Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 10 and Cisco Anyconnect certificate listing issue

Posted on 2016-10-29
7
Medium Priority
?
229 Views
Last Modified: 2016-11-19
Something got updated in my Surface Pro 4 that now when Anyconnect brings up the Windows Security window to select a certificate i cant   select "More choices".

It simply does not allow me to select my PIV card authentication certificate.

Any ideas?

Thanks,

Jose
0
Comment
Question by:Jose Ortiz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 

Author Comment

by:Jose Ortiz
ID: 41865369
0
 
LVL 65

Expert Comment

by:btan
ID: 41865633
Have to check that the machine can read  the smartcard and its reader. I assume you can do that with your driver and Crypto suite installed. These packages are from your card provider.

Next is to check Anyconnect profile for this machine.
Now we need to go back into the connection profile and enable two-factor authentication using certificates. Go to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles. Edit the profile you just created. Under Authentication section choose "Both". This will enable a username/password check and a certificate check. Click Apply.
http://www.networkworld.com/article/2227087/cisco-subnet/how-to-guide--cisco-asa-sslvpn-using-certificates-for-2-factor-auth.html
0
 

Author Comment

by:Jose Ortiz
ID: 41866069
Hi btan,
You say "...Go to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles.."

However, I am not sure where to find that.  Are you referring to the server end of business, or my end (the PC)?

Can you clarify?

Thanks,

Jose
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 65

Expert Comment

by:btan
ID: 41866294
You login via ASDM to ASA for the profile editor or via a standalone editor. See this
Stand-Alone Profile Editor
In addition to the profile editors in ASDM, you can use stand-alone versions of the profile editors for Windows. When predeploying the client, you use the stand-alone profile editors to create profiles for the VPN service and other modules that you deploy to computers using your software management system.

You can modify the stand-alone Cisco AnyConnect Profile Editor installation or uninstall the VPN or other profile editors using Add or Remove Programs.
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/anyconnect-profile-editor.html
0
 

Author Comment

by:Jose Ortiz
ID: 41867807
Well btan, your solution seems to stem from a central deployment of Anyconnect perspective. My issue was more localized to my own PC. The behaviour of the listing of certificates to select changed,  and I was hoping for somebody to know where in the inner guts of Windows 10 something went wrong.

In the end,  back in the office today I got the installation package for Anycinnect and reinstalled it. That solved the issue. Yet, I still don't know why…

Thanks though!

Jose
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points (awarded by participants)
ID: 41867882
Thanks for sharing. Will be good to see if the error log from the Anyconnect client shed any specific issues
Obtain Cisco AnyConnect VPN client log from the client computer using the Windows Event Viewer.
1 Choose Start > Run and type eventvwr.msc /s.
2 Locate the Cisco AnyConnect VPN Client in the Applications and Services Logs (of Windows 7)
and choose Save Log File As...
3 Assign a filename, for example, AnyConnectClientLog.evt. You must use the .evt file
format.
Just to share troubleshooting guide for the client @ http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/troubleshoot-anyconnect.pdf

Otherwise it seems the reader and driver for reading the PIV smartcard is fine. There are alternative smartcard mgr which may be handy in testing if the error will to recur in case the card is "missing" during authentication again.
http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_devices/windows-10-smart-card-reader-and-military-common/647a9950-89a6-48ab-a6c4-a3c95d37ba7e
0
 
LVL 65

Expert Comment

by:btan
ID: 41894063
Suggested option to isolate issue for follow up.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question