Cisco VPN client loses hostname, group in connection entry
Cisco VPN client loses hostname, group in connection entry
(OP)
I've been getting many corporate laptops into the help desk with damaged VPN client entries. Every one I've seen still has a line for the connection entry (it was not deleted). However, the Host address (or IP), the group name, and the group password (and confirmation) are all gone. The connection entry name, description and transport type all survive. So the user sees the connection entry, clicks on it and gets an "Error 5: no hostname exists for this connection entry."
These are vanilla winXP boxes using various versions of Cisco VPN client (4.6, 4.8 and 5.0).
I know you can modify the connection parameters, but these users did not even try to do that. How did these critical settings get lost? What causes Cisco VPN client to lose SOME of its connection configuration? It must be done automatically in some situations. But what situations?
These are vanilla winXP boxes using various versions of Cisco VPN client (4.6, 4.8 and 5.0).
I know you can modify the connection parameters, but these users did not even try to do that. How did these critical settings get lost? What causes Cisco VPN client to lose SOME of its connection configuration? It must be done automatically in some situations. But what situations?
RE: Cisco VPN client loses hostname, group in connection entry
RE: Cisco VPN client loses hostname, group in connection entry
Burt
RE: Cisco VPN client loses hostname, group in connection entry
So let ME ask: What's the common denominator here? I sure can't see it.
RE: Cisco VPN client loses hostname, group in connection entry
RE: Cisco VPN client loses hostname, group in connection entry
Burt
RE: Cisco VPN client loses hostname, group in connection entry
This has happened on machines which have other cisco VPN entries listed (our gets lost, others are unaffected) as well as ones where we're the only entry. Some of the machines have other VPN clients installed, most do not. There seems to be no pattern.
There must be some EVENT that causes this state, but I haven't seen it mentioned anywhere on the interwebs. Our working hypothesis is that an unsuccessful vpn connect attempt in a certain environment (due to heavy firewalling) brings on a state where the client is instructed to delete or modify the entry. But I cannot find any reference to this state.
RE: Cisco VPN client loses hostname, group in connection entry
A user will call the helpdesk indicating his VPN no longer works. It isn't working because the hostname portion of the cisco vpn configuration file (we just call it the pcf file for short) is gone.
Our fix has been to have users execute either winbatch scripts or .bat files that pull down the pcf file from an ftp site and copy it over the one missing information.
We have had this problem since the cisco vpn client has been deployed.
RE: Cisco VPN client loses hostname, group in connection entry
I also appreciate your input so I don't think that I'm going crazy. Everyone I've described this to has looked at me like I'm nuts. Thank goodness it's not just me.
So the bottom line: the Cisco VPN client has a bug that deletes the host address of the peer in some circumstance(s). The circumstance(s) is not known, but re-entering the address is required.
RE: Cisco VPN client loses hostname, group in connection entry
Burt
RE: Cisco VPN client loses hostname, group in connection entry
I would really like to compare our issues/environments. This has been an issue for my department for quite some time and seeing as how uncommon the problem appears to be I would like to see what our issues have in common.
I couldn't find a way to PM on this site. Can you please send me an email? I'll try and mask it here to protect myself from even more spam then I already get lol.
nathan("dot")quintanilla("at")champ("hyphen")tech("dot")com
RE: Cisco VPN client loses hostname, group in connection entry
The best solution is to keep backup copies of your .pcf files or update the broken pcf file with information from another pcf file.
RE: Cisco VPN client loses hostname, group in connection entry
This might not prevent everyone from getting the error, however it would definitely push down the time to resolution by making the fix "reboot your computer".
I guess you could even have a running process that checked every 5 minutes or so for the same thing, however no matter how you do it, its a potential work around.
RE: Cisco VPN client loses hostname, group in connection entry
Rebooting? I would think that not only the vpn connection entries perhaps get corrupted, but they'd probably notice..."Oh yeah---when this happens, the server reboots right before..."
Burt
RE: Cisco VPN client loses hostname, group in connection entry
On occasion I receive a call stating the same problem as you guys are having..."VPN can't connect due to host information missing".
Sure enough when I login to thier system remotely I notice that the profile still exists but the host name and/or the password info are gone.
On one user I had created a backup profile just in case one got corrupted and low and behold thier system BSOD and on reboot both profiles had thier host info removed. Although this is the only user that had reported a BSOD and was using Vista at the time.
Other than that I don't see any common link between the users that have reported this problem. All of my users are using either the latest version or one version prior of the Cisco VPN software.
I guess I will keep monitoring this thread in case someone finds a solution or cause to the problem.
-- Glad to know my users are not to blame...although it would've been easier to fix if it was them! --
RE: Cisco VPN client loses hostname, group in connection entry
RE: Cisco VPN client loses hostname, group in connection entry
A GPO to set RO on c:\"program files\cisco systems\vpn client\Profiles\*.pcf" will also be rolled out to existing clients. I had approached it from the automated backup and re-roll side, but our clients may have profiles for networks other than ours which wouldn't get handled in that case.
Cisco is aware of the issue and are targetting an upcoming release with a fix from what I understand.
RE: Cisco VPN client loses hostname, group in connection entry
Glad to see someone else having this issue as it was very confusing! I have simply provided the PCF for these people and shown them how to import it...
RE: Cisco VPN client loses hostname, group in connection entry
This seems to work fine at least with us, client doesn't lose the hostname etc. anymore.
Regards,
Antti
RE: Cisco VPN client loses hostname, group in connection entry
RE: Cisco VPN client loses hostname, group in connection entry
I've also met this Error 5 on some clients due to profile corruption.
This bug is supposed to be fixed in VPN Client version 5.03.0560 (Current version as of today is 5.04.0300)
IMO The Read-only attribute on pcf file is good trick, but it prevents the IPSec backup servers list to be updated at each new conenction; which may be very useful.
RE: Cisco VPN client loses hostname, group in connection entry
RE: Cisco VPN client loses hostname, group in connection entry
you stated that This bug is supposed to be fixed in VPN Client version 5.03.0560...
Do you have the release notes that state this. I believe that this is the case beacause I manually upgraded to this version but I can't find the release notes to prove that this will fix the problem so tuys who push out the software won't update the version used in SMS.
RE: Cisco VPN client loses hostname, group in connection entry
2 Cisco ASA 5510 firewalls
All machines are running the 5.0.01.0600 client.
They are all Windows XP imaged, with the client included in the image.
We have 200 machines, and I would say this has happened to about 15 of them, over the past year.
I have not opened a ticket with Cisco yet, thought I would post here first.
RE: Cisco VPN client loses hostname, group in connection entry
Sorry for late answer I did not check this thread since a while.
There is more than one bug about this profile issue.
One of them is CSCSo94244 that is mentioned in 5.0.04.0300 as stated in the Readme file :
Resolved Issues:
5.0.04.0300:
CSCso94244 Profile file (pcf) is getting corrupted.
RE: Cisco VPN client loses hostname, group in connection entry
I've found that several factors may have an effect.
1. Shutdown or logoff while connected
2. Proxy settings attempted during connection
3. Misconfiguration (most commonly split tunneling)
4. Loss of connectivity
WIN geared but applicable to all OS:
Save good profiles to 'C:\Tools\Profiles'. If the user gets an error, have them run your script, which copies the good profile to 'C:\PF\....Profiles'. Eliminates issues while pulling the profile from remote locations.
RE: Cisco VPN client loses hostname, group in connection entry
modify - the connection details were all the same and unreadable.
I had to set the vpngui.exe to be the default program for PCF files the problem was related to Windows PowerShell took over as default somewhere along the line. After resetting the default app to run these files to cisco - problem fixed.
Hope this helps someone else!
RE: Cisco VPN client loses hostname, group in connection entry
What are you connecting to, i.e. ASA, router, etc.?
/
tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!