Follow through the complete procedure.
     
  6. Close Control Panel and open File Explorer.
     
  7. Navigate to C:\ProgramData\Cisco.
     
  8. Delete the Cisco AnyConnect Secure Mobility Client folder (if it still exists).
     
  9. Navigate to C:\Program Files (x86)\Cisco
     
  10. Delete the Cisco AnyConnect Secure Mobility Client and Cisco AnyConnect VPN Client folders (if they still exist).
     
  11. Navigate to C:\Users\%user%\AppData\Local\Cisco
     
    Note: Replace %user% with your user account name
    *You will need to show hidden folders to access the 'App Data' directory 
       
  12. Delete the Cisco AnyConnect Secure Mobility Client, Cisco Hostscan and Cisco AnyConnect VPN Client folders (if they still exist).
       
  13. Cisco AnyConnect Secure Mobility Client is now uninstalled. 
       
    *If you are unsure how to show hidden files and folder see here: http://windows.microsoft.com/en-us/windows/show-hidden-files#show-hidden-files=windows-7

 

So one of the things that

So one of the things that happens in posture assessment is that the a bunch of data gets passed between  the client and firewall... I tried bumping that limit and it fixed it for a while... 

Turns out the  user was using Fiddler which left many certificates in the Personal cert store...  once that was cleaned up, the issue dissappeared.

New Member

Re: posture assessment failed.Hostscan CSD prelogin verification failed

I have this same problem.  My cisco anytime worked fine at home for a few days and now I'm getting the error

Posture Assessment Failed: Hostscan CSD prelogin verification failed. 

Does anyone have a tried and true way to fix this.  I saw where a reinstall of Cisco Anytime might be required?

Thanks

26333
Views
0
Helpful
6
Replies
CreatePlease to create content