Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL VPN Login failure issue

Hello,

I am having an issue with some users trying to login to our SSL VPN (Anyconnect) via ASA5505 8.2(1).  Authentication is done via AD.  From the same computer, the client finds the DNS name and unlocks the login username and password.  When I enter a username and password and click connect, it is instantly rejected with login failure with the following event log:

Function: ConnectMgr::setPromptAttributes

File: .\ConnectMgr.cpp

Line: 2657

Invoked Function: setPromptAttributes

Return Code: -33554423 (0xFE000009)

Description: GLOBAL_ERROR_UNEXPECTED

Error text:

Login failed.

If I change the user account to another user (from the same PC), login works perfectly fine - this is only happening with 3 or 4 users - I have compared the user accounts of a failing account and a successful account and they are identical in AD. 

This has been driving me crazy - as a work around for the failing users, I just created a temporary account which works perfectly fine.  The request doesn't even seem to hit the ASA (there is nothing in the logs that show a failed attempt).  Still troubleshooting and looking at certificate's at this point.  Any help/suggestions would be greatly appreciated!!  Thanks.

Regards.

After a little more testing, seems somehow related to users being in to many groups in AD.      

Message was edited by: Rich Viola

Everyone's tags (5)
1013
Views
0
Helpful
0
Replies
CreatePlease to create content