- This topic has 0 replies, 1 voice, and was last updated 5 years, 2 months ago by
.
-
Posts
-
Greetings,
We recently began testing a possible solution for our off-site users, by issuing them ThinClients, setup using the VPN solution. Things were going great until they began having issues connecting.
The VPN window kept prompting them to enter their password, yet it would never connect.
In doing some troubleshooting, I installed the OpenConnect client on my Windows laptop and found the culprit. The following response from the connection to our Cisco ASA was causing the issue:
—————————————
2019-02-17 12:01:32 | 5fbc | Authentication failed in batch mode, retrying with batch mode disabled
2019-02-17 12:01:09 | 5fbc | Password change required in 13 day(s), if you wish to change now enter a new password with minimum length 2.
2019-02-17 12:01:09 | 5fbc | Leave both boxes blank to continue using current password
2019-02-17 12:01:09 | 5fbc | Password form: new_password—————————————–
It seems that OpenConnect vomits when it receives this message during the connection handshake. When we checked the box in Active Directory, indicating that the password never expires, the connection once again worked fine.
This is, of course, an issue for us, as it goes against our security policy to allow for the password to never expire. This is indeed an issue with OpenConnect more so than ThinOS, however, I was not able to find anything while searching for issues pertaining to this, with OpenConnect.
Has anyone else had this issue? If so, how is it circumvented?
- You must be logged in to reply to this topic.