Cisco anyconnect secure mobility client setup ended prematurely because of an error windows 7

Cisco VPN Client 64 bits, Windows 7, A few setup Problems & solutions

Just remembered that I had to struggle to proper setup the cisco CPN client (now 64 bits, finally!) on my Windows 7.

The errors are extremely misleading :(, after poking around msi logs, online foruns & others, here’s what solved it for me:

To fix this I had to run both of these steps (almost sure that I needed both, just the vbscript re-registration was not enough):

(yes, you’re advised to backup the key before deleting, just in case…)

That fixed the first error, Right to the second one. The setup was now running but crashing when setting up network drivers&filters with another….yes… extremely useful (!) error message that read “unable to manage networking component. Operating system corruption may be preventing installation”

That’s really (another) annoying error message…so verbose mode on msi again… check the logs and found 0x8004a029 error witch translated to something like “maximum number of network filter drivers has been reached.”

And in my case this was due mainly to lots of network filters like the ones needed by virtual pc, virtual box, wireshark & some others (I can only imagine…).

So you can uninstall some of them or increasing the limit directly in the registry (of course the limit is there so that you don’t overload the network stack…)

Something like increasing the value in :

Ok, back to the setup, all was solved now right? ah….wrong!! Now another error pops up “”Error 27854: The Network Configuration LOck is held by another application. Close all applications and run Setup again. …”

Hope this helps someone.

Источник

Исправление: AnyConnect не смог установить соединение с указанным безопасным шлюзом.

Сообщение об ошибке « AnyConnect не смог установить соединение с указанным безопасным шлюзом » появляется, когда пользователи пытаются подключиться к VPN с помощью клиента AnyConnect. Эта проблема возникает из-за того, что VPN-клиент AnyConnect не может успешно выполнить процесс соединения с удаленным сервером, и на его пути есть некоторые блокировки. Сегодня мы рассмотрим указанное сообщение об ошибке, включая причины появления сообщения об ошибке и различные решения, которые вы можете реализовать, чтобы избавиться от ошибки.

Что вызывает сообщение об ошибке «AnyConnect не смог установить соединение с указанным безопасным шлюзом»?

Чтобы обойти сообщение об ошибке, вы можете следовать приведенным ниже решениям, но обязательно перезагрузите компьютер и приложение, прежде чем переходить к другим исправлениям.

Решение 1. Отключение антивируса

Перво-наперво. В большинстве случаев проблема возникает из-за блокировки антивируса, что является распространенным сценарием. Следовательно, в таком случае вы должны попытаться отключить любой сторонний антивирус, который вы установили в своей системе, а затем попытаться подключиться к VPN с помощью AnyConnect. Надеюсь, это решит проблему.

Решение 2. Остановите службу подключения к Интернету

Время от времени служба ICS работает, что вызывает проблемы для клиента AnyConnect при подключении к VPN. Вам нужно будет отключить его, чтобы решить проблему. Вот как отключить службу:

Решение 3. Отключите общий доступ к подключению к Интернету (ICS)

Было несколько случаев, когда, если в Windows был включен ICS, пользователи сталкивались с этой проблемой. Чтобы отключить ICS, следуйте приведенным ниже инструкциям:

Если ваша проблема была вызвана включением ICS, это должно было исправить ее.

Решение 4. Выберите параметр Подключиться к текущей сети в AnyConnect VPN.

Иногда клиентский VPN Any Connect колеблется между разными сетями, поэтому вам нужно выбрать вариант подключения только к текущей сети. Это может решить проблему для вас. Вот как это сделать:

Решение 5. Попробуйте другое подключение

Иногда используемое вами интернет-соединение может иметь некоторые ограничения или может работать неправильно, что является причиной проблемы. В таком сценарии вам придется использовать альтернативное соединение, такое как Wi-Fi или мобильная точка доступа, чтобы узнать, можете ли вы подключиться к VPN.

Источник

Cisco anyconnect secure mobility client setup ended prematurely because of an error windows 7

Dear fellow cisco enthusiasts. 🙂

I am experiencing quite a strange situation.

