?
Solved

cisco anyconnect errors

Posted on 2014-08-16
6
Medium Priority
?
15,626 Views
Last Modified: 2014-08-19
On a Win7/64 machine I connect to a university system through Cisco AnyConnect Secure Mobility Client (VPN). I installed it two weeks ago and it has been working. The other day, however, I checked my Win event log for the first time since I installed the VPN and saw that every day since then I have been getting Event ID 2 and 1 errors engineering debug details. Here are some of the warnings and errors:

Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR50.737014390519\ElGreco_MR5\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.leaf

Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File: .\HostConfigMgr.cpp
Line: 1769
Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return Code: -24117215 (0xFE900021)
Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Function: CHostConfigMgr::updatePotentialPublicAddresses
File: .\HostConfigMgr.cpp
Line: 1914
Invoked Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
Return Code: -24117215 (0xFE900021)
Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR50.737014390519\ElGreco_MR5\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.service.namcntrl

Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR50.737014390519\ElGreco_MR5\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.service.websecurity

Function: XmlParser::invokeParser
File: .\Xml\XmlParser.cpp
Line: 182
Invoked Function: ISAXXMLReader::parse
Return Code: -2146697210 (0x800C0006)
Description: WINDOWS_ERROR_CODE

Function: CPhoneHomeAgent::LoadFileToMap
File: ..\PhoneHomeAgent.cpp
Line: 2360
Can't open file C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\CustomerExperienceFeedback\config

And there are more. The university techs have been slow in responding, and unless you are a direct customer of Cisco, you can't use their ticket service for support. Hence I turn to the experts. Some points to consider: I can successfully connect to the VPN; the errors appear on startup whether I connect to the VPN or not; for the VPN to work, I must make IE11 my default browser; finally, I know what a VPN is and does, but am untutored in its principles. So in this case, the more tutorial the advice, the better. Thank you.
0
Comment
Question by:normanml
  • 3
  • 3
6 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 40265825
I suppose Event ID: 1 Source: Cisco TFTP and Event ID: 2 Source: acvpnagent

if you are using RDP to another PC and launching the AnyConnect from that desktop then it likely not possible from past understanding

nonetheless, assuming it is not, there is the MS update on IE that seems to have some implication to anyconnect, pls see
http://social.technet.microsoft.com/Forums/exchange/en-US/e3d89862-6613-4515-b504-5b111978308f/tcpip-has-chosen-to-restrict-the-congestion-window-for-several-connections-due-to-a-network?forum=w8itpronetworking

So far, I dont belive it is driver, or netcard related, so I totaly agree with your findings that this has to be a MS problem, maybe a "spam" protection setting implemented the wrong way...
"A bit more investigative info...
 The last update "remove" above (KB2964358) describes a security fix to Internet Explorer.  I looked at one of the files (mshtml.dll) which that fix was supposed to bring up to version 11.0.9600.17105.  It's currently at 11.0.9600.17126.  The implication is that this "cleanup" activity isn't affecting current files."
the troubleshooting notes can be helpful doc
http://www.cisco.com/image/gif/paws/100597/anyconnect-vpn-troubleshooting.pdf

Note: AnyConnect must be installed on the computer before you install any third party firewall/anti−virus softwares. If AnyConnect is installed after any third−party firewall/anti−virus softwares, then the AnyConnect will fail to connect. In order to resolve this issue, disable all the features of the personal firewall/AV. Then, make a small change on the AnyConnect virtual adapter and try to re−connect the AnyConnect.
0
 

Author Closing Comment

by:normanml
ID: 40268257
Thanks btan. Your last comment led me to a different line of thinking. This was my wife's new machine. She's moved from XP to WIN7. I asked her to consult with me before she added new software to what was installed after the migration. One of the programs we installed during the migration was Citrix Receiver. We work at both the medical school and at the regular campus of our university. CR is used to gain access to internal drives at the hospital. But for admissions work at the downtown campus, which has a separate system, she was told install Cisco AnyConnect. Which she did. After your post above, I checked the event logs on the dates both VPNs were installed. No trouble after CR was installed, but after she install AnyConnect we started getting multiple error messages in the Event Log. So using Revo Uninstaller, uninstalled both VPN, the reinstalled on Citrix Receiver. No more errors in Event log. Clearly, Win 7 does not like two VPN clients on the same machine. And since they come from the same vendor, my guess is they share certain of the same resources and therefore can not run at the same time. We have Citrix Receiver running well, and we are going to ask out IT folks how we can configure it to act as the sole VPN for the two systems, one on the downtown campus, the other at the med school.
0
 
LVL 65

Expert Comment

by:btan
ID: 40269218
thanks for sharing
0
Rewarding opportunities for women in IT

Across the nation, technology jobs are vacant because there aren’t enough qualified professionals to fill them. With a degree from WGU, you can get the credentials it takes to become an in-demand IT professional. Plus, WGU’s IT programs include industry certifications.

 

Author Comment

by:normanml
ID: 40269304
Footnote: Our It people, typically, said the problem was our fault because we should have installed Anywhere Connect with toggles to prevent it from running on startup. They were very defensive, first blaming us, then blaming Cisco's "sensitive" software, then tell us that Citrix R was in fact not a VPN, but a piece of software that allowed us to log into another system. Well, by any other name, that's a VPN isn't it? So we are going to turn to Cisco itself, explain what happened and what we want to do, and see if they have a solution. I'm sure our university has a Cisco rep that handles our account with them. I wish out IT were more helpful and less paranoid, but it is what it is.
0
 
LVL 65

Expert Comment

by:btan
ID: 40269447
noted for info Citrix 's  RDP and I believe the below statement may help
 http://support.citrix.com/proddocs/topic/merchandising-22/mer-dep-other-vpn.html

Using other VPNs with Citrix Receiver
Updated: 2011-06-14

Citrix Receiver is fully integrated with Access Gateway Enterprise Edition and automatically detects when a remote user needs a secure connection to access a company's internal network. If your remote users employ another VPN product, they need to obtain a secure connection with their alternate VPN product before utilizing the full functionality of Citrix Receiver.

also other Limitations:          
 https://supportforums.cisco.com/document/118831/cisco-asa-citrix-receiver-proxy-clientless-access-mobile-devices

Citrix Receiver client accesses only one XenApp/XenDesktop Server at a time. As a result, the ASA proxies requests to one XenApp/XenDesktop per VPN session also. ASA picks the first XenApp/XenDesktop configured when a Citrix Receiver client connects.

Citrix Receiver mobile client to access web interface of Citrix servers is currently not supported.
0
 

Author Comment

by:normanml
ID: 40270446
Very helpful, Btan. Thank you.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question