AnyConnect client reconnects after 1 minute

Similar Messages

• Client reconnect after SUN App server 8.0 shutdown.

  Hi,
  I have a client which connects to app.server. When app.server is shutdown , client waits for appl. server to come up. Once app.server comes up i again need to reconnect.
  When i do this i am getting following error. Aby inputs on this.
  javax.naming.CommunicationException: serial context communication ex [Root exception is java.rmi.NoSuchObjectException: CORBA OBJECT_NOT_EXIST 1398079690 No; nested exception is:
       org.omg.CORBA.OBJECT_NOT_EXIST: ----------BEGIN server-side stack trace----------
  org.omg.CORBA.OBJECT_NOT_EXIST:   vmcid: SUN  minor code: 202  completed: No
       at com.sun.corba.ee.impl.logging.ORBUtilSystemException.badServerId(ORBUtilSystemException.java:7317)
       at com.sun.corba.ee.impl.logging.ORBUtilSystemException.badServerId(ORBUtilSystemException.java:7339)
       at com.sun.corba.ee.impl.orb.ORBImpl.handleBadServerId(ORBImpl.java:1396)
       at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.checkServerId(CorbaServerRequestDispatcherImpl.java:399)
       at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:167)
       at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1653)
       at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1513)
       at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:895)
       at com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:172)
       at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:668)
       at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.dispatch(SocketOrChannelConnectionImpl.java:375)
       at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.read(SocketOrChannelConnectionImpl.java:284)
       at com.sun.corba.ee.impl.transport.ReaderThreadImpl.doWork(ReaderThreadImpl.java:73)
       at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:382)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  You might want to know that NetBeans 3.6 works with 1.5 (with a few tweaks -- see http://www.netbeans.org/community/articles/tiger/36Tiger.html)
  As Sun Java Studio is built on top of NetBeans, and as NetBeans 3.6 works with 1.5, you might expect a Studio version that supports 1.5.
  Also, NetBeans 3.6 supports JSP 2.0 and Servlet 2.4, meaning that it should be compatible with App Server 8.
  In other words, one way to get a roadmap for Sun Java Studio is to look at what NetBeans is doing.

• Client reconnection after Server shutdown

  Hi. Can I reconnect a client whose connection has been reset because of a server shutdown to the "new" server (which meanwhile has been started) without restarting the client itself?
  Thanks, any help is appreciated.

  not sure what you mean by 'client' but if you have a Socket that has had any kind of IOException or SocketException you need to close it and create a new one.

• Anyconnect Client profile files deleted after client upgrade

  L.S.
  I am running anyconnect version 3.1.02040 on a Windows 7 64-bit machine with UAC turned on.
  The ASA I am connecting to is a 5510 running ASA OS 8.4.5
  The problem I have is the following:
  We are using machine certificate authentication combined with RADIUS user authentication.
  The machine certificates are stored in the Machine/Personal container in the local machine.
  By default, the anyconnect client does not have the rights to access this certificate store when run by the user in non-elevated mode.
  We do not want to have the user run the client as administrator (in elevated mode) all the time.
  Therefor we have made an Anyconnect Client profile that sets the Certificate Store Override parameter to true and attached it to the group policy.
  With this XML in place (in the C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile folder)
  the users can connect to the ASA and authenticate using the certificate without the need for elevated rights. This is all working perfectly.
  The anyconnect client and XML file are distributed to the clients using a software distribution system (Microsoft SCCM).
  The problem happens when I update the Anyconnect package on the ASA. I recently updated the package to release 3.1.03103. This is what happens:
  The user can connect using the 3.1.02040 client (certicate authentication works without elevation, since the XML Anyconnect Client Profile is present)
  The Anyconnect software updates itself to the new version during the connection, pushed from the ASA.
  The VPN is established.
  However, the XML file that is associated with the group policy is deleted during the upgrade process and not placed back in the Profile folder on the client after the upgrade.
  This means the user cannot connect without using elevated rights the next time he wants to connect.
  If he uses elevated rights after the upgrade, the XML is pushed back from the ASA normally, allowing the user to connect without elevation again any subsequent times.
  Is there any way to push the XML profile to the client from the ASA after the upgrade of the Anyconnect software?