We have upgraded our AnyConnect from version 4.x to 4.5 (04029) on the ASA.

I started to troubleshoot on these specific machines to check what is happening.

I’ve tried quite some option for example;

Basic reinstall. No success I receive same error.

Tried to delete known folders;

C:Program Files (x86 Cisco

Then tried reinstall, still same error.

Found article on cisco community regarding full removal of Anyconnect client which involved all reg keys attachted to Anyconnect client or msi file. Restarted the installation, still same error.

Tried to install older versions e.d. 3.1, 4.0 etc. same error.

So now you are wondering.. what is that specific error.

Well it says “installation ended prematurely” so…. Nothing technical.

I needed a little more information so I installed with specific commands to generate an installation log. (msiexec /i c:tempanyconnect-win-4.5.04029-core-vpn-predeploy-k9.msi /lv log.txt)

I received quite a large log, but I could find out at which part its necking the installation.

I hope someone can help me further.

The log file I will add as attachment.

It seems that windows is throwing error status 1603.

Thanks for the reply. The error code 1603 is trown multiple times in the logging.

I have checked the link you have send me, these steps I have tried but unfortunately the app is not showing in the «app list» or «programs list»

Somewhere, somehow there are still some files left behind. enough files to let Windows believe that there is something installed.

I know Windows is still seeing something because, when I tried to reset Windows 10 to factory default, there is an option to reset the system to factory default, but to keep your files. When I do this, Windows shows an list of applications which you have to reinstall. In this list the application Cisco Anyconnect is in that list.

I have followed the following manual to completely uninstall Cisco Anyconnect.

I could not find to many details on how to uninstall anyconnect in the link you sent.

I found a more comprehensive guide here:

Unfortunately this article didn’t help me further.

After a lot of trouble shooting I decided to do an reinstall of Windows 10 with behold of data.

Before Windows starts to do the reinstall it tells you which software needs to be reinstalled after the process. Guess what.. it tells me that Cisco AnyConnect needs to be reinstalled. So somewhere, somehow there is something left on the machine. So after this process Windows starts back up. Don’t ask me why but I suddenly have an Cisco AnyConnect shortcut on the desktop……

I browse to the Windows Apps list and the program is not listed in the apps list….after a reset to factory defaults…. Quite strange…

Well let’s try if the AnyConnect client will work now as it tells me that the program is installed.

Maybe It will work now.. double click… and the AnyConnect starts right up….

I try to make vpn connection and I receive error. “Bad modules found” it quits the program. I browse back to the apps list… program disappeared……

After this strange experience I decided to perform a clean install of Windows (so without behold of data) after this everything was alright and reinstalled AnyConnect client.

I am completely clueless whats going wrong. During the upgrade from Cisco AnyConnect 4.0.x to 4.5.x we have upgraded around 30 clients? And five clients have gone wrong. Not the same hardware. During the upgrade of AnyConnect something gets damaged (sometimes) and when it does happen, an clean install of Windows looks the only solution, unfortunately.

When any of you guys still have an idea, please let me know.

Источник

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.8

Book Title

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.8

Chapter Title

View with Adobe Reader on a variety of devices

Results

Chapter: Troubleshoot AnyConnect

Troubleshoot AnyConnect

Gather Information for Troubleshooting

View Statistical Details

An administrator or end user can view statistical information for a current AnyConnect session.

Procedure

Choose from the following options, depending upon the packages that are loaded on the client computer.

Run DART to Gather Data for Troubleshooting

DART is the AnyConnect Diagnostics and Reporting Tool that you can use to collect data for troubleshooting AnyConnect installation and connection problems. DART assembles the logs, status, and diagnostic information for Cisco Technical Assistance Center (TAC) analysis.

The DART wizard runs on the device that runs AnyConnect. You can launch DART from AnyConnect, or by itself without AnyConnect.

DART requires administrator privileges on macOS, Ubuntu 18.04, and Red Hat 7 to collect logs.

