Page 4 of 6 FirstFirst ... 23456 LastLast
Results 31 to 40 of 55

Thread: Cisco Anyconnect SSL VPN Client Certificate Error

  1. #31
    Join Date
    Apr 2009
    Beans
    1

    Re: Cisco Anyconnect SSL VPN Client Certificate Error

    Quote Originally Posted by unk626 View Post
    Here's the error I'm seeing after following the advice above:

    sergio@lenobo:~$ /opt/cisco/vpn/bin/vpn connect [ip address]
    Cisco AnyConnect VPN Client (version 2.3.0254) .

    Copyright (c) 2004 - 2009 Cisco Systems, Inc.
    All Rights Reserved.


    >> state: Disconnected
    >> warning: No profile is available. Please enter host to "Connect to".
    >> registered with local VPN subsystem.
    >> state: Disconnected
    VPN> >> contacting host (*.*.*.*) for login information...
    >> notice: Contacting *.*.*.*
    VPN>
    >> Please enter your username and password.

    Username: [*****] *****
    Password:
    >> notice: Establishing VPN - Checking for updates...
    >> state: Connecting
    VPN> /bin/sh: Can't open /tmp/vpnnspZL3/vpndownloader.sh
    >> error: Unable to establish VPN.
    >> state: Disconnected

    From Syslog:

    Apr 11 05:47:32 lenobo vpn: [p:29153 pp:26307]: ConnectMgr.cpp:1128 (0) processIfcData Authentication succeeded
    Apr 11 05:47:32 lenobo vpn: [p:29153 pp:26307]: warning - ConnectIfc.cpp:1178 (0) ConnectIfc::getUpdateFileContent Unable to locate Update file
    Apr 11 05:47:33 lenobo vpn: [p:29153 pp:26307]: warning - ConnectIfc.cpp:1009 (0) ConnectIfc::getDownloader Unable to locate downloader
    Apr 11 05:47:33 lenobo vpn: [p:29153 pp:26307]: ConnectMgr.cpp:4443 (0) ConnectMgr :: launchdownloader Successfully downloaded the downloader
    Apr 11 05:47:33 lenobo vpn: [p:29153 pp:26307]: ConnectMgr.cpp:4495 (0) ConnectMgr :: launchdownloader Successfully launched the downloader
    Apr 11 05:47:33 lenobo vpn: [p:29153 pp:26307]: error - ConnectMgr.cpp:4512 (2) ProcessApi :: WaitForProcess Downloader terminated abnormally



    I've tried using 2.3.0185 and 0254


    Any ideas?
    I got the same error messages, but solved/worked around it by setting the right permission on vpndownloader.sh:

    cd /opt/cisco/vpn/bin
    sudo chmod +x vpndownloader.sh

    Hope this helps!

  2. #32
    Join Date
    Jun 2009
    Beans
    9

    Re: Cisco Anyconnect SSL VPN Client Certificate Error

    I'm also getting this message:

    VPN> /bin/sh: Can't open /tmp/vpnhtjJJI/vpndownloader.sh

    But the /opt/cisco/vpn/bin/vpndownloader.sh file is already executable.

  3. #33
    Join Date
    Jun 2009
    Beans
    2

    Re: Cisco Anyconnect SSL VPN Client Certificate Error

    I am also on 8.10. I got the package from the ASA server so it should be in synch. with whatever is in the server. I am with the lastest FIreFox (3.0.11). I get the infamous empty certificate "Accept" request:


    Cisco AnyConnect VPN Client (version 2.3.0254) .

    Copyright (c) 2004 - 2009 Cisco Systems, Inc.
    All Rights Reserved.


    >> state: Disconnected
    >> warning: No profile is available. Please enter host to "Connect to".
    >> registered with local VPN subsystem.
    >> state: Disconnected
    VPN> >> contacting host (XXXXXXX) for login information...
    >> notice: Contacting XXXXXXXX.
    >> warning: Unable to process response from XXXXXXXX.
    >> notice: Please respond to Server Certificate Acceptance Request.
    VPN>
    Warning: The following Certificate received from the Server could not be verified:


    accept? [y/n]:


    I did an strace as recommended. Looking at all the opens, I find that all the libraries mentioned in this thread are accessible (I did the various required ln -s) except for libc.mo

    Any sggestion on where to look?

    Thanks



    Quote Originally Posted by pacmansyu View Post
    Hello all, I'm running Ubuntu 8.10, 32 bit, installed the vpnagent and started the daemon via sudo /etc/init.d/vpnagentd_init start... it starts fine. When I attempt to run /opt/cisco/vpn/bin/vpn connect xxxx.com, I get the following:

    Cisco AnyConnect VPN Client (version 2.2.0140).

    Copyright (c) 2004 - 2008 Cisco Systems, Inc.
    All Rights Reserved.


    >> warning: No profile is available. Please enter host to "Connect to".
    >> state: Disconnected
    >> notice: VPN Service is available.
    >> registered with local VPN subsystem.
    >> state: Disconnected
    VPN> connect xxxxx.com
    >> contacting host (xxxxx.com) for login information...
    >> notice: Contacting xxxxx.com.
    >> notice: Downloading Cisco Secure Desktop ...
    VPN> shift: 16: can't shift that many
    >> error: Unable to launch Cisco Secure Desktop. If you are already on the
    Secure Desktop, use the "Launch Login Page" button on the desktop.
    >> state: Disconnected
    VPN>



    .... has anyone seen this (the shift error in particular)? I've run an strace on the command, and found all the calls to various libraries (which seems to be a common issue), but the system is always able to find every lib. Any help is appreciated. Thanks.

  4. #34
    Join Date
    Apr 2006
    Beans
    39
    Distro
    Ubuntu 10.04 Lucid Lynx

    Post Re: Cisco Anyconnect SSL VPN Client Certificate Error

    Thanks everyone. A combination of all the above comments got this working for me on Fedora 10. You guys rock, thanks.

    I attached a text file that has the instructions that worked for me.
    Attached Files Attached Files

  5. #35
    Join Date
    Oct 2007
    Beans
    60

    Re: Cisco Anyconnect SSL VPN Client Certificate Error

    Casevh and btmspox, thank you!

    These instructions ultimately worked perfectly for Jaunty 9.04 with AnyConnect 2.3.0254

    WTF Cisco? Couldn't they make it a little easier?


    Quote Originally Posted by btmspox View Post
    Made another pass on a separate amd64 / x86_64 intrepid workstation and got it working.

    Do not run the 'vpn' or 'vpnui' binaries as root (or via sudo).

    Code:
    # downloaded the latest Linux Anyconnect client from http://www.cisco.com
    tar -xvzf anyconnect-linux-2.3.0185-k9.tar.gz
    cd ciscovpn/
    sudo ./vpn_install.sh 
    
    # Downloaded latest firefox from http://www.mozilla.com/en-US/firefox/
    sudo tar -xvjf firefox-3.0.5.tar.bz2 -C /usr/local
    
    for lib in libnssutil3.so libplc4.so libplds4.so libnspr4.so libsqlite3.so libnssdbm3.so libfreebl3.so ; do sudo ln -s /usr/local/firefox/$lib /opt/cisco/vpn/lib/$lib ; done
    This was with 2.3.0185 with a public signed certificate. I then went back to the earlier workstation and ran 'vpn connect' not as root and it worked as well. That workstation has 2.2.0140 installed.

  6. #36
    Join Date
    Jul 2009
    Beans
    1

    Re: Cisco Anyconnect SSL VPN Client Certificate Error

    Quote Originally Posted by washakie View Post

    WTF Cisco? Couldn't they make it a little easier?

    lol. Ever wonder why so many sentences begin with, "WTF Cisco??!!"

    But, to be fair, Cisco says that they only support the 32bit version of Ubuntu, probably for this very reason. That's not a defense, it's just a "can't say they didn't warn you" kind of thing. They really do need to get on the ball though, because Ubuntu isn't the only OS stricken with this issue, and eventually they'll all be 64bit. It was a dumb move to make it rely on libraries that may not reliably exist in the necessary form/location.

    Thanks for all those contributing on this thread. Helped us out a bunch.

  7. #37
    Join Date
    Jul 2009
    Beans
    3

    Re: Cisco Anyconnect SSL VPN Client Certificate Error

    hi,

    i tried all the tips above, and put all the liberys in place and still nothing. im using version 2.3.2010 and when i try to connect i get that error:

    Warning: The following Certificate received from the Server could not be verified:

    and that's it.
    any idea?

  8. #38
    Join Date
    Oct 2009
    Beans
    2

    Re: Cisco Anyconnect SSL VPN Client Certificate Error

    Hi everyone,

    I tried every permutation of solutions I found for this problem in these forums and elsewhere and did not have any luck. However, I found a very simple solution. I gave up on using Firefox to make my SSL VPN connection. Instead I use Opera. Worked first time, right out of the box. Opera has a .deb of their current version browser available for download. I still have Firefox and still use it, but for making my SSL VPN connection I launch Opera and I'm in. First time every time. Plus the Opera browser rocks.

  9. #39
    Join Date
    Oct 2009
    Beans
    1

    Re: Cisco Anyconnect SSL VPN Client Certificate Error

    Quote Originally Posted by casevh View Post
    Are your running 32-bit or 64-bit version of Ubuntu?

    If you are running 32-bit, do the following:

    sudo ln -s /usr/lib/libnspr4.so.0d /usr/lib/libnspr4.so
    sudo ln -s /usr/lib/libnss3.so.1d /usr/lib/libnss3.so
    sudo ln -s /usr/lib/libplc4.so.0d /usr/lib/libplc4.so
    sudo ln -s /usr/lib/libsmime3.so.1d /usr/lib/libsmime3.so

    If you are running 64-bit, it's a little more complicated. You will need to install 32-bit Firefox and make a few other changes. The following steps work for me, but I'm not using certificates (yet).

    1) Install "ia32-libs"
    2) Install "lib32nss-mdns"
    3) Install 32-bit Firefox. It MUST be installed into the /usr/local/firefox directory.
    4) Several files from /usr/local/firefox must be copied or linked to either /usr/lib32 or /opt/cisco/vpn/lib.

    libnssutil3.so
    libplc4.so
    libplds4.so
    libnspr4.so
    libsqlite3.so
    libnssdbm3.so
    libfreebl3.so

    If this doesn't help, please give the exact error message.

    casevh
    accept? [y/n]:



    When I tried to make those symbolic links it told me they alrady existed. I did it anyway and I am still getting "Warning: The following Certificate received from the Server could not be verified:" over and over again despite accepting it every tme. Using Cisco AnyConnect 2.3.0254 and 32-bit Jaunty (same thing happens in the Fedora Core 2 box i had lying around).

    Any suggestions?
    Thanks!
    Last edited by ajnachakra; October 20th, 2009 at 03:37 PM.

  10. #40
    Join Date
    Oct 2007
    Beans
    60

    Re: Cisco Anyconnect SSL VPN Client Certificate Error (here we go again!)

    Man!

    I just installed Karmic, clean. I followed the previous instructions we've all mostly gotten to work, but so far .... there's a NEW CATCH!

    Since now Ubuntu ships with firefox 3.5, and I couldn't seem to find an older 32bit version of firefox to download from mozilla, it's important to keep your older /usr/local/firefox folder in tact, so you can install it to your new machine.

    So basically, as before:
    1) follow the instructions I reference in a previous post: #35
    2) copy over your old /usr/local/firefox directory to you new machine

    The second step doesn't seem to hurt the existing firefox installation, but.. let's just say, it doesn't seem such a good idea. "Thanks Cisco".

    Good luck.
    Last edited by washakie; October 24th, 2009 at 12:36 PM. Reason: found a solution.

Page 4 of 6 FirstFirst ... 23456 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •