Windows 10 and Cisco Anyconnect certificate listing issue

Posted on 2016-10-29
Last Modified: 2016-11-19
Something got updated in my Surface Pro 4 that now when Anyconnect brings up the Windows Security window to select a certificate i cant   select "More choices".

It simply does not allow me to select my PIV card authentication certificate.

Any ideas?


Question by:Jose Ortiz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3

Author Comment

by:Jose Ortiz
ID: 41865369
LVL 64

Expert Comment

ID: 41865633
Have to check that the machine can read  the smartcard and its reader. I assume you can do that with your driver and Crypto suite installed. These packages are from your card provider.

Next is to check Anyconnect profile for this machine.
Now we need to go back into the connection profile and enable two-factor authentication using certificates. Go to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles. Edit the profile you just created. Under Authentication section choose "Both". This will enable a username/password check and a certificate check. Click Apply.

Author Comment

by:Jose Ortiz
ID: 41866069
Hi btan,
You say "...Go to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles.."

However, I am not sure where to find that.  Are you referring to the server end of business, or my end (the PC)?

Can you clarify?


10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

LVL 64

Expert Comment

ID: 41866294
You login via ASDM to ASA for the profile editor or via a standalone editor. See this
Stand-Alone Profile Editor
In addition to the profile editors in ASDM, you can use stand-alone versions of the profile editors for Windows. When predeploying the client, you use the stand-alone profile editors to create profiles for the VPN service and other modules that you deploy to computers using your software management system.

You can modify the stand-alone Cisco AnyConnect Profile Editor installation or uninstall the VPN or other profile editors using Add or Remove Programs.

Author Comment

by:Jose Ortiz
ID: 41867807
Well btan, your solution seems to stem from a central deployment of Anyconnect perspective. My issue was more localized to my own PC. The behaviour of the listing of certificates to select changed,  and I was hoping for somebody to know where in the inner guts of Windows 10 something went wrong.

In the end,  back in the office today I got the installation package for Anycinnect and reinstalled it. That solved the issue. Yet, I still don't know why…

Thanks though!

LVL 64

Accepted Solution

btan earned 500 total points (awarded by participants)
ID: 41867882
Thanks for sharing. Will be good to see if the error log from the Anyconnect client shed any specific issues
Obtain Cisco AnyConnect VPN client log from the client computer using the Windows Event Viewer.
1 Choose Start > Run and type eventvwr.msc /s.
2 Locate the Cisco AnyConnect VPN Client in the Applications and Services Logs (of Windows 7)
and choose Save Log File As...
3 Assign a filename, for example, AnyConnectClientLog.evt. You must use the .evt file
Just to share troubleshooting guide for the client @

Otherwise it seems the reader and driver for reading the PIV smartcard is fine. There are alternative smartcard mgr which may be handy in testing if the error will to recur in case the card is "missing" during authentication again.
LVL 64

Expert Comment

ID: 41894063
Suggested option to isolate issue for follow up.

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month10 days, 14 hours left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question