If you need to use an AD-integrated PKI, you will need to find a way to enroll or provision the computer certificate for non-domain-joined devices. Cisco An圜onnect Secure Mobility Client Administrator Guide, Release 4.1 Cisco An圜onnect Secure Mobility Client Administrator Guide, Release 4.0. In the case of a wipe-and-load deployment the computer must join the domain in order to enroll the certificate, but it cannot join the domain until it has established a VPN connection, which requires the certificate! If you are using a Public Key Infrastructure (PKI) that is not AD integrated, you may be able to automate the enrollment through a web API before the computer is joined to the domain. In many cases, these certificates are enrolled through Active Directory.
#CISCO ANYCONNECT 4.1 PASSWORD#
However, once the original OS has been wiped, a new computer certificate will needed. 4.1(2011) 4.5(6580) Description (partial) Symptom: An圜onnect client fails to authenticate AAA debug reports following error: Failed: The username or password is blank Conditions: - Double authentication is configured with use-primary-username feature enabled - AC v 4.
The clientless and thinclient modes were introduced in the 4.1 version of code. When the task sequence starts in the original OS, the required certificate is present in the computer certificate store. Release Notes for Cisco An圜onnect SecureMobility Client. product offerings, including the following: Cisco VPN 3000 series.
When computer certificates are required to authenticate the VPN connection, it becomes tricky to support wipe-and-load deployments for remote users.
0 kommentar(er)