Note

Also, for ISE posture only, you can automatically collect DART, if configured, as soon as an ISE posture crash occurs or when an endpoint goes to non-compliant. To enable Auto-DART, set the DARTCount to any non-zero value. When set to 0, the feature is disabled. Enabling Auto-DART prevents data loss due to time lapse. Gather the auto-collected DARTS at the following locations:

Windows—%LocalAppData%/Cisco/Cisco AnyConnect Secure Mobility Client

The following operating systems are supported:

Procedure

For a Linux device, choose Applications > Internet > Cisco DART

Choose Default or Custom bundle creation.

Custom—Allows you to specify what files you want to include in the bundle (or the default files) and where to store the bundle.

Successful route and filtering changes for Linux and macOS will be kept out of the log so that you can better notice important events. Otherwise, with syslog event rate limiting, important events might drop off and be overlooked. Also, capture filtering settings enable you to see the system pf configuration file for macOS as well as the AnyConnect filtering configuration files. For Linux, iptables and ip6tables outputs are visible in DART even though access to most of these configuration is restricted unless the DART tool is run via sudo.

Default is the only option for macOS. You cannot customize which files to include in the bundle.

Expose UDID in DART

Collect Logs to Gather Data for Install or Uninstall Issues (for Windows)

If you have an AnyConnect install or uninstall failure, you need to collect logs, because the DART collection does not have diagnostics for this.

Run the msiexec command in the same directory where you unzipped AnyConnect files:

For uninstall failures, you should use the MSI specific to the version currently installed.

You can alter the same commands above to capture information about any module on Windows which is not installing or uninstalling correctly.

Get Computer System Info

Get Systeminfo File Dump

For Windows type c:sysinfo.txt at the sysinfo command prompt.

Check Registry File

An entry in the SetupAPI log file as below indicates a file cannot be found:

Make sure the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce registry key exists. Without this registry key, all inf install packages are forbidden.

Location of AnyConnect Log Files

The logs are retained in the following files:

In Windows, you must make the hidden files visible.

If this is an initial web deployment install, the log file is located in the per-user temp directory:

If an upgrade was pushed from the optimal gateway, the log file is in the following location:

Obtain the most recent file for the version of the client you want to install. The xxx varies depending on the version, and the yyyyyyyyyyyyyy specifies the date and time of the install.

macOS (10.12 and later)—the logging database; use Console app or log command to query logs for VPN, DART, or Umbrella

macOS (legacy file based log)— /var/log/system.log for all other modules

Linux Ubuntu— /var/log/syslog

Linux Red Hat— /var/log/messages

Run DART to Clear Troubleshooting Data

Procedure

Launch DART with administrator privileges.

Click Clear All Logs to start the clearing of the logs.

AnyConnect Connection or Disconnection Issues

AnyConnect Not Establishing Initial Connection or Not Disconnecting

Problem AnyConnect will not establish initial connection, or you get unexpected results when you click Disconnect on the Cisco AnyConnect Secure Mobility Client window.

Solution Check the following:

If you are using Citrix Advanced Gateway Client Version 2.2.1, remove the Citrix Advanced Gateway Client until the CtxLsp.dll issue is resolved by Citrix.

If you are using AT&T Communication Manager Version 6.2 or 6.7 with an AT&T Sierra Wireless 875 card, follow these steps to correct the problem:

Obtain the config file from the ASA to look for signs of a connection failure:

From the ASA console, type write net x.x.x.x:ASA-Config.txt, where x.x.x.x is the IP address of the TFTP server on the network.

From the ASA console, type show running-config. Cut and paste the config into a text editor and save.

View the ASA event logs:

At the ASA console, add the following lines to look at the ssl, webvpn, anyconnect, and auth events:

Attempt an AnyConnect client connection, and when the connect error occurs, cut and paste the log information from the console into a text editor and save.

Type no logging enable to disable logging.

Obtain Cisco AnyConnect VPN client log from the client computer using the Windows Event Viewer.

Modify the Windows Diagnostic Debug Utility.

