MacOS: Update AnyConnect to avoid connection errors
Many Mac users have reported connection trouble being alleviated by updating to the latest version of the macOS version of the AnyConnect client.
MacOS: Unable to install Cisco AnyConnect because the program is already installed (but also doesn't appear in the Applications folder)
If you accidentally deleted the Cisco folder from your Applications without running the Uninstaller, you will be stuck with the program still partially installed. To resolve this situation, you must first open the Terminal app. You can open Terminal by searching for it with the magnifying glass icon in the upper-right corner of the screen, or by going to your Applications folder and then opening the Utilities folder. Once Terminal is open, you will see an old-style command prompt. Enter the following command:
sudo pkgutil --forget com.cisco.pkg.anyconnect.vpn
Press "Enter" after typing the above command, and you will be prompted to enter your Mac password. Note that the Terminal does NOT show you key presses as you type your password. There is no visual indication that you are typing as you put in the password. That's normal. Just enter the password followed by the "Enter" key. The command line will advance to a new blank line, indicating that it has completed the task. Close the Terminal and you should now be able to run the Cisco Anyconnect installer package.
Windows: Group Policy is Preventing Login (Switch User)
The complete message is: "Group policy is preventing login in because multiple users are logged into this machine." This occurs on Windows computers when you use the "Switch User" function to login an additional user while keeping the original user logged in (so as not to have to close the first user's programs and documents). Unfortunately, this just doesn't work for the Cisco client. Before attempting to connect to the VPN, you must log all of the other users out. You must be the only user logged into the computer when you establish a VPN connection.
Windows: Interprocess Communication Depot Error (Internet Connection Sharing)
The error message is: "The vpn client agent was unable to create the interprocess communication depot." This error is caused by having Internet Connection Sharing (ICS) enabled. See Turn Off Internet Connection Sharing for instructions on how to disable Internet Connection Sharing, should you encounter this problem.
Windows: VPN Client Driver Error
The initial error message is: "The VPN client driver has encountered an error," followed by another dialog that says "AnyConnect was not able to establish connection to the specified secure gateway. Please try connecting again." We aren't yet sure what causes this problem. However, it appears that it may be resolved, at least in some cases, by uninstalling and re-installing the SSL VPN client. Use the Add/Remove Programs control panel to remove the Cisco AnyConnect client, just as you would any other program (do not just delete the desktop icon). It may be advisable to reboot. Then direct your web browser to http://vpn.lehigh.edu and download a fresh copy of the client.
Windows: Third-Party Firewalls
We have not yet found any situation in which the built-in software firewall that is provided by the operating system interferes with setting up a VPN connection. However, we have encountered some situations where a third-party security product that includes network protection, such as McAfee Internet Security, may prevent a VPN connection from being established. (The error message in such a case may be the generic "Driver Error" message described above.) Theoretically, there should be either configuration settings to permit the connection, or a way to temporarily disable the network function of the security product, but as each product is different (including different versions from the same vendor), we cannot provide details (consult the vendor's website for your particular product). In one case, it was necessary to remove (uninstall) the security product in order to get the VPN to work.
Cisco's Troubleshooting Guide
If you don't find the answer you're looking for here, you might also try the Cisco AnyConnect VPN Client Troubleshooting Guide ... Of course, for many people, this guide is way too technical; that's ok. Contact the Help Desk at 610-758-4357, and tell us what's going on.
Connecting to VPN "Library/International" group using the AnyConnect Mobile app
If you're trying to use a smartphone to connect to library databases, journal articles, or access your Lehigh subscription to The New York Times or The Wall Street Journal, you'll need to have the Cisco AnyConnect client installed. This free app is called "Cisco AnyConnect" on the iOS App Store, and on the Google Play App store it's just called "AnyConnect" from publisher Cisco Systems. After installing the app, start it up, tap on Connections, and tap on Add VPN Connection... Enter "Lehigh" as the description and 'vpn.lehigh.edu' as the server address, then tap on Save in the upper right. If an iOS or Android prompt appears, asking if you'd like to allow VPN Configurations to be added, tap on Allow.
Now that the Lehigh connection is present, on the AnyConnect home screen you can:
- Tap on the activation toggle for the VPN connection
- You'll be presented with the login screen. Instead of logging in immediately, look for the Back option in the upper left and tap on it.
- You'll see the Group menu, tap on it and the Select Group menu will appear with two options: "GeneralAccess" and "Library/International." Tap on Library/International and a check mark will appear next to that option, confirming your choice. Now tap on the Authentication button in the upper left and you'll be taken back to the login window.
- Enter your Lehigh username and password. The system will prompt you for your Duo second factor. Pick whichever method you prefer. After Duo authentication you'll be taken to the AnyConnect home screen with the connection toggle in green, and a small VPN icon at the top left of your screen.
- You can now switch to your web browser or other app requiring VPN access. As long as you see the VPN icon in the status bar at the top of the screen, you know you're connected to the Lehigh VPN. When you want to disconnect, just switch back to the AnyConnect app and tap on the activation toggle again. It will become greyed out and the VPN icon at the top of the screen will disappear. You're done!