Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Windows 10 and Cisco Anyconnect certificate listing issue

Posted on 2016-10-29
7
42 Views
Last Modified: 2016-11-19
Something got updated in my Surface Pro 4 that now when Anyconnect brings up the Windows Security window to select a certificate i cant   select "More choices".

It simply does not allow me to select my PIV card authentication certificate.

Any ideas?

Thanks,

Jose
0
Comment
Question by:Jose Ortiz
  • 4
  • 3
7 Comments
 

Author Comment

by:Jose Ortiz
ID: 41865369
0
 
LVL 63

Expert Comment

by:btan
ID: 41865633
Have to check that the machine can read  the smartcard and its reader. I assume you can do that with your driver and Crypto suite installed. These packages are from your card provider.

Next is to check Anyconnect profile for this machine.
Now we need to go back into the connection profile and enable two-factor authentication using certificates. Go to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles. Edit the profile you just created. Under Authentication section choose "Both". This will enable a username/password check and a certificate check. Click Apply.
http://www.networkworld.com/article/2227087/cisco-subnet/how-to-guide--cisco-asa-sslvpn-using-certificates-for-2-factor-auth.html
0
 

Author Comment

by:Jose Ortiz
ID: 41866069
Hi btan,
You say "...Go to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles.."

However, I am not sure where to find that.  Are you referring to the server end of business, or my end (the PC)?

Can you clarify?

Thanks,

Jose
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 63

Expert Comment

by:btan
ID: 41866294
You login via ASDM to ASA for the profile editor or via a standalone editor. See this
Stand-Alone Profile Editor
In addition to the profile editors in ASDM, you can use stand-alone versions of the profile editors for Windows. When predeploying the client, you use the stand-alone profile editors to create profiles for the VPN service and other modules that you deploy to computers using your software management system.

You can modify the stand-alone Cisco AnyConnect Profile Editor installation or uninstall the VPN or other profile editors using Add or Remove Programs.
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/anyconnect-profile-editor.html
0
 

Author Comment

by:Jose Ortiz
ID: 41867807
Well btan, your solution seems to stem from a central deployment of Anyconnect perspective. My issue was more localized to my own PC. The behaviour of the listing of certificates to select changed,  and I was hoping for somebody to know where in the inner guts of Windows 10 something went wrong.

In the end,  back in the office today I got the installation package for Anycinnect and reinstalled it. That solved the issue. Yet, I still don't know why…

Thanks though!

Jose
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
ID: 41867882
Thanks for sharing. Will be good to see if the error log from the Anyconnect client shed any specific issues
Obtain Cisco AnyConnect VPN client log from the client computer using the Windows Event Viewer.
1 Choose Start > Run and type eventvwr.msc /s.
2 Locate the Cisco AnyConnect VPN Client in the Applications and Services Logs (of Windows 7)
and choose Save Log File As...
3 Assign a filename, for example, AnyConnectClientLog.evt. You must use the .evt file
format.
Just to share troubleshooting guide for the client @ http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/troubleshoot-anyconnect.pdf

Otherwise it seems the reader and driver for reading the PIV smartcard is fine. There are alternative smartcard mgr which may be handy in testing if the error will to recur in case the card is "missing" during authentication again.
http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_devices/windows-10-smart-card-reader-and-military-common/647a9950-89a6-48ab-a6c4-a3c95d37ba7e
0
 
LVL 63

Expert Comment

by:btan
ID: 41894063
Suggested option to isolate issue for follow up.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question