If a conflict was identified, add additional routing debugs to the registry of the client computer being used. These conflicts may appear in the AnyConnect event logs as follows:

On 32-bit Windows, the DWORD registry value must be HKEY_LOCAL_MACHINESOFTWARECiscoCisco AnyConnect Secure Mobility ClientDebugRoutesEnabled

On 64-bit Windows, the DWORD registry value must be HKEY_LOCAL_MACHINESoftwareWOW6432nodeCiscoCisco AnyConnect Secure Mobility ClientDebugRoutesEnabled

On Linux or macOS, create a file in the following path using the sudo touch command: /opt/cisco/anyconnect/debugroutes

The key or file is deleted when the tunnel connection is started. The value of the key or content of the file is not important as the existence of the key or file is sufficient to enable debugging.

Start a VPN connection. When this key or file is found, two route debug text files are created in the system temp directory (usually C:WindowsTemp on Windows and /tmp on Mac or Linux). The two files (debug_routechangesv4.txt4 and debug_routechangesv6.txt) are overwritten if they already exist.

AnyConnect Not Passing Traffic

Problem The AnyConnect client cannot send data to the private network once connected.

Solution Check the following:

If you are using AT&T Communication Manager Version 6.2 or 6.7 with an AT&T Sierra Wireless 875 card, follow these steps to correct the problem:

Obtain the output of the show vpn-sessiondb detail anyconnect filter name command. If the output specifies Filter Name: XXXXX, get the output for the show access-list XXXXX command as well. Verify that the ACL is not blocking the intended traffic flow.

Obtain the DART file or the output from AnyConnect VPN Client > Statistics > Details > Export (AnyConnect-ExportedStats.txt). Observe the statistics, interfaces, and routing table.

Check the ASA config file for NAT statements. If NAT is enabled, you must exempt data returning to the client from network address translation. For example, to NAT exempt the IP addresses from the AnyConnect pool, the following code would be used:

Verify whether the tunneled default gateway is enabled for the setup. The traditional default gateway is the gateway of last resort for non-decrypted traffic:

If a VPN client needs to access a resource that is not in the routing table of the VPN gateway, packets are routed by the standard default gateway. The VPN gateway does not need to have the whole internal routing table. If you use a tunneled keyword, the route handles decrypted traffic coming from IPsec/SSL VPN connection. Standard traffic routes to 209.165.200.225 as a last resort, while traffic coming from the VPN routes to 10.0.4.2 and is decrypted.

Collect a text dump of ipconfig /all and a route print output before and after establishing a tunnel with AnyConnect.

Perform a network packet capture on the client or enable a capture on the ASA.

VPN Service Failures

VPN Service Connection Fails

Problem You receive an “Unable to Proceed, Cannot Connect to the VPN Service” message. The VPN service for AnyConnect is not running.

Solution Determine if another application conflicted with the service. See Determine What Conflicted With Service, page 11-7.

Determine What Conflicted With Service

The following procedure determines if the conflict is with the initialization of the server at boot-up or with another running service, for example, because the service failed to start.

Procedure

Check the services under the Windows Administration Tools to ensure that the Cisco AnyConnect VPN Agent is not running. If it is running and the error message still appears, another VPN application on the workstation may need disabled or even uninstalled. After taking that action, reboot, and repeat this step.

Try to start the Cisco AnyConnect VPN Agent.

Check the AnyConnect logs in the Event Viewer for any messages stating that the service was unable to start. Notice the time stamps of the manual restart from Step 2, as well as when the workstation was booted up.

Check the System and Application logs in the Event Viewer for the same general time stamps of any messages of conflict.

If the logs indicate a failure starting the service, look for other information messages around the same time stamp which indicate one of the following:

a missing file—reinstall the AnyConnect client from a stand-alone MSI installation to rule out a missing file.

a delay in another dependent service—disable startup activities to speed up the workstation’s boot time.

a conflict with another application or service—determine whether another service is listening on the same port as the port the vpnagent is using or if some HIDS software is blocking our software from listening on a port.

If the logs do not point directly to a cause, use the trial and error method to identify the conflict. When the most likely candidates are identified, disable those services (such as VPN products, HIDS software, spybot cleaners, sniffers, antivirus software, and so on) from the Services panel.

Reboot. If the VPN Agent service still fails to start, start turning off services that were not installed by a default installation of the operating system.

VPN Client Driver Encounters Error (after a Microsoft Windows Update)

Problem If you recently updated the Microsoft certclass.inf file, the following message is encountered when trying to establish a VPN connection:

If you check the C:WINDOWSsetupapi.log, you can see the following error:

Solution Check which updates have recently been installed by entering C:>systeminfo at the command prompt or checking the C:WINDOWSWindowsUpdate.log. Follow the instructions to repair the VPN driver.

Repair VPN Client Driver Error

Even though the steps taken above may indicate that the catalog is not corrupt, the key file(s) may still have been overwritten with an unsigned one. If the failure still occurs, open a case with Microsoft to determine why the driver signing database is being corrupted.

Procedure

Open a command prompt as an admin.

Analyze the database to verify its validity by entering esentutl /g %systemroot%System32catroot2\catdb or rename the following directory: %/WINDIR%system32catroot2 to catroot2_old.

When prompted, choose OK to attempt the repair. Exit the command prompt and reboot.

Driver Crashes

Fix Driver Crashes in VPNVA.sys

Problem VPNVA.sys driver crashes.

Solution Find any intermediate drivers that are bound to the Cisco AnyConnect Virtual Adapter and uncheck them.

Fix Driver Crashes in vpnagent.exe

Procedure

Create a directory called c:vpnagent.

Look at the Process tab in the Task Manager and determine the PID of the process in vpnagent.exe.

Let the open window run in minimized state. You cannot log off of the system while you are monitoring.

When the crash occurs, collect the contents of c:vpnagent in a zip file.

Link/Driver Issues with Network Access Manager

If the Network Access Manager fails to recognize your wired adapter, try unplugging your network cable and reinserting it. If this does not work, you may have a link issue. The Network Access Manager may not be able to determine the correct link state of your adapter. Check the Connection Properties of your NIC driver. You may have a «Wait for Link» option in the Advanced Panel. When the setting is On, the wired NIC driver initialization code waits for auto negotiation to complete and then determines if a link is present.

Other Crashes

AnyConnect Crashes

Problem You received a “the system has recovered from a serious error” message after a reboot.

Procedure

Run the Microsoft utility called Dr. Watson (Drwtsn32.exe) from the Start > Run menu.

Configure the following and click OK :

On the client computer, get the Cisco AnyConnect VPN client log from the Windows Event Viewer by entering eventvwr.msc /s at the Start > Run menu.

AnyConnect Crashes in vpndownloader (Layered Service Provider (LSP) Modules and NOD32 AV)

Problem When AnyConnect attempts to establish a connection, it authenticates successfully and builds the ssl session, but then the AnyConnect client crashes in the vpndownloader if using LSP or NOD32 AV.

Solution Remove the Internet Monitor component in version 2.7 and upgrade to version 3.0 of ESET NOD32 AV.

Blue Screen (AT & T Dialer)

Problem If you are using an AT&T Dialer, the client operating system sometimes experiences a blue screen, which causes the creation of a mini dump file.

Solution Upgrade to the latest 7.6.2 AT&T Global Network Client.

Security Alerts

Microsoft Internet Explorer Security Alert

Problem A security alert window appears in Microsoft Internet Explorer with the following text:

Solution This alert may appear when connecting to an ASA that is is not recognized as a trusted site. To prevent this alert, install a trusted root certificate on a client. See Install Trusted Root Certificates on a Client, page 11-10.

Problem A “Web Site Certified by an Unknown Authority” alert window may appear in the browser. The upper half of the Security Alert window shows the following text:

Solution This security alert may appear when connecting to an ASA that is not recognized as a trusted site. To prevent this alert, install a trusted root certificate on a client. See Install Trusted Root Certificates on a Client, page 11-10.

Install Trusted Root Certificates on a Client

Before you begin

Generate or obtain the certificate to be used as the trusted root certificate.

