Cisco AnyConnect Client Error
The VPN client driver encountered an error. Please restart your computer or device, then try again
Let me save you sometimes off the bat. Ignore Cisco's advice in this error message. Don't bother restarting your device. It is unlikely to fix your issue, unless you are running XP.
Also, you can most probably safely ignore the fix that Cisco offers for the recorded bug CSCsm54689. Why? Simply because their solution is to disable the RRAS (Routing and Remote Access Service). On my Windows 7 box, this service was disabled already. For the fun of it (!!??), I actually enabled it, restarted the box, then disabled it and retested. No change, the same old frustrating error pops up (the VPN client driver encountered blah blah).
I even checked the "Cisco AnyConnect Secure Mobility Client Administrator Guide" Release 3.0, with the last update date of April 7th, 2014. This issue has been blamed on Microsoft updates on page 12-18 of the Guide. That's really an unfair sending the guys "chasing the wild goose" kind of action. So much so that at the end of their solution, they are embarrassingly admitting that this solution won't work and connection attempt will still fail, so just go ahead and open a case with Microsoft!!! I was so disparate that I went ahead and did the steps to no avail. I didn't bother opening a case with MS though. Read for yourselves: "Even though the steps taken above may indicate that the catalog is not corrupt, the key file(s) may still have been overwritten with an unsigned one. If the failure still occurs, open a case with Microsoft to determine why the driver signing database is being corrupted."
I also went through PeteNetLive solution. The first part of it is taken from the the Admin Guide mentioned above. Based on the notes in this site I ended up removing the client and reinstalling the AnyConnect latest version with a brand new version of Java VM. This cost me an hour or two and guess what? It didn't help either!!
But there is still hope. So, don't despair!
The Solution
Enventually I threw every thing at our great network engineer Ken. Including the message log shown below:
[7/25/2014 9:08:07 AM] Ready to
connect.
[7/25/2014 9:08:14 AM]
Contacting vpn.domain.blah.blah
[7/25/2014 9:08:27 AM] User
credentials entered.
[7/25/2014 9:08:29 AM] Please
respond to banner.
[7/25/2014 9:08:31 AM] User
accepted banner.
[7/25/2014 9:08:31 AM]
Establishing VPN session...
[7/25/2014 9:08:31 AM] Checking
for profile updates...
[7/25/2014 9:08:31 AM] Checking
for product updates...
[7/25/2014 9:08:31 AM] Checking
for customization updates...
[7/25/2014 9:08:31 AM]
Performing any required updates...
[7/25/2014 9:08:36 AM]
Establishing VPN session...
[7/25/2014 9:08:36 AM]
Establishing VPN - Initiating connection...
[7/25/2014 9:08:37 AM]
Establishing VPN - Examining system...
[7/25/2014 9:08:37 AM]
Establishing VPN - Activating VPN adapter...
[7/25/2014 9:08:37 AM]
Disconnect in progress, please wait...
[7/25/2014 9:08:43 AM]
Connection attempt has failed.
[7/25/2014 9:08:43 AM] Ready to
connect.
Ken looked at this log for sometime. Then he checked the UAC settings. The slider was set at "Always Notify". He moved it to "Never Notify" and that fixed everything.
What? Hold on! But Why?
So why did this fix it? Ken believed the failing occurred on "Performing any required updates.." stage. You can see that in the log messages. Right? (well, I don't! But I took his words for it!).
Just to dig deeper, I set the slider on the UAC settings dialogbox back to "Always Notify", rebooted the laptop and retried the connection via AnyConnect. What would you expect? Should it connect or should it fail again? I expected it to fail. But... To my surprise, it didn't fail! It connected happily!
My Theory
According to Ken, "the client was failing on Performing any required updates...". If that's the case, then it shouldn't fail if there is no updates to perform. As the slider was moved to "Never Notify" a few minutes prior to my test, all "the required updates" must have been applied and there was no new updates to perform. Hence, no failure occurred. Bingo!
I will leave the slider on the Always Notify for now. This hopefully (!!) will cause the client to fail next time if and when there are some updates from Cisco. I will let you know, when I get this error again. However, next time I will just run the client As Administrator. I think that's a better, safer and less impactful (is there such a word?) approach than setting the slider to "Never Notify" for good.
One more point: This is certainly a bug, even Cisco admits to it. I think the software doesn't know how to work with UAC. Maybe that's due to a mix-up between the x86 and x64 libraries. This is probably why Cisco's solution to CSCsm54689 works for some system (like XP for instance) and doesn't work for others (Windows 7). Whether that is (or is not) the cause, Cisco owes it their user base to fix this annoying bug and keep their documentation up to date.
5 comments:
I have a similar issue with ANyconnect not working with UAC set to "Always Notify"
Found an easy workaround.
1- Completely close Anyconnect (make sure the icon is gone from the tray notification area icons)
2- right click the any connect VPN icon and select "Run as Administrator"
Am using version 3.1.04...
THANK YOU Anonymous. I had a big problem with this for a long time. I just needed to run vpnui.exe as an Administrator. The error messages were TOTALLY misleading and incorrect. That's why it was difficult to pinpoint.
THANKS a lot, Anonymous! I lost the hours, but after your advice it started to work, after "Run as administrator"
For me the error was an extra network adapter for cisco anyconnect in the device manager. I deleted it and now it works.
I still got the same challenge. Please assist
Post a Comment