cisco anyconnect errors

On a Win7/64 machine I connect to a university system through Cisco AnyConnect Secure Mobility Client (VPN). I installed it two weeks ago and it has been working. The other day, however, I checked my Win event log for the first time since I installed the VPN and saw that every day since then I have been getting Event ID 2 and 1 errors engineering debug details. Here are some of the warnings and errors:

Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR50.737014390519\ElGreco_MR5\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.leaf

Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File: .\HostConfigMgr.cpp
Line: 1769
Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return Code: -24117215 (0xFE900021)
Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Function: CHostConfigMgr::updatePotentialPublicAddresses
File: .\HostConfigMgr.cpp
Line: 1914
Invoked Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
Return Code: -24117215 (0xFE900021)
Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR50.737014390519\ElGreco_MR5\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.service.namcntrl

Function: PluginLoader::QuickCreatePlugin
File: c:\temp\build\thehoff\ElGreco_MR50.737014390519\ElGreco_MR5\vpn\Common\Utility/PluginLoader.h
Line: 195
Invoked Function: PluginLoader::CreateInstance
Return Code: -29360116 (0xFE40000C)
Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE
com.cisco.anyconnect.service.websecurity

Function: XmlParser::invokeParser
File: .\Xml\XmlParser.cpp
Line: 182
Invoked Function: ISAXXMLReader::parse
Return Code: -2146697210 (0x800C0006)
Description: WINDOWS_ERROR_CODE

Function: CPhoneHomeAgent::LoadFileToMap
File: ..\PhoneHomeAgent.cpp
Line: 2360
Can't open file C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\CustomerExperienceFeedback\config

And there are more. The university techs have been slow in responding, and unless you are a direct customer of Cisco, you can't use their ticket service for support. Hence I turn to the experts. Some points to consider: I can successfully connect to the VPN; the errors appear on startup whether I connect to the VPN or not; for the VPN to work, I must make IE11 my default browser; finally, I know what a VPN is and does, but am untutored in its principles. So in this case, the more tutorial the advice, the better. Thank you.
normanmlAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
I suppose Event ID: 1 Source: Cisco TFTP and Event ID: 2 Source: acvpnagent

if you are using RDP to another PC and launching the AnyConnect from that desktop then it likely not possible from past understanding

nonetheless, assuming it is not, there is the MS update on IE that seems to have some implication to anyconnect, pls see
http://social.technet.microsoft.com/Forums/exchange/en-US/e3d89862-6613-4515-b504-5b111978308f/tcpip-has-chosen-to-restrict-the-congestion-window-for-several-connections-due-to-a-network?forum=w8itpronetworking

So far, I dont belive it is driver, or netcard related, so I totaly agree with your findings that this has to be a MS problem, maybe a "spam" protection setting implemented the wrong way...
"A bit more investigative info...
 The last update "remove" above (KB2964358) describes a security fix to Internet Explorer.  I looked at one of the files (mshtml.dll) which that fix was supposed to bring up to version 11.0.9600.17105.  It's currently at 11.0.9600.17126.  The implication is that this "cleanup" activity isn't affecting current files."
the troubleshooting notes can be helpful doc
http://www.cisco.com/image/gif/paws/100597/anyconnect-vpn-troubleshooting.pdf

Note: AnyConnect must be installed on the computer before you install any third party firewall/anti−virus softwares. If AnyConnect is installed after any third−party firewall/anti−virus softwares, then the AnyConnect will fail to connect. In order to resolve this issue, disable all the features of the personal firewall/AV. Then, make a small change on the AnyConnect virtual adapter and try to re−connect the AnyConnect.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
normanmlAuthor Commented:
Thanks btan. Your last comment led me to a different line of thinking. This was my wife's new machine. She's moved from XP to WIN7. I asked her to consult with me before she added new software to what was installed after the migration. One of the programs we installed during the migration was Citrix Receiver. We work at both the medical school and at the regular campus of our university. CR is used to gain access to internal drives at the hospital. But for admissions work at the downtown campus, which has a separate system, she was told install Cisco AnyConnect. Which she did. After your post above, I checked the event logs on the dates both VPNs were installed. No trouble after CR was installed, but after she install AnyConnect we started getting multiple error messages in the Event Log. So using Revo Uninstaller, uninstalled both VPN, the reinstalled on Citrix Receiver. No more errors in Event log. Clearly, Win 7 does not like two VPN clients on the same machine. And since they come from the same vendor, my guess is they share certain of the same resources and therefore can not run at the same time. We have Citrix Receiver running well, and we are going to ask out IT folks how we can configure it to act as the sole VPN for the two systems, one on the downtown campus, the other at the med school.
0
btanExec ConsultantCommented:
thanks for sharing
0
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

normanmlAuthor Commented:
Footnote: Our It people, typically, said the problem was our fault because we should have installed Anywhere Connect with toggles to prevent it from running on startup. They were very defensive, first blaming us, then blaming Cisco's "sensitive" software, then tell us that Citrix R was in fact not a VPN, but a piece of software that allowed us to log into another system. Well, by any other name, that's a VPN isn't it? So we are going to turn to Cisco itself, explain what happened and what we want to do, and see if they have a solution. I'm sure our university has a Cisco rep that handles our account with them. I wish out IT were more helpful and less paranoid, but it is what it is.
0
btanExec ConsultantCommented:
noted for info Citrix 's  RDP and I believe the below statement may help
 http://support.citrix.com/proddocs/topic/merchandising-22/mer-dep-other-vpn.html

Using other VPNs with Citrix Receiver
Updated: 2011-06-14

Citrix Receiver is fully integrated with Access Gateway Enterprise Edition and automatically detects when a remote user needs a secure connection to access a company's internal network. If your remote users employ another VPN product, they need to obtain a secure connection with their alternate VPN product before utilizing the full functionality of Citrix Receiver.

also other Limitations:          
 https://supportforums.cisco.com/document/118831/cisco-asa-citrix-receiver-proxy-clientless-access-mobile-devices

Citrix Receiver client accesses only one XenApp/XenDesktop Server at a time. As a result, the ASA proxies requests to one XenApp/XenDesktop per VPN session also. ASA picks the first XenApp/XenDesktop configured when a Citrix Receiver client connects.

Citrix Receiver mobile client to access web interface of Citrix servers is currently not supported.
0
normanmlAuthor Commented:
Very helpful, Btan. Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.