[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Windows 10 and Cisco Anyconnect certificate listing issue

Posted on 2016-10-29
7
Medium Priority
?
476 Views
Last Modified: 2016-11-19
Something got updated in my Surface Pro 4 that now when Anyconnect brings up the Windows Security window to select a certificate i cant   select "More choices".

It simply does not allow me to select my PIV card authentication certificate.

Any ideas?

Thanks,

Jose
0
Comment
Question by:Jose Ortiz
  • 4
  • 3
7 Comments
 

Author Comment

by:Jose Ortiz
ID: 41865369
0
 
LVL 66

Expert Comment

by:btan
ID: 41865633
Have to check that the machine can read  the smartcard and its reader. I assume you can do that with your driver and Crypto suite installed. These packages are from your card provider.

Next is to check Anyconnect profile for this machine.
Now we need to go back into the connection profile and enable two-factor authentication using certificates. Go to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles. Edit the profile you just created. Under Authentication section choose "Both". This will enable a username/password check and a certificate check. Click Apply.
http://www.networkworld.com/article/2227087/cisco-subnet/how-to-guide--cisco-asa-sslvpn-using-certificates-for-2-factor-auth.html
0
 

Author Comment

by:Jose Ortiz
ID: 41866069
Hi btan,
You say "...Go to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles.."

However, I am not sure where to find that.  Are you referring to the server end of business, or my end (the PC)?

Can you clarify?

Thanks,

Jose
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
LVL 66

Expert Comment

by:btan
ID: 41866294
You login via ASDM to ASA for the profile editor or via a standalone editor. See this
Stand-Alone Profile Editor
In addition to the profile editors in ASDM, you can use stand-alone versions of the profile editors for Windows. When predeploying the client, you use the stand-alone profile editors to create profiles for the VPN service and other modules that you deploy to computers using your software management system.

You can modify the stand-alone Cisco AnyConnect Profile Editor installation or uninstall the VPN or other profile editors using Add or Remove Programs.
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/anyconnect-profile-editor.html
0
 

Author Comment

by:Jose Ortiz
ID: 41867807
Well btan, your solution seems to stem from a central deployment of Anyconnect perspective. My issue was more localized to my own PC. The behaviour of the listing of certificates to select changed,  and I was hoping for somebody to know where in the inner guts of Windows 10 something went wrong.

In the end,  back in the office today I got the installation package for Anycinnect and reinstalled it. That solved the issue. Yet, I still don't know why…

Thanks though!

Jose
0
 
LVL 66

Accepted Solution

by:
btan earned 2000 total points (awarded by participants)
ID: 41867882
Thanks for sharing. Will be good to see if the error log from the Anyconnect client shed any specific issues
Obtain Cisco AnyConnect VPN client log from the client computer using the Windows Event Viewer.
1 Choose Start > Run and type eventvwr.msc /s.
2 Locate the Cisco AnyConnect VPN Client in the Applications and Services Logs (of Windows 7)
and choose Save Log File As...
3 Assign a filename, for example, AnyConnectClientLog.evt. You must use the .evt file
format.
Just to share troubleshooting guide for the client @ http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/troubleshoot-anyconnect.pdf

Otherwise it seems the reader and driver for reading the PIV smartcard is fine. There are alternative smartcard mgr which may be handy in testing if the error will to recur in case the card is "missing" during authentication again.
http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_devices/windows-10-smart-card-reader-and-military-common/647a9950-89a6-48ab-a6c4-a3c95d37ba7e
0
 
LVL 66

Expert Comment

by:btan
ID: 41894063
Suggested option to isolate issue for follow up.
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There's never been a better time to become a computer scientist. Employment growth in the field is expected to reach 22% overall by 2020, and if you want to get in on the action, it’s a good idea to think about at least minoring in computer science …
Take advantage of one of the most useful technologies available - virtualization!
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question