  Hi poiu720408 ,
  1.  You need to set up a web-url or group-alias under the group policy as web have enable the "tunnel-group-list enable" under the webvpn configuration.  So once the user connect to the proper URL/alias the profile will be applied. 
  http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html
  2. Yes the Anycopnnect store a "Cache " information on the PC , if you want to clan up you have to go to the anyconnect folder on C: on the PC and delete the global_preferences.xml profile.
  3. This behavior is totally expected and they should disappear  after a some minutes , however if you wan to force this , you can use the command "vpn-sessionsdb logoff webvpn noconfirm"
  Please rate helpful post !
  Hope this helps
  - Randy -

• Client reconnection to conventional cluster taking about 9 minutes

  Hi,
  I've set up a 3 node OpenMq (4.4) conventional cluster and am having trouble with client reconnections when I simulate a halt on a node.
  I have two threads within the same process, sending to a pre-configured destination and replying using a temporary queue. Each have a JMS connection to the same home broker. If I bring the home broker down with either the imqcmd command or with a ctrl+c, the goodbye messages are sent and the client connections are immediately reestablished by the connection factory with the next broker. But... if I remove the broker from the cluster by simulating a BSOD, power failure, etc, no goodbye messages are sent (obviously) and the connected clients are left 'connected' to the dead broker and only reconnect to another broker after about 9 minutes.
  I read in the docs that the 'imqPingInterval' property can be used to test the client connections but it doesn't seem to be doing the trick. After I've cut the power to the broker's virtual machine, I'm seeing the ping messages in the logs, e.g.:
  FINEST: Outbound Packet:PING(54):296-127.0.1.1(bd:ea:13:9b:ae:a)-51155-1267024410861;BrokerAddress=10.59.148.9:7676(1082), ConnectionID=4090718717872600064, ReconnectEnabled: true, IsConnectedToHABroker: falseAt this point, telnet cannot connect to 10.59.148.9:7676 so it's definitely gone.
  Finally after about 9 minutes, the following shows up in the logs:
  24-Feb-2010 15:26:26 com.sun.messaging.jmq.jmsclient.ExceptionHandler throwJMSException
  FINER: I501
  com.sun.messaging.jms.JMSException: [C4002]: Read packet failed. - cause: java.net.SocketException: No route to host
          at com.sun.messaging.jmq.jmsclient.ExceptionHandler.getJMSException(ExceptionHandler.java:380)
          at com.sun.messaging.jmq.jmsclient.ExceptionHandler.handleException(ExceptionHandler.java:331)
          at com.sun.messaging.jmq.jmsclient.ProtocolHandler.readPacket(ProtocolHandler.java:1796)
          at com.sun.messaging.jmq.jmsclient.ReadChannel.run(ReadChannel.java:1197)
          at java.lang.Thread.run(Thread.java:619)
  Caused by: java.net.SocketException: No route to host
          at java.net.SocketInputStream.socketRead0(Native Method)
          at java.net.SocketInputStream.read(SocketInputStream.java:129)
          at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
          at java.io.BufferedInputStream.read1(BufferedInputStream.java:258)
