Anyconnect VPN client Start Before Login (SBL) tips

Lessons learned tips for enabling Start Before Login for anyconnect vpn client

This is going to be an add-on post to a documented procedure, which can be found at: are the tips to get this going after reading the Cisco guide:* Use the correct profile xml file, the anyconnect client install will place a sample profile at C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\Profile which will be called AnyConnectProfile.tmpl , use this file and avoid the "Error in validating the XML file against the latest schema" issues.* Use a text editor that does not mess with the CR LF and the XML tags, I used EditPad but other can be as good.* If you are using a machine-based certificate for the authentication, and the user has no admin rights to the machine, make sure the <CertificateStoreOverride> is set to true in the profile XML file.* The SBL icon may not be easy to find in the windows 7 login screen, on my system I need to hit CTRL+ALT+DEL and then ESC for it to appear. The place it is showing up is on the lower right side of the screen, next to the red shutdown icon. That's all folks, read through the Cisco doc, follow my tips and you will have SBL.

When I needed to configure the same functionality that is described in this tech note, I ran into a few issues and thought it may help others if I share my knowledge around that.

Start before login (SBL) is an important feature for things like computer policy or login script, drive mapping, as discussed in my previous post:

* The file you need to install is going to be named anyconnect-gina-win-2.5.2019-pre-deploy-k9.msi , versions can vary and should match the anyconnect version but this is the file you should use when installing directly on the machine (not from the ASA - web deploy).

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.