vpn troubleshooting
- That IT Jazz
- March 18, 2022
- 4:27 am
We’re gonna focus on troubleshooting steps for Cisco’s Anyconnect VPN. Reason being it seems to be the most common among corporations. If your company is using another VPN vendor, some of these tips may still apply, but you can always google around for similar steps.
login failures
Let’s say you have someone who’s login attempts keep failing. The first thing you should do is confirm whether the password on their account has recently been changed or if the account is locked. If your user is unsure, use a tool like Microsoft’s LockoutStatus to verify the last time the password was changed and check the current lockout status of the account. Active directory can also give you this information, but I find that something like lockoutstatus is faster to discover the last time a users password was set.
After checking lockoutstatus, we confirm that the password was recently changed, and the user’s AD account is currently locked out. Cisco Anyconnect could be auto filling the login info with old, cached credentials. The cached credentials would explain the failures and would also explain why their account was locked (too many failed login attempts). It’s also likely that the account was locked for another reason. Unlock the account and have them try manually logging in rather than letting them use the auto filled credentials. If it’s successful, instruct the user to contact you if the issue returns. If the account ends up locked again, then something else is locking the account and you will have to hunt that down.
Its not always that easy, if you either can’t enter the credentials or the new credentials keep failing. We can try 1 of 2 things, or both. I would just do both at the same time, the only reason you would want to try 1 at a time is if you’re curious whether they work separately for your specific issue.
Thing 1:
Navigate to c:\users\username\appdata\local\cisco\Cisco Anyconnect Secure Mobility Client. There should be a “preferences” file that can be deleted. This should clear the cached credentials. Once this is deleted, try to login again.
Thing 2:
Navigate to c:\programdata\ Cisco\Cisco AnyConnect Secure Mobility Client\Profile. The Profile.XML file can be deleted. Deleting this should clear out more than just the credentials, you may want to reboot before trying to log in again.
Note: Both “appdata” and “programdata” are hidden by default, make sure to enable “hidden items” in your file explorer view.
If either of the previous steps didn’t resolve the issue, the next step should be to uninstall and reinstall the vpn client. After uninstalling the client through windows, make sure to delete the cisco folders in the directories mentioned above. Also delete them from the program files directories. I have seen issues persist even after an uninstall/reinstall if I didn’t delete those folders. Depending on the setup the reinstall may be as easy as going to “anyconnect.yourcompanydomainhere.com” to get the correct client.
dns errors
This indicates that the name typed into the VPN client is incorrect. Ie: anyconnect.thatjazz.com (good), anyconnect.hatjazz.con (bad). In this case you just need to correct the name in the client.
If for some reason it is preventing you from changing the name try navigating to c:\programdata\ Cisco\Cisco AnyConnect Secure Mobility Client\Profile , then delete the profile.XML file and reboot the computer. This should clear out the cached info and allow you to manually type in the correct name.
If deleting the profile didn’t resolve the issue, then just uninstall and reinstall the client. If what was mentioned here did not resolve your issue, escalate the case or reach out to your next level of support for assistance.
final thoughts
VPN client issues seem tricky at first, but after dealing with them a few times, its cake. Don’t spend too much time troubleshooting the VPN client since you can always just uninstall and reinstall it. If you have suggestions for future topics you would like to see covered, feel free to send an email through the “contact” page.