          at java.io.BufferedInputStream.read(BufferedInputStream.java:317)
          at com.sun.messaging.jmq.io.ReadOnlyPacket.readFully(ReadOnlyPacket.java:271)
          at com.sun.messaging.jmq.io.ReadOnlyPacket.readFixedHeader(ReadOnlyPacket.java:191)
          at com.sun.messaging.jmq.io.ReadOnlyPacket.readPacket(ReadOnlyPacket.java:151)
          at com.sun.messaging.jmq.io.ReadWritePacket.readPacket(ReadWritePacket.java:82)
          at com.sun.messaging.jmq.jmsclient.ProtocolHandler.readPacket(ProtocolHandler.java:1758)
          ... 2 more
  24-Feb-2010 15:26:26 com.sun.messaging.jmq.jmsclient.ConnectionImpl logLifeCycle
  FINE: Connection closed.  The connection is closed due to a network problem, broker crashed, or internal error: BrokerAddress=10.59.148.9:7676(1082), ConnectionID=4090718717872604160, ReconnectEnabled: true, IsConnectedToHABroker: falseAnd we can then send/receive again.
  The connection factory details are as follows:
  Class:                  com.sun.messaging.ConnectionFactory
  getVERSION():           3.0
  isReadonly():           false
  getProperties():        {imqOverrideJMSPriority=false, imqConsumerFlowLimit=1000, imqOverrideJMSExpiration=false, imqAddressListIterations=1, imqLoadMaxToServerSession=true, imqConnectionType=TCP, imqPingInterval=30, imqSetJMSXUserID=false, imqConfiguredClientID=, imqSSLProviderClassname=com.sun.net.ssl.internal.ssl.Provider, imqJMSDeliveryMode=PERSISTENT, imqConnectionFlowLimit=1000, imqConnectionURL=http://localhost/imq/tunnel, imqBrokerServiceName=, imqJMSPriority=4, imqBrokerHostName=localhost, imqJMSExpiration=0, imqAckOnProduce=, imqEnableSharedClientID=false, imqAckTimeout=10000, imqAckOnAcknowledge=, imqConsumerFlowThreshold=50, imqDefaultPassword=guest, imqQueueBrowserMaxMessagesPerRetrieve=1000, imqDefaultUsername=guest, imqReconnectEnabled=true, imqConnectionFlowCount=100, imqAddressListBehavior=PRIORITY, imqReconnectAttempts=1, imqSetJMSXAppID=false, imqConnectionHandler=com.sun.messaging.jmq.jmsclient.protocol.tcp.TCPStreamHandler, imqSetJMSXRcvTimestamp=false, imqBrokerServicePort=0, imqDisableSetClientID=false, imqSetJMSXConsumerTXID=false, imqOverrideJMSDeliveryMode=false, imqBrokerHostPort=7676, imqQueueBrowserRetrieveTimeout=60000, imqSetJMSXProducerTXID=false, imqSSLIsHostTrusted=false, imqConnectionFlowLimitEnabled=false, imqReconnectInterval=3000, imqAddressList=mq://10.59.148.9,mq://10.59.148.17,mq://10.59.148.11, imqOverrideJMSHeadersToTemporaryDestinations=false}The brokers are virtualbox guests running 'WinXP 64' and the producer and consumer are both running on Ubuntu 9.10.
  Handling a machine failure seems like a pretty standard scenario for a cluster so I'm sure there's something I've mis-configured.
  Is there something I can do to fix this?
  If not, the only other alternatives I see are to either:
  1) Try the HA custer. But I'm not sure this will fix the problem if the client is waiting on a dead socket.
  2) Lower the message ack to something like 10 seconds and reconnect to the cluster for a retry every time we get a JMSException. But this is obviously not ideal either.
  Any suggestions would be great.
  Thanks,
  Nick

