Cisco AnyConnect fails after initiating connection

3

I'm trying to VPN to my work place but Cisco AnyConnect fails after initiating a connection. It pops up an error that says The VPN client failed to establish a connection then it shows another error saying AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again. I've tried everything. Reinstalling, restarting, and various other things like disabling ICS (Internet Connection Sharing). I tried it on my laptop and the web-installer worked fine. It installed the client and connected perfectly ok so it must be something with this PC. I've been trying to figure this out for about 5 hours now and Googling doesn't help. Here's the message history from AnyConnect:

[11/11/2013 1:55:55 PM] Ready to connect. [11/11/2013 1:57:05 PM] Contacting ---.---.---.--- [11/11/2013 1:57:07 PM] Please enter your username and password. [11/11/2013 1:57:08 PM] User credentials entered. [11/11/2013 1:57:08 PM] Establishing VPN session... [11/11/2013 1:57:09 PM] Checking for profile updates... [11/11/2013 1:57:09 PM] Checking for product updates... [11/11/2013 1:57:10 PM] Checking for customization updates... [11/11/2013 1:57:10 PM] Performing any required updates... [11/11/2013 1:57:15 PM] Establishing VPN session... [11/11/2013 1:57:15 PM] Establishing VPN - Initiating connection... [11/11/2013 1:57:16 PM] Disconnect in progress, please wait... [11/11/2013 1:57:29 PM] Connection attempt has failed. [11/11/2013 1:59:31 PM] Ready to connect.

I tried turning off the firewall and anti-virus. I didn't think it would matter since my laptop uses the same firewall and anti-virus too and I didn't need to disable that. My laptop uses Windows 7 Home 64-bit and my PC that is failing is using Windows 7 Ultimate 64-bit.

LazyProgrammer

Posted 2013-11-11T22:02:00.027

Reputation: 31

I ran into this same problem and found your question with your idea to disable ICS. Thank you. I post that as an answer so that others can vote it up if this is their solution. I hope you get an answer that helps. Good luck! – Nathan – 2014-08-22T22:38:11.330

Answers

4

The solution for me was to disable Internet Connection Sharing (ICS).

To resolve this issue:

  1. Click the Windows Start button.
  2. Click on Control Panel.
  3. Set View by: to Category.
  4. Click on View network status and tasks under Network and Internet.
  5. Click on Change adapter settings.
  6. Look for Shared in the Status column and right-click that connection and click Properties.
  7. Click the Sharing tab.
  8. Clear the Allow other network users to connect through this computer’s Internet connection check box.
  9. Click OK.
  10. Reinstall Cisco AnyConnect.

Nathan

Posted 2013-11-11T22:02:00.027

Reputation: 1 050

Worked for me. Also no need to reinstall. – Rorschach – 2017-06-20T09:35:37.527

0

I had this problem, and eventually my company support team fixed it by clicking the properties icon on the "Cisco AnyConnect Secure Mobility Client" window.

On the Preferences tab of the window that appears, locate the 'Check for updates on VPN connect' tick box, and ensure its ticked. Then, when connecting to the VPN, the client looks to see if there are updates available, and installs itself.

I was not able to find this information on the day, but if I had, i'd have been able to reconnect to the company VPN - instead I got the sack, thanks Cisco!

Mark Burgess

Posted 2013-11-11T22:02:00.027

Reputation: 1

0

If, your experience is similar to mine, where you have seemed to successfully authenticate, and then where you see the following two responses...

1) Pop-up shown as after what seems to be successful authentication

Shown after successful authentication

2) (Misleading) Message on AnyConnect taskbar window

Shown concurrent with successful authentication

.. it is quite likely that you have two users logged onto your client PC. That is, the local computer from which you are connecting to your office network..

The security risk is obvious. You can force a log-off on the other user, then it will work (**NB: Unsaved data for that user will be lost).

enter image description here

user919426

Posted 2013-11-11T22:02:00.027

Reputation: 101

0

Unfortunately, none of the above worked for me. I disabled/enabled my wireless network adapter and that resolved the issue.

Abhijeet

Posted 2013-11-11T22:02:00.027

Reputation: 1

0

None of the options above worked for me. For me, it came down to a Wireshark capture. It turns out that most VPN users were trying to hit a 'wpad' server via wpad.mydomain.com. We have a wildcard lookup on mydomain.com, and so wpad.mydomain.com resolved there. It obviously failed to get proxy settings from that IP and came up with the error "The VPN client failed to establish a connection"

To fix:

  1. Click on Start Menu
  2. Choose Control Panel
  3. Click on Internet Options
  4. Go to Connections Tab
  5. Click LAN Settings button
  6. Uncheck Automatically Detect Settings
  7. Click OK, OK
  8. restart Cisco AnyConnect and try again

Bhav

Posted 2013-11-11T22:02:00.027

Reputation: 21

0

I see that disabling ICS did not work for the OP, but it worked for me and many others, according to various forums, it seems.

It may be a ThinkPad-specific issue. Lenovo published an advisory article indicating that their Access Connections software interferes with AnyConnect. The solution is to disable ICS. I don't have a way to establish whether this is the actual reason for my problem, but the solution worked.

Nathan's answer on this page didn't work for me, because the Allow other network users[...] checkboxes were cleared for all the items anyway.

I disabled ICS this way:

  1. Type services.msc into Windows' menu after you press the Start button. Right click on the services.msc that appears after it's finished searching, and Run as Administrator...

  2. Find Internet Connection Sharing, stop it and set it to be launched Manually.

Evgeni Sergeev

Posted 2013-11-11T22:02:00.027

Reputation: 1 704

I'd like to add that I hope Cisco has employees whose job it is to read user complaints like this one on the Internet and fix their software. That's how we post bug reports nowadays. A part of my fees goes to pay for Cisco hardware and software, and those don't come cheap. An uninformative error message in a context like this is just not good enough, simply because a couple of hours of Cisco developers' time would save thousands of hours of frustrated users redundantly troubleshooting the problem then venting their frustration in the form of road rage and domestic violence! – Evgeni Sergeev – 2015-05-23T11:16:01.713

Asked: 2013-11-11T22:02:00.027

Viewed: 38 249 times

Active: 2017-09-05T05:59:29.070