Note

You can avoid security certificate warnings in the short term by installing a self-signed certificate as a trusted root certificate on the client. However, we do not recommend this because of the possibility that a user could inadvertently configure a browser to trust a certificate on a rogue server and because of the inconvenience to users of having to respond to a security warning when connecting to your secure gateway.

Procedure

Click View Certificate in the Security Alert window.

Select Place all certificates in the following store.

In the drop-down list, choose Trusted Root Certification Authorities.

Continue following the Certificate Import wizard prompts.

Dropped Connections

Wireless Connection Drops When Wired Connection is Introduced (Juniper Odyssey Client)

Problem When wireless suppression is enabled on an Odyssey client, the wireless connection drops if a wired connection is introduced. With wireless suppression disabled, the wireless operates as expected.

Configure the Odyssey Client

Procedure

In Network Connections, copy the name of the adapter as it appears in its connection properties. If you edit the registry, perform a backup before making any changes and use caution as serious problems can occur if modified incorrectly.

Open the registry and go to HKEY_LOCAL_MACHINESOFTWAREFunk Software, Inc.odysseyclientconfigurationoptionsadapterTypevirtual.

Create a new string value under virtual. Copy the name of the adapter from Network properties into the registry portion. The additional registry settings, once saved, are ported over when a customer MSI is created and is pushed down to other clients.

Connections to the ASA Fail (Kaspersky AV Workstation 6.x)

Problem When Kaspersky 6.0.3 is installed (even if disabled), AnyConnect connections to the ASA fail right after CSTP state = CONNECTED. The following message appears:

Solution Uninstall Kaspersky and refer to their forums for additional updates.

No UDP DTLS Connection (McAfee Firewall 5)

Problem When using McAfee Firewall 5, a UDP DTLS connection cannot be established.

Solution In the McAfee Firewall central console, choose Advanced Tasks > Advanced options and Logging and uncheck the Block incoming fragments automatically check box in McAfee Firewall.

Connection to the Host Device Fails (Microsoft Routing and Remote Access Server)

Problem If you are using RRAS, the following termination error is returned to the event log when AnyConnect attempts to establish a connection to the host device:

Solution Disable the RRAS service.

Failed Connection/Lack of Credentials (Load Balancers)

Problem The connection fails due to lack of credentials.

Solution The third-party load balancer has no insight into the load on the ASA devices. Because the load balance functionality in the ASA is intelligent enough to evenly distribute the VPN load across the devices, we recommend using the internal ASA load balancing instead.

Installation Failures

AnyConnect Fails to Download (Wave EMBASSY Trust Suite)

Problem The AnyConnect client fails to download and produces the following error message:

Solution Upload the patch update to version 1.2.1.38 to resolve all dll issues.

Incompatability Issues

Failure to Update the Routing Table (Bonjour Printing Service)

Problem If you are using Bonjour Printing Services, the AnyConnect event logs indicate a failure to identify the IP forwarding table.

Solution Disable the BonJour Printing Service by typing net stop “bonjour service” at the command prompt. A new version of mDNSResponder (1.0.5.11) has been produced by Apple. To resolve this issue, a new version of Bonjour is bundled with iTunes and made available as a separate download from the Apple web site.

Version of TUN is Incompatible (OpenVPN Client)

Problem An error indicates that the version of TUN is already installed on this system and is incompatible with the AnyConnect client.

Solution Uninstall the Viscosity OpenVPN Client.

Winsock Catalog Conflict (LSP Symptom 2 Conflict)

Problem If an LSP module is present on the client, a Winsock catalog conflict may occur.

Solution Uninstall the LSP module.

Slow Data Throughput (LSP Symptom 3 Conflict)

Problem Slow data throughput may occur with the use of NOD32 Antivirus V4.0.468 x64 using Windows 7.

Solution Disable SSL protocol scanning. See Disable SSL Protocol Scanning.

Disable SSL Protocol Scanning

Procedure

Go to Protocol Filtering > SSL in the Advanced Setup and enable SSL protocol scanning.

Go back to Protocol filtering > SSL and disable SSL protocol scanning.

DPD Failure (EVDO Wireless Cards and Venturi Driver)

Problem If you are using a EVDO wireless card and Venturi driver while a client disconnect occurred, the event log reports the following:

Check the Application, System, and AnyConnect event logs for a relating disconnect event and determine if a NIC card reset was applied at the same time.

Ensure that the Venturi driver is up to date. Disable Use Rules Engine in the 6.7 version of the AT&T Communications Manager.

DTLS Traffic Failing (DSL Router)

Problem If you are connecting with a DSL router, DTLS traffic may fail even if successfully negotiated.

Solution Connect to a Linksys router with factory settings. This setting allows a stable DTLS session and no interruption in pings. Add a rule to allow DTLS return traffic.

NETINTERFACE_ERROR (CheckPoint and other Third-Party Software such as Kaspersky)

Problem When attempting to retrieve operating system information on the computer’s network used to make the SSL connection, the AnyConnect log may indicate a failure to fully establish a connection to the secure gateway.

If you are uninstalling the Integrity Agent and then installing AnyConnect, enable TCP/IP.

Ensure that if you disable SmartDefense on Integrity agent installation, TCP/IP is checked.

If third-party software is intercepting or otherwise blocking the operating system API calls while retrieving network interface information, check for any suspect AV, FW, AS, and such.

Confirm that only one instance of the AnyConnect adapter appears in the Device Manager. If there is only one instance, authenticate with AnyConnect, and after 5 seconds, manually enable the adapter from the Device Manager.

If any suspect drivers have been enabled within the AnyConnect adapter, disable them by unchecking them in the Cisco AnyConnect VPN Client Connection window.

Performance Issues (Virtual Machine Network Service Drivers)

Problem When using AnyConnect on some Virtual Machine Network Service devices, performance issues have resulted.

Solution Uncheck the binding for all IM devices within the AnyConnect virtual adapter. The application dsagent.exe resides in C:WindowsSystemdgagent. Although it does not appear in the process list, you can see it by opening sockets with TCPview (sysinternals). When you terminate this process, normal operation of AnyConnect returns.

Known Third-Party Application Conflicts

The following third-party applications have known complications with Cisco AnyConnect Secure Mobility Client :

Adobe and Apple—Bonjour Printing Service

Adobe Creative Suite 3

BonJour Printing Service

AT&T Communications Manager Versions 6.2 and 6.7

AT&T Sierra Wireless 875 card

Citrix Advanced Gateway Client Version 2.2.1

Third-party firewalls can interfere with the firewall function configured on the ASA group policy.

Juniper Odyssey Client

Kaspersky AV Workstation 6.x

Microsoft Internet Explorer 8

Microsoft Routing and Remote Access Server

Wave EMBASSY Trust Suite

Layered Service Provider (LSP) Modules and NOD32 AV

EVDO Wireless Cards and Venturi Driver

CheckPoint and other Third-Party Software such as Kaspersky

Источник

Adblock
detector

Note

Just remembered that I had to struggle to proper setup the cisco CPN client (now 64 bits, finally!) on my Windows 7.

The errors are extremely misleading :(, after poking around msi logs, online foruns & others, here’s what solved it for me:

First error – Right on the setup startup I was getting “installation ended prematurely because of an error” . Reason for this one was that wise installer needs vbscript to cycle between setup dialogs. And although I could execute vbs scripts properly, something was wrong with the dll registration … so it failed right in the beginning.

Through the msi logs you can see a more detailed error. (Really the delay on all this is only on getting to the *real* error messages… lots of try/catch/throw “unexpexted exception” style of coding, probably good from a security perspective, but a pain to diagnose… a lot like working with sharepoint out of the box, cof… )

To fix this I had to run both of these steps (almost sure that I needed both, just the vbscript re-registration was not enough):

(yes, you’re advised to backup the key before deleting, just in case…)

reg delete “HKCUSOFTWAREClassesWow6432NodeCLSID{B54F3741-5B07-11CF-A4B0-00AA004A55E8}” /f

regsvr32 c:windowssyswow64vbscript.dll

That fixed the first error, Right to the second one. The setup was now running but crashing when setting up network drivers&filters with another….yes… extremely useful (!)  error message that read “unable to manage networking component. Operating system corruption may be preventing installation”

That’s really (another) annoying error message…so verbose mode on msi again… check the logs and found 0x8004a029 error witch translated to something like “maximum number of network filter drivers has been reached.”

And in my case this was due mainly to lots of network filters like the ones needed by virtual pc, virtual box, wireshark & some others (I can only imagine…).

So you can uninstall some of them or increasing the limit directly in the registry (of course the limit is there so that you don’t overload the network stack…)

Something like increasing the value in :

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlNetworkMaxNumFilters

Ok, back to the setup, all  was solved now right? ah….wrong!! Now another error pops up “”Error 27854: The Network Configuration LOck is held by another application.  Close all applications and run Setup again. …”

Ok, that one was actually my fault .  At least the message made sense and lead me in the right direction, I forgot to close my network connections properties, that I had opened to try to diagnose the previous error message.

So, network properties closed, run the setup again and that’s done! Loaded my pcf files and it’s been working like a charm!

Hope this helps someone.

Finally ,some additional resources that helped to this, rather surprisingly, painful troubleshooting process:

VPN Client 5.0.04.0300 Installation Issue
https://supportforums.cisco.com/thread/184691

Is there a maximum number of Network Filter Drivers in Windows 7?
http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/4deb27fc-33ce-4fc0-a26f-3fec5b57733d

VPC and Windows XP Mode installation problems
http://social.technet.microsoft.com/Forums/en/w7itprovirt/thread/44345f66-87fc-4a9e-aede-153a976a4b49

How to (Successfully) Install Cisco VPN Client on Windows 7 – Brenton House
http://weblogs.asp.net/bhouse/archive/2009/01/15/how-to-successfully-install-cisco-vpn-client-on-windows-7.aspx

Error 2738 Could Not Access Vbscript Runtime For Custom Action – You Can Easily Fix it Now!
http://www.articlesbase.com/data-recovery-articles/error-2738-could-not-access-vbscript-runtime-for-custom-action-you-can-easily-fix-it-now-991609.html

Error 2738. Could not access VBScript run time for custom action.
http://www.jakeludington.com/windows_7/20091115_error_2738_could_not_access_vbscript_run_time_for_custom_action.html

Cisco VPN client x64 for win7 – will not install
https://supportforums.cisco.com/thread/2045330?tstart=0&viewcondensed

Blog or Die! » Msi Installer errors on CISCO VPN under Windows 7
http://www.blogordie.com/2010/08/msi-installer-errors-on-cisco-vpn-under-windows-7/

Fatal Error During Installation with Windows VISTA
http://lodensoftware.com/forum/index.php?topic=9.0

Сообщение об ошибке, которое указывает на незавершенность процесса установки Windows, может быть результатом неправильных разрешений доступа для раздела системного реестра HKEY_LOCAL_MACHINESOFTWAREMicrosoftOffice. С целью проверить корректность разрешений сделайте следующее.

  1.  Откройте редактор системного реестра.

  2.  Перейдите к разделу HKEY_LOCAL_MACHINESOFTWAREMicrosoftOffice.

  3.  В меню Правка (Edit) в выберите команду
Разрешения (Permissions). В появившемся диалоговом окне должны быть установлены следующие разрешения:

  ·  Administrators — Full Control;

  ·  Creator Owner — Full Control;

  ·  Power Users — Special;

  ·  System — Full Control;

  ·  Users — Read.

  4.  Если установленные разрешения не совпадают с показанными выше, перейдите к шагу 5; в противном случае перейдите к шагу 6.

  5.  Удостоверьтесь в том, что установлен флажок Заменить разрешения для всех дочерних объектов заданными здесь расширениями (Read permissions on all child objects) и снят флажок Наследовать от родительского объекта применимые к дочерним объектам разрешения (Allow Inheritable permissions from parent to propagate of this object). Кликните на кнопке OK и затем на кнопке Да (Yes) для перезаписи существующих разрешений.

  6.  Завершите работу с редактором.