  Hi Nigel,
  The producer is configured to send messages every 5 seconds and the consumer is sitting with a message listener on the queue.
  The producer send is failing each time with the following trace...
  5-Feb-2010 12:13:19 com.sun.messaging.jmq.jmsclient.ProtocolHandler writePacketNoAck
  FINEST: Outbound Packet:OBJECT_MESSAGE(5):30-127.0.1.1(a2:3f:b1:e2:fd:33)-45573-1267099999075;BrokerAddress=10.59.148.9:7676(1184), ConnectionID=882185479630361088, ReconnectEnabled: true, IsConnectedToHABroker: false
  25-Feb-2010 12:13:19 com.sun.messaging.jmq.jmsclient.ProtocolHandler writePacketNoAck
  FINEST: sent packet ... OBJECT_MESSAGE(5):30-127.0.1.1(a2:3f:b1:e2:fd:33)-45573-1267099999075
  25-Feb-2010 12:13:19 com.sun.messaging.jmq.jmsclient.ProtocolHandler writePacketNoAck
  FINEST: Outbound Packet:PING(54):31-127.0.1.1(eb:66:36:db:8:79)-45574-1267099999156;BrokerAddress=10.59.148.9:7676(1184), ConnectionID=882185479630365184, ReconnectEnabled: true, IsConnectedToHABroker: false
  25-Feb-2010 12:13:19 com.sun.messaging.jmq.jmsclient.ProtocolHandler writePacketNoAck
  FINEST: sent packet ... PING(54):31-127.0.1.1(eb:66:36:db:8:79)-45574-1267099999156
  25-Feb-2010 12:13:24 com.sun.messaging.jmq.jmsclient.ProtocolHandler writePacketNoAck
  FINEST: Outbound Packet:PING(54):32-127.0.1.1(a2:3f:b1:e2:fd:33)-45573-1267100004156;BrokerAddress=10.59.148.9:7676(1184), ConnectionID=882185479630361088, ReconnectEnabled: true, IsConnectedToHABroker: false
  25-Feb-2010 12:13:24 com.sun.messaging.jmq.jmsclient.ProtocolHandler writePacketNoAck
  FINEST: sent packet ... PING(54):32-127.0.1.1(a2:3f:b1:e2:fd:33)-45573-1267100004156
  25-Feb-2010 12:13:24 com.sun.messaging.jmq.jmsclient.ProtocolHandler writePacketNoAck
  FINEST: Outbound Packet:PING(54):33-127.0.1.1(eb:66:36:db:8:79)-45574-1267100004156;BrokerAddress=10.59.148.9:7676(1184), ConnectionID=882185479630365184, ReconnectEnabled: true, IsConnectedToHABroker: false
  25-Feb-2010 12:13:24 com.sun.messaging.jmq.jmsclient.ProtocolHandler writePacketNoAck
  FINEST: sent packet ... PING(54):33-127.0.1.1(eb:66:36:db:8:79)-45574-1267100004156
  25-Feb-2010 12:13:29 com.sun.messaging.jmq.jmsclient.AckQueue printInfo
  WARNING: [W2003]: Broker not responding [OBJECT_MESSAGE(5)] for 10 seconds. Still trying..., broker addr=10.59.148.9:7676(1184), connectionID=882185479630361088, clientID=null, consumerID=14
  25-Feb-2010 12:13:29 com.sun.messaging.jmq.jmsclient.ExceptionHandler throwJMSException
  FINER: I501
  com.sun.messaging.jms.JMSException: [C4000]: Packet acknowledge failed. user=guest, broker=10.59.148.9:7676(1184)
       at com.sun.messaging.jmq.jmsclient.ProtocolHandler.writePacketWithAck(ProtocolHandler.java:712)
       at com.sun.messaging.jmq.jmsclient.ProtocolHandler.writePacketWithAck(ProtocolHandler.java:575)
       at com.sun.messaging.jmq.jmsclient.ProtocolHandler.writePacketWithReply(ProtocolHandler.java:430)
       at com.sun.messaging.jmq.jmsclient.ProtocolHandler.writeJMSMessage(ProtocolHandler.java:1919)
       at com.sun.messaging.jmq.jmsclient.WriteChannel.sendWithFlowControl(WriteChannel.java:154)
       at com.sun.messaging.jmq.jmsclient.WriteChannel.writeJMSMessage(WriteChannel.java:107)
       at com.sun.messaging.jmq.jmsclient.SessionImpl.writeJMSMessage(SessionImpl.java:770)
       at com.sun.messaging.jmq.jmsclient.MessageProducerImpl.writeJMSMessage(MessageProducerImpl.java:203)
       at com.sun.messaging.jmq.jmsclient.MessageProducerImpl.writeJMSMessage(MessageProducerImpl.java:192)
       at com.sun.messaging.jmq.jmsclient.MessageProducerImpl.send(MessageProducerImpl.java:624)
       at com.sun.messaging.jmq.jmsclient.QueueSenderImpl.send(QueueSenderImpl.java:97)
       at uk.co.mydomain.jms.ClientJmsConnection.sendMessage(ClientJmsConnection.java:278)
       at uk.co.mydomain.jms.JmsClientMessageBroker.sendMessage(JmsClientMessageBroker.java:147)
       at test.uk.co.mydomain.messaging.quicktest.QuickTest$2.run(QuickTest.java:67)Is there any trace I could get that may be useful?
  Thanks,
  Nick

• AnyConnect clients randomly disconnect, reconnect

  Hello,
  We have been using our current configuration for some time, but recently most of the AnyConnect clients randomly loose connection, then reconnect. I have had the ISP and SonicWall look to see if they find any issue, but they do not. I have checked the event viewer on one XP machine and find numerous log entries regarding connection timeouts, etc. I have listed some below. A search of this comunity resulted in only one response that was incomplete.
  This entry is listed as Error, Event ID 2, source is vpnagent:
  Function: CHttpProbeAsync::OnOpenRequestComplete
  File: .\IP\HttpProbeAsync.cpp
  Line: 254
  Invoked Function: CHttpSessionAsync::OnOpenRequestComplete
  Return Code: -31522780 (0xFE1F0024)
  Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
  Another error:
  Function: CNetEnvironment::TestNetEnv
  File: .\NetEnvironment.cpp
  Line: 190
  Invoked Function: CNetEnvironment::testNetwork
  Return Code: -28901363 (0xFE47000D)
  Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
  This entry is a Warning:
  Function: CNetEnvironment::logProbeFailure
  File: .\NetEnvironment.cpp
  Line: 1068
  Invoked Function: CHttpProbeAsync::SendProbe
  Return Code: -27787250 (0xFE58000E)
  Description: HTTP_PROBE_ASYNC_ERROR_CANNOT_CONNECT
  HTTP (host: 198.210.1.1)
  Another Warning:
  Reconnect reason code 6:
  Reconnecting due to the disruption of the VPN connection to the secure gateway.
  There are numerous information logs referring to reconnecting, VPN connection re-established, primary SSL connection to the secure gateway is down.
  Anyone have ideas on how to troubleshoot this?
  Thank you for any suggestions.

  Bill,
  Were you able to diagnose why this issue was/is occuring? We are experiencing a similar issue with a user in our organization:
  Session level reconnect reason code 6:
  Disruption of the VPN connection to the secure gateway.
  Originates from tunnel level
  Function: CSslTunnelTransport::OnTransportInitiateComplete
  File: .\SslTunnelTransport.cpp
  Line: 363
  Invoked Function: CTcpTransport::initiateTransport
  Return Code: -31588316 (0xFE1E0024)
  Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

• XE connection problem after using Cisco AnyConnect Client

  Hello
  I have a rather annoying problem connecting to an XE instance AFTER I have disconnected from a VPN via a Cisco AnyConnect VPN Agent.
  Sequence of operations:
  - start Oracle XE and work normally
  - connect to client's vpn
  - do other stuff
  - DISCONNECT from Client's VPN
  -> unable to connect to XE service any more, unless I reboot
  The problem does not happen with other vpn clients like Cisco VPN Service, Juniper, Checkpoint.
  Details:
  - sqlplus connection WITH service name (eg sqlplus user/pwd@XE): FAILURE with ORA-12170
  - but...sqlplus connection WITHOUT service name (eg sqlplus user/pwd): SUCCESS (weird !)
  - tnsping XE: TNS-12535 error
  - lsnrctl status output (sorry, italian localized)
  LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 22-GIU-2011 14:19
  :38
  Copyright (c) 1991, 2005, Oracle. All rights reserved.
  Connessione a (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC_FOR_XE)))
  STATO del LISTENER
  Alias LISTENER
  Versione TNSLSNR for 32-bit Windows: Version 10.2.0.1.0 - Produ
  ction
  Data di inizio 22-GIU-2011 12:26:15
  Tempo di attivitÓ 0 giorni 1 ore 53 min. 22 sec.
  Livello trace off
  Sicurezza ON: Local OS Authentication
  SNMP OFF
  Servizio predefinito XE
  File di parametri listenerC:\programs\oraclexe\app\oracle\product\10.2.0\server\
  network\admin\listener.ora
  File di log listener C:\programs\oraclexe\app\oracle\product\10.2.0\server\
  network\log\listener.log
  Summary table degli endpoint di ascolto...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC_FOR_XEipc)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=MyPCName)(PORT=8080))(Presentation=HTTP)(Session=RAW))
  Summary table dei servizi...
  Il servizio "CLRExtProc" ha 1 istanze.
  L'istanza "CLRExtProc", stato UNKNOWN, ha 1 handler per questo servizio...
  Il servizio "PLSExtProc" ha 1 istanze.
  L'istanza "PLSExtProc", stato UNKNOWN, ha 1 handler per questo servizio...
  Il servizio "XEXDB" ha 1 istanze.
  L'istanza "xe", stato READY, ha 1 handler per questo servizio...
  Il servizio "XE_XPT" ha 1 istanze.
  L'istanza "xe", stato READY, ha 1 handler per questo servizio...
  Il servizio "xe" ha 1 istanze.
  L'istanza "xe", stato READY, ha 1 handler per questo servizio...
  Environment:
  Win7 Pro SP1
  Oracle XE 10.2.0
  I have stopped the Win firewall and the problem is still there, so it is not a firewall problem
  listener.ora configuration
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = C:\programs\oraclexe\app\oracle\product\10.2.0\server)
  (PROGRAM = extproc)
  (SID_DESC =
  (SID_NAME = CLRExtProc)
  (ORACLE_HOME = C:\programs\oraclexe\app\oracle\product\10.2.0\server)
  (PROGRAM = extproc)
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC_FOR_XE))
  (ADDRESS = (PROTOCOL = TCP)(HOST = MyPCName)(PORT = 1521))
  DEFAULT_SERVICE_LISTENER = (XE)
  tnsnames.ora
  XE =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = MyPCName)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = XE)
  EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC_FOR_XE))
  (CONNECT_DATA =
  (SID = PLSExtProc)
  (PRESENTATION = RO)
  Any help ?

