Skip Links

Network World

Avner Izhar

Anyconnect VPN client Start Before Login (SBL) tips

Lessons learned tips for enabling Start Before Login for anyconnect vpn client

By Avner Izhar on Mon, 05/16/11 - 2:43am.

This is going to be an add-on post to a documented procedure, which can be found at:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809f0d75.shtml
When I needed to configure the same functionality that is described in this tech note, I ran into a few issues and thought it may help others if I share my knowledge around that.
Start before login (SBL) is an important feature for things like computer policy or login script, drive mapping, as discussed in my previous post:
http://www.networkworld.com/community/blog/which-cisco-vpn-client-should-i-go

Here are the tips to get this going after reading the Cisco guide:

* The file you need to install is going to be named anyconnect-gina-win-2.5.2019-pre-deploy-k9.msi , versions can vary and should match the anyconnect version but this is the file you should use when installing directly on the machine (not from the ASA - web deploy).

* Use the correct profile xml file, the anyconnect client install will place a sample profile at C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\Profile which will be called AnyConnectProfile.tmpl , use this file and avoid the "Error in validating the XML file against the latest schema" issues.

* Use a text editor that does not mess with the CR LF and the XML tags, I used EditPad but other can be as good.

* If you are using a machine-based certificate for the authentication, and the user has no admin rights to the machine, make sure the <CertificateStoreOverride> is set to true in the profile XML file.

* The SBL icon may not be easy to find in the windows 7 login screen, on my system I need to hit CTRL+ALT+DEL and then ESC for it to appear. The place it is showing up is on the lower right side of the screen, next to the red shutdown icon.



That's all folks, read through the Cisco doc, follow my tips and you will have SBL.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
About Cisco Knowledge Share with Avner Izhar

Avner Izhar is an experienced IT professional; he has 14 years of experience in the networking area, on multiple continents, and has filled positions in post sales, pre sales and training. He currently holds CCIE in Voice (#15999), CCSI (#31623), CCVP and others. He is also the author of two CCIE voice training related books: CCIE Voice Technology Workbook and CCIE Voice written study guide, both published under NLI. When he is not blogging for Network World, he work as a Consulting System Engineer for World Wide Technology.

Through this blog, Avner will share his personal experience and assist junior and senior engineers in their IT tasks.

 

Most Discussed Posts

Blog Roll
Aamir Lakhani's Cloud Centrics Tech Blog
http://www.cloudcentrics.com
Bob Olwig's Perspectives on Technology & Business
http://bobolwig.wordpress.com