Introduction

This document describes in detail the steps required to install the Cisco Anyconnect NAM agent with the profiles conversion via batch file(.bat). The batch file can then be executed locally on the system or remotely to all the machines through the SCCM server in a large scale deployment. Cisco ISE can provision this software but it requires end user's interaction and installation privileges.

If a user try to connect to a wifi network using the windows 10 wifi manager, it works and ignores the fact that anyconnect is installed. And over times, it creates a conflict with anyconnect and anyconnect stops working (service is not availble, etc etc) The only wayt to fiux this is to use the windows 10 network reset tool and forget saved wifi. I opened a ticket to Cisco, and the TAC tried many methods, but still can't install the AnyConnect client. They said it is not an AnyConnect client software issue but related Windows system. Finally, we resolved the issue by upgrade the issue user's computer Windows 10 version from 1903 to 2004. Disabling Antivirus. First things first. Since most of the times, the issue is being caused by antivirus. If you encounter a technical issue on the site, please open a support case. Follow Us; Webinars & Events; Blogs; Discussions. Tips on how to install and configure Cisco AnyConnect on Windows 10 to connect to VPN.

Usage of Batch file script serves several benefits :

• All the wireless Profile conversion.
• VPN Module can be disabled if it is not desired.
• Reduce the manual implementation time and cost by executing the batch file and installing the AnyConnect modules all at once.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

• Windows Operating System. Network Access Manager is not supported on Mac OS X or Linux.
• The system should have minimum storage of 50 MB for the AnyConnect packages.
• The WLAN service (WLAN AutoConfig) must be running in the systems.

Note: Conversion is not done if a Network Access Manager XML configuration file already exists (userConfiguration.xml).

Components Used

The information in this document is based on these software and hardware versions:

• Windows 7
• AnyConnect 4.6.0.3.049

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Background Information

1. The entire Cisco Anyconnect package should be downloaded from the Cisco site and extracted. The required msi files and configuration.xml file should be present in the location from where the batch file is executed.

These files have to be copied in the location C:cisco :

anyconnect-win-4.6.03049-core-vpn-predeploy-k9.msi

anyconnect-win-4.6.03049-nam-predeploy-k9.msi

configuration.xml

2. The Network Access Manager module can be configured to convert some existing Windows 7 or later wireless profiles to the Network Access Manager profile format when the module is installed on the client system for the first time. Infrastructure networks that match these criteria that can be converted:

• Open

• Static WEP

• WPA/WPA2 Personal

• Only non-GPO native Wi-Fi user network profiles are converted.
  

  Note: For WPA2 Enterprise profiles, a profile with the same name must be created through Network Access Manager Profile Editor in the configuration.xml file

3. The system is restarted after the installation and this should be notified to the users already.

Configure

Creation of Batch file

In this document, the assumed location of the Anyconnect msi, configuration.xml files is C:cisco. These commands or the batch file with these commands must be executed from the same location.

• cd C:cisco

Installation of the core VPN module is required for the NAM module to be installed. This command installs the core VPN module and hides the VPN module tile.

• msiexec /package anyconnect-win-4.6.04054-core-vpn-predeploy-k9.msi /norestart /passive PRE_DEPLOY_DISABLE_VPN=1

A timeout is required for the installation of the module to complete. This command induces a timeout of 15 minutes.

• timeout /t 15

This command installs the NAM module with profile conversion enabled.

• msiexec /i anyconnect-win-4.6.04054-nam-predeploy-k9.msi PROFILE_CONVERSION=1 /norestart /passive

A timeout is required for the installation of the module to complete. This command induces a timeout of 15 minutes.

• timeout /t 15

This command copies the configuration.xml profile which is created with the NAM Profile editor, to the required location.

• xcopy configuration.xml C:ProgramDataCiscoCisco AnyConnect Secure Mobility ClientNetwork Access ManagernewConfigFiles

This command indicates that the required installation and conversion is complete and notifies that a reboot is initiated in 2 minutes.

• echo 'Your machine will reboot in 2 minutes. Please save your work'

This command initiates a restart the Windows Operating System in 2 minutes

• shutdown -r -t 120

Note: All these commands or the batch file with these commands must be executed with administrative privileges and in the same order.

Anyconnect User-End Procedure

1. Once the Anyconnect agent is installed on the machine when the machine restarts, the Anyconnect icon pops up and the user is connected to preferred SSID in the list.

2. One can connect to other SSIDs from the drop-down menu provided in the AnyConnect NAM Module UI.

3. In order to view the saved networks, click on the list icon provided in the NAM module UI and then click Manage Networks, as shown in the image.

4. Connections to any network provided by the adapters managed by the AnyConnect NAM module must be made from AnyConnect NAM.

Example: In order to connect to a new wifi connection Mnason-mob-new, select the network, a pop-up screen is thrown for the key. Enter the wifi password in the Key field to connect to the new network.

Additional Information

Native Supplicant tray icon may confuse the users to connect to a network as NAM must be used and not the Native Supplicant. These changes can be made to the Windows registry to hide the network connectivity tray icon:

1. Navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer.
2. Edit the value of the REG_DWORD named HideSCANetwork to 1 (hexadecimal) if present or create one if it is not present.
3. Restart the system.

Note: This change to the registry was tested with Windows 7 and Windows 10.

Verify

Cisco Anyconnect Internet Not Working

Cisco Anyconnect Not Connecting To Wifi Windows 10 Windows 10

Use this section to confirm that your configuration works properly.

After the changes to the registry and the reboot, the network connectivity tray should be hidden.

[German]A brief information for administrators in enterprise environments. When using Cisco Anyconnect VPN under Windows 10 V1803 it can happen that the Windows Defender Security Center is constantly opened in the foreground.

A description of this issue

It is a strange behavior a user reported on MS-Answers. When using Cisco Anyconnect VPN, the Windows Defender Security Center from Windows 10 V1803 opened cyclically a window to report the security status. He wrote:

On several of our Windows 10 1803 Laptops, and when connecting to our VPN using Cisco Anyconnect, Windows Defender Security Centre’s – Security at a Glance constantly opens and becomes the active window.

Every 5 or minutes it takes the foreground and makes it impossible to work while connected, regardless if you close it or shrink it.

All the items have green ticks, do not display any issues when popping up.

Cisco Anyconnect Vpn Not Working

I can’t see anyone else having this issue on the almighty google, so am hoping someone here might be able to help?

Connecting To Wifi Vista

The root cause and a workaround

The user affected from this behavior has found the root cause and a workaround himself. The Cisco Anyconnect VPN solution checks cyclically whether an antivirus solution is installed under Windows. If such AV software is found, the VPN software checks whether the installed AV solution is up-to-date. Only then a VPN connection is allowed.

Cisco Anyconnect For Windows 10

Seems a useful approach, and Windows Defender included in Windows 10 was also entered in the AV list of the user affected. As a workaround, the administrator has now excluded the Windows programs AntiVirus, Personal Firewall and AntiSpyware from the security check. This stopped the Windows Defender notification. In the current case, the user writes, ESET Smart Security is used as antivirus solution, firewall and anti-spyware protection on their systems. Maybe it will help if you use this combination and if you are affected.

Cisco Anyconnect Not Connecting To Wifi Windows 10 Free Download