  Hi;
  Pelase close this tread as answered and keep update issue at:
  Re: XE connection problem after using Cisco AnyConnect Client
  Regard
  Helios

• Anyconnect client problem, load balancing fqdn changes after update client?

  Hi,
  We use two asa's in loadbalancing. Users use the loadbalancing fqdn name to connect. This works fine until we push new client anyconnect software, that the connect to field changes from the fqdn to the appliance ip address where the client downloaded the software. So loadbalancing will not work anymore. Is there a solution for this?
  Thx,
  Marc

  This sounds like CSCsz39019:
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsz39019
  Symptom:
  Anyconnect client preserves the FQDN name of the ASA its connecting to instead
  of load-balancing cluster FQDN.
  Workaround:
  When the cluster member appears in the host list, user can select the correct
  host by clicking the drop down. The next time user starts the client, the
  cluster member will no longer be visible. It will have been replaced with the cluster name last selected.
  This should be fixed in 2.3(2028)
  2.4(192) and 2.5(53) or any higher release. Keep an eye out for the next release with this fix.

• Anyconnect client has persistent settings after uninstall

  Usually I am able to type into the address field in anyconnect client and change to another customer (we are a partner that support many people).
  For some reason my anyconnect client has "infranet-cm0" and "infranet-cups" (our call manager and presence servers) in the connect to field and you cannot type in that field. It makes no sense.. these must just be certificates on my system or something.
  I've uninstalled the client many times and launched from web the customer i'm trying to connect to - download the new client, but it always comes back up with those two options to connect. I'm attaching a screenshot.
  How do I get rid of these options and allow me to always be able to type in the address?

  Did you try to remove the profile?
  Paths to Deploy the Client
  OS Directory Path
  Windows 7 and Vista
  C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\
  Windows XP
  C:\Document and Settings\All Users\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
  Mac OS X and Linux
  /opt/cisco/anyconnect/profile/
  http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac02asaconfig.html#wp1595490

• Slow Boot of Windows after installing Anyconnect Client

  We have just migrated our Windows 7 x64 SP1 machines from the Cisco IPSec client to Cisco Anyconnect  3.1.02x.
  Users have immediately noticed the negative effect that the AnyConnect client upgrade has had on their machines - Adding an additional ~20 seconds to PC boot time. (NB: Boot time classified as the time it takes from power on, to the 'Ctrl+Alt+Del' logon screen).
  Has anyone else encountered issues like this post migration? Anybody know of any timeout settings, or other settings that I could adjust within the AC client to reduce the impact on boot time? 
  Thanks,
  - Scott.

  I haven't tested with Anyconnect 3.0. Is there a particular reason that I should?
  Good point re: the modules. The modules that I have installed (beliving that this would represent a fairly standard install) are:
  Base Windows Client
  Network Access Manager (Used to connect to our corporate WiFi)
  Start Before Logon
  DART (Not sure if I need this component?)
  --Perhaps I could look at ditching SBL and DART if these are not typically installed?
  I have been scanning the Windows System, Application eventlogs, as well as the Cisco Anyconnect eventlogs. I have tried to locate any mentions of a timeout, but have had no success as yet.
  Setting the Cisco AnyConnect Network Access Manager, Network Access Manager Logon Module and Secure Mobility Client services to disabled has the machine booting some 20 seconds faster (of course Anyconnect client is then disabled)
  I was expecting a small impact to boot time, but had not prepared our users for a 20 second increase!
  - S.

• Anyconnect maintain connection after windows logoff

  Is it possible, and if so, how do I configure, the anyconnect client to remain connected after a user logs off of windows I know this is an option in some VPNs, such as nortel ipsec. I am using an ASA 5505 running 8.04

  You can adjust the frequency of keepalive messages to ensure that an SSL VPN connection through a proxy, firewall, or NAT device remains open, even if the device limits the time that the connection can be idle. Adjusting the frequency also ensures that the client does not disconnect and reconnect when the remote user is not actively running a socket-based application, such as Microsoft Outlook or Microsoft Internet Explorer. Following is the example configuration:
  hostname(config)# group-policy sales attributes
  hostname(config-group-policy)# webvpn
  hostname(config-group-webvpn)# svc keepalive 300

• Windows 8.1 Preview not working with AnyConnect Client

  I had Windows 8 and was running Cisco AnyConnect client 3.0.10055 perfectly.
  I upgraded to the Windows 8.1 preview and it tries to download update and then it fails and disconnects with the following message:
  An unknown termination error occurred in the client.
  Tried uninstalling and reinstalling the client, no luck.
  Any ideas?
  Thanks,
  Eric

  I had the same issue with windows 8.1 x64. I believe there is an issue with the windows 8.1 update process where it fails to update some of the drivers properly. I have noticed this issue with other windows drivers after the update. Follow the steps below and you VPN should work again.
  1. Uninstall Cisco Anyconnect client.
  2. Go to Device Manager and Disable Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
  3. Go to C:\Windows\System32 and rename vpnva64.sys to vpnva64_Old.sys.
  4. Reinstall Cisco Anyconnect client.
  5. Go to Device Manager, you see duplicated Cisco AnyConnect VPN Virtual Adapters. Uninstall one of them but do not check the option to remove the driver.
  6. Apply the registry fix in this blog: http://www.tomontech.com/2012/03/pro-tip-cisco-anyconnect-vpn-client-and-windows-8-consumer-preview/
  7. Try to connect again and your Cisco VPN should work. 

• Windows 7 brightness reverts back, wifi takes long to reconnect after sleep

  Hi fellow members,
  My brightness setting keeps reverting to max. I have tried setting via power manager and also from control panel.I can adjust but when the computer restarts, the brightnes reverts to max. It started happeing around a month ago. I didn't have these issues until about 2 months ago. I have had my x301 for over an year without issues.
  Another issue I have been experiencing is that wifi takes a long time to reconnect after sleep. About 5 minutes. This is also a new issue.
  I have the latest BIOS, latest power manager, all drivers are upto date. Here are the specs.
  ThinkPad X301, 4GB, 13.3in 1440x900 LCD, Intel 4500MHD,  Intel 802.11agn wireless, Bluetooth, 1Gb Ethernet, UltraNav,
  Win7 Pro 32, Service Pack 1
  Intel WiFi Link 5100 AGN
  Driver Date: 8/3/2011
  Driver Version 14.2.0.10
  Video Card
  Mobile Intel(R) 4 Series Express Chipset Family
  Video Card Chip Type
  Mobile Intel(R) 4 Series Express Chipset Family
  Video Card Memory
  1.26 GB
  Video Card BIOS
  Intel Video BIOS
  Driver
  c:\windows\system32\drivers\igdkmd32.sys
  Driver Version
  8.15.10.2555, 10-13-2011
  Mobile Intel(R) 4 Series Express Chipset Family
  Driver
  c:\windows\system32\drivers\igdkmd32.sys
  Driver Version
  8.15.10.2555, 10-13-2011
  BIOS
  Vendor
  LENOVO
  Release Date
  12/10/2010
  BIOS Version String
  6EET54WW (3.14 )
  ROM Size
  8.00 MB

  Check in the Windows power profile for the brightness issue. Windows will apply it's own at boot, then Power Manager will override, which leads to a momentary discrepancy.
  W520: i7-2720QM, Q2000M at 1080/688/1376, 21GB RAM, 500GB + 750GB HDD, FHD screen
  X61T: L7500, 3GB RAM, 500GB HDD, XGA screen, Ultrabase
  Y3P: 5Y70, 8GB RAM, 256GB SSD, QHD+ screen

• AnyConnect Client v3.1 driver error on windows 7

  Hello,
  I used AnyConnect Client v3.0 on my windows 7 machine and worked well. But after automatic upgrade to v3.1 by the VPN server(ASA) and it does not work any more. It seems that VPN authentication is successful but activation of VPN adapter fails.
  I see two error messages below:
  The VPN client driver has encountered an error. Please restart your computer or device, then try again.
  AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.
  Message History:
  [30/08/2013 6:03:14 PM] Ready to connect.
  [30/08/2013 6:04:20 PM] Contacting vpn.example.com.
  [30/08/2013 6:04:25 PM] User credentials entered.
  [30/08/2013 6:04:26 PM] Establishing VPN session...
  [30/08/2013 6:04:26 PM] Checking for profile updates...
  [30/08/2013 6:04:26 PM] Checking for product updates...
  [30/08/2013 6:04:26 PM] Checking for customization updates...
  [30/08/2013 6:04:26 PM] Performing any required updates...
  [30/08/2013 6:04:32 PM] Establishing VPN session...
  [30/08/2013 6:04:32 PM] Establishing VPN - Initiating connection...
  [30/08/2013 6:04:33 PM] Establishing VPN - Examining system...
  [30/08/2013 6:04:33 PM] Establishing VPN - Activating VPN adapter...
  [30/08/2013 6:05:13 PM] Establishing VPN - Repairing VPN adapter...
  [30/08/2013 6:06:00 PM] Disconnect in progress, please wait...
  [30/08/2013 6:11:53 PM] Connection attempt has failed.
  [30/08/2013 6:11:54 PM] Ready to connect.
  I already did most of suggestions below from google but still the issue has not been resolved.
  - Rebooted the laptop
  - Confirm ICS disabled
  - Remove Anyconnect client from the laptop and reinstall
  - http://www.lehigh.edu/~inlts/comp/docs/vpn/cisco-drvr.html
  Cheers
  Jeong

  I am also facing the exact same issue. I even tried with the newer version. But it does not work. During connection, it asks for accepting the banner and the suddenly the cisco adapter driver gets uninstalled from device manager and cisco pops-up the error screen.
  " the VPN client driver encountered an error. Please restart your computer or device and try again"
  Please help.

• AnyConnect Client Profile Backup Server Configuration

  I'm trying to understand the use of Backup Server option in AnyConnect Client Profile
  Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profile > Edit > Backup Server
  (Screenshot attached)
  My questions:
  1. In what all scenarios do we add servers (ASA devices) in this tab
  2. If I have same information in two different locations (Site A and Site B) for AnyConnect user, can I add Site A-ASA and Site B-ASA into Backup Server tab as a failover mechanism for end user.
  3. Or is it only used to mention ASA devices configured in failover unit
  4. In case of failover unit, does it support stateful failover
  I could not find answers to above questions from Google search. So, asking here

  I think we need to be careful when we talk about failover. The original post was clearly asking about two different scenarios
  1) ASAs at two different sites
  2) ASAs configured as a High Availability failover pair (Active/Standby).
  The profile does work to provide failover in 1) but does not work to provide failover in 2).
  I do not know the authoritative answer to the question about IP phones use of the profile. I believe that the answer ought to be that yes the phone would receive the profile after its first connection and would use the backup server identified in the profile is the primary server was not available. That is a basic functionality of the AnyConnect client and if the phone is using the AnyConnect client then it ought to support that failover. 
  If someone does have an authoritative answer then please speak up. Several of us would like to know the right answer here.
  HTH
  Rick