Windows 10: Windows AnyConnect App client side certificate check

Is it possible to configure the Windows AnyConnect App to check for client side certificates matching a specific issuer CA? In Cisco AnyConnect client, this feature works fine as it's detailed in the AnyConnect profile, but in Windows AnyConnect app, I don't see any way to force it to check the certificate store on the client for a matching certificate. The matching client certificate is required by the VPN firewall when authenticating the VPN connection, so without it, the Windows AnyConnect VPN fails to establish. Has anyone got any experience or knowledge of such a setup? Please let me know

:)

 

Cisco AnyConnect

Hello
Xiu RuLim,

It seems that there are some traces in the registry left even after uninstalling the program.
I suggest that you follow these steps to delete the registry keys related to Cisco AnyConnect.

Disclaimer: The steps below includes system registry modification. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection,
back up the registry before you modify it. Then, you can restore the registry if a problem occurs.

Make sure to backup registry first, please refer to this support article:
How to back up the registry in Windows. Please follow the steps below:

1. Press Windows key + R. The run dialog box will open.
2. Type regedit, then press Enter.
3. Browse to the following location: HKEY_CLASSES_ROOT\Installer\Products\
4. Within the Products folder, locate and delete the registry key which contains product information for
   Cisco AnyConnect Secure Mobility Client.
   
   ◦Each registry key within Products is an alphanumeric string. Select the first key and look on the right side for ProductName REG_SZ Cisco AnyConnect Secure Mobility Client. Go through each key in the Products folder until you find the one for Cisco AnyConnect
   Secure Mobility Client.
5. Close the registry editor.
6. Once done, try to start the installation for Cisco AnyConnect.

Hope this helps. If you would like me to provide additional advice, simply respond to this thread. I will get notified and I’ll reply to you as soon as I can.

 

Certificate Templates on the client side

Hi,

Good day to you all! I hope this is the right place to ask this.

I have a few questions related to how certificate templates are being stored and distributed under AD CS:

• How do the clients get a list of applicable certificate templates from the enterprise CA, which is shown at the time when a new manual certificate enrollment is performed (e.g., someone goes to certmgr and request for a new certificate)?
• How are certificate templates being stored on both the CA side and the client side? Is there a directory that the templates reside in? Or are they just a collection of Windows registries (e.g. Software\Microsoft\Cryptography\CertificateTemplateCache
  under HKCU and HKLM)?
• Is it possible to programmatically read and parse certificate templates on the client side, ideally via some Microsoft provided public API? I am asking this because sometimes it is useful to check, verify and debug that
  
  a) clients are getting all the expected templates;
  
  b) the content of templates are as expected (particularly useful if there were templates of duplicated names, or an old template has its setting changed but the name is kept);
  
  c) applicable clients are indeed getting the same list of templates.

Please bear with me as I am a rookie to AD CS.

Thanks!

 

AnyConnect Software not installed on Windows 10

Hello Team,

We tried to upgrade Anyconnect secure mobility client 4.9.00086 through the SCCM tool on the end-user machines. Some of the users having issues after the upgrade. they are getting below error message.

"There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor." error message while installing the latest AnyConnect Client applications on user
PCs.



This issue has occurred on Windows 10 1607 (OS Build 14393.3930) version. On this OS we can not install a higher version anyconnect file and a lower version anyconnect file.

Some of the user's are sitting in offices and some of the users are working from home through VPN.

When we deploy package through SCCM that time user connected on VPN and at that time existing VPN get uninstall & communication of that systems with SCCM get disconnected so that new version up-gradation is gets stuck till when it again communicate
to SCCM. After communicating with SCCM then also it's not working.

We have tried the below troubleshooting steps.

>> The customer has followed the steps as per the article Cisco AnyConnect - Error 1722. There is a problem with this Windows Installer package. | PeteNetLive. After that tried to install the AnyConnect 4.9.00086 version again, but we were still getting the same error message.

>> Shared PurgeNotifyObjects.exe file with the customer and ran the command "PurgeNotifyObjects.exe -confirmdelete". After that tried to install the AnyConnect 4.9.00086 version again, but we were still getting the same error message.

>> Also tried to run the Microsoft trouble-shooter tool Fix problems that block programs from being installed or removed

>> Tried to install different versions of AnyConnect Client 4.9.01095 and 4.8.03052, the installation has failed with the same error message.

On the same OS version, the same Anyconnect version is successfully installed on the end-user machine.

Can you please suggest the next step to resolve this issue? It's really helpful for me.