I am having an issue with some users trying to login to our SSL VPN (Anyconnect) via ASA5505 8.2(1). Authentication is done via AD. From the same computer, the client finds the DNS name and unlocks the login username and password. When I enter a username and password and click connect, it is instantly rejected with login failure with the following event log:
Invoked Function: setPromptAttributes
Return Code: -33554423 (0xFE000009)
If I change the user account to another user (from the same PC), login works perfectly fine - this is only happening with 3 or 4 users - I have compared the user accounts of a failing account and a successful account and they are identical in AD.
This has been driving me crazy - as a work around for the failing users, I just created a temporary account which works perfectly fine. The request doesn't even seem to hit the ASA (there is nothing in the logs that show a failed attempt). Still troubleshooting and looking at certificate's at this point. Any help/suggestions would be greatly appreciated!! Thanks.
After a little more testing, seems somehow related to users being in to many groups in AD.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :