Guest

Preview Tool

Cisco Bug: CSCvu03917 - AnyConnect connection failure with automatic certificate selection enabled.

Last Modified

Aug 31, 2020

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases

4.8(2042) 4.8(2045) 4.8(3036) 4.8(3043) 4.8(3052)

Description (partial)

Symptom:
AnyConnect connections to a load-balanced ASA pair with certificate authentication and automatic certificate selection enabled will normally connect successfully the first time but fail after that.

AnyConnect DART bundle shows "The HTTP response code from the secure gateway is 401, Other error
HTTP/1.1 401 Unauthorized"

Conditions:
AnyConnect 4.8.01090+ connecting to an ASA load balancing LB pair with automatic certificate authentication and certificate store override set to true. Try to connect, which should succeed, then disconnect and try to reconnect. The second attempt will fail. If you configure AnyConnect for the user to select the certificate manually or if you wait a little bit, reboot the client, or reinstall the client on the user device, the connection will succeed again. 

The ASA must contain the fix for CSCvq73599.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.