Windows 10 and Cisco Anyconnect certificate listing issue

Something got updated in my Surface Pro 4 that now when Anyconnect brings up the Windows Security window to select a certificate i cant   select "More choices".

It simply does not allow me to select my PIV card authentication certificate.

Any ideas?

Thanks,

Jose
Jose OrtizIT SpecialistAsked:
Who is Participating?
 
btanExec ConsultantCommented:
Thanks for sharing. Will be good to see if the error log from the Anyconnect client shed any specific issues
Obtain Cisco AnyConnect VPN client log from the client computer using the Windows Event Viewer.
1 Choose Start > Run and type eventvwr.msc /s.
2 Locate the Cisco AnyConnect VPN Client in the Applications and Services Logs (of Windows 7)
and choose Save Log File As...
3 Assign a filename, for example, AnyConnectClientLog.evt. You must use the .evt file
format.
Just to share troubleshooting guide for the client @ http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/troubleshoot-anyconnect.pdf

Otherwise it seems the reader and driver for reading the PIV smartcard is fine. There are alternative smartcard mgr which may be handy in testing if the error will to recur in case the card is "missing" during authentication again.
http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_devices/windows-10-smart-card-reader-and-military-common/647a9950-89a6-48ab-a6c4-a3c95d37ba7e
0
 
Jose OrtizIT SpecialistAuthor Commented:
0
 
btanExec ConsultantCommented:
Have to check that the machine can read  the smartcard and its reader. I assume you can do that with your driver and Crypto suite installed. These packages are from your card provider.

Next is to check Anyconnect profile for this machine.
Now we need to go back into the connection profile and enable two-factor authentication using certificates. Go to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles. Edit the profile you just created. Under Authentication section choose "Both". This will enable a username/password check and a certificate check. Click Apply.
http://www.networkworld.com/article/2227087/cisco-subnet/how-to-guide--cisco-asa-sslvpn-using-certificates-for-2-factor-auth.html
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
Jose OrtizIT SpecialistAuthor Commented:
Hi btan,
You say "...Go to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles.."

However, I am not sure where to find that.  Are you referring to the server end of business, or my end (the PC)?

Can you clarify?

Thanks,

Jose
0
 
btanExec ConsultantCommented:
You login via ASDM to ASA for the profile editor or via a standalone editor. See this
Stand-Alone Profile Editor
In addition to the profile editors in ASDM, you can use stand-alone versions of the profile editors for Windows. When predeploying the client, you use the stand-alone profile editors to create profiles for the VPN service and other modules that you deploy to computers using your software management system.

You can modify the stand-alone Cisco AnyConnect Profile Editor installation or uninstall the VPN or other profile editors using Add or Remove Programs.
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/anyconnect-profile-editor.html
0
 
Jose OrtizIT SpecialistAuthor Commented:
Well btan, your solution seems to stem from a central deployment of Anyconnect perspective. My issue was more localized to my own PC. The behaviour of the listing of certificates to select changed,  and I was hoping for somebody to know where in the inner guts of Windows 10 something went wrong.

In the end,  back in the office today I got the installation package for Anycinnect and reinstalled it. That solved the issue. Yet, I still don't know why…

Thanks though!

Jose
0
 
btanExec ConsultantCommented:
Suggested option to isolate issue for follow up.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.