Cisco AnyConnect NAM v3.1.05170 and Microsoft Account Troubles

Discussion in 'Windows 8 Forum' started by mcsenerd, Jun 30, 2014.

  1. mcsenerd

    mcsenerd Active Member

    Joined:
    Mar 25, 2014
    Messages:
    247
    Likes Received:
    55
    Trophy Points:
    28
    Location:
    Nation of Texas
    My Device:
    Surface Book
    Sounds crazy I know... But my company generally uses the Cisco AnyConnect NAM Supplicant to provide corporate access to our internal EAP-FAST wireless access. Well, I can certainly get this working well with both my SP1 and my SP2, but I've been unable to associate with our APs using the SP3. One of the things I struggled through with the SP1/2 is that I had great struggles with getting the Windows Store to work. In fact, any time I needed to "verify my account" or any other type of MS Account authentication basically just HUNG. It wouldn't produce an error, wouldn't time out, wouldn't do much of anything but just sit there and do absolutely nothing. I never had any issues on a fresh load and my account always checked out with MS Support, so I always chalked it up to something in my software load. Well, after further testing on the SP3 I can most certainly guarantee that it's some sort of interaction with the Cisco AnyConnect NAM. Even though it wasn't actually "working" with our APs on the SP3, I had it installed and was still trying to get it to function. Well, I wanted to purchase an app from the store and lo and behold, once again I was "hanging" at the account verification/authentication portion of the transaction. I then uninstalled the NAM portion of the AnyConnect tool and everything concerning the MS Account just suddenly worked again.

    Does anyone else here use the Cisco AnyConnect NAM on their box? Is this something that affects all Windows 8/8.1 installs or is it specific to the Surface Pros? I'd love to hear from others experiences...
     
  2. ZZATU

    ZZATU New Member

    Joined:
    Jul 3, 2014
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    3
    We just ran into issues on the Surface Pro 3 and Cisco NAM 3.1.05170.
    We are unable to connect to the network.
    We also tried by disabling NAM and connecting via the Windows Client and received the following error:
    ___________________________________
    "Network Security Alert"
    Windows can't verify the server's identity: "If you expect to find %1 In this location, go ahead and connect. Otherwise, it may be a different network with the same name"
    _____________________________________
    This is typically a cert error and you need the cert installed (which it is).
    We do use a certificate to ensure that we are connecting to a trusted wireless connection, and this certificate root is installed on the machine. The authentication type is PEAP [WPA2][Auth(802.1X)]. Cisco WLC7.6.120.0

    We don't think it's an issue with WLC as the client connects to an open network on the same WLC
    Wondering if this is an issue
    http://www.winbeta.org/news/surface-pro-3-wifi-connectivity-issues-acknowledged-microsoft-fix-way

    On your particular issue, If you disable NAM can you connect, could it be a corporate firewall preventing you from accessing what you are trying to access?
     

    Attached Files:

    Last edited: Jul 3, 2014
  3. mcsenerd

    mcsenerd Active Member

    Joined:
    Mar 25, 2014
    Messages:
    247
    Likes Received:
    55
    Trophy Points:
    28
    Location:
    Nation of Texas
    My Device:
    Surface Book
    I cannot connect to the protected portion of our corporate wireless at all (as I stated it is EAP-FAST w/WPA2 Ent.), either through the built-in Windows Client or through the NAM. However, we too have an unprotected, hidden SSID guest network that the SP3 does connect to without issue. I want to be clear here, that the exact same same software setup worked without issue (save for the very strange Windows Store/Microsoft Account thing) and there was no certificate that was required for connections to proceed on either the SP1 or SP2.

    I don't believe it to be a firewall issue as far as I can tell because the SP3 simply won't authenticate to the access point and therefore never completes a connection at all.

    I guess it's good to know that I'm not the only one seeing this issue :)
     
  4. mcsenerd

    mcsenerd Active Member

    Joined:
    Mar 25, 2014
    Messages:
    247
    Likes Received:
    55
    Trophy Points:
    28
    Location:
    Nation of Texas
    My Device:
    Surface Book
    Well, not that I expected any actual help anyway, but here's the MS Community forum response:

    "Thanks for posting in the Community Forum. I understand that you are unable to connect your Surface Pro 3 to your company's wireless network. I'm here to help you with this.
    As this is an issue with your company's wireless network, we recommend that you contact our Support Team for businesses. You should also contact your IT administrator at your company.
    Thanks again for posting here. If you have any other questions that we could help you with for your Surface Pro 3, please post here again."

    Umm... gee, thanks? What part of: this worked with the SP1 & SP2, but now only works on the non-protected portion with SP3 makes it an issue with my company's wireless network again?
     
  5. ZZATU

    ZZATU New Member

    Joined:
    Jul 3, 2014
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    3
    I have talked to Cisco about this. Cisco is working to find a resolution to this, and they have been able to re-create the issue. At this point it looks like an issue with Cisco NAM and the Surface Pro 3. Previous versions of AnyConnect NAM and Surface Pro's have had issues and Cisco and Microsoft have had to come out with fixes.
    New Bug ID: https://tools.cisco.com/bugsearch/bug/CSCup69555/?reffering_site=dumpcr
    Right now we will need until Cisco or Microsoft comes out with a fix to this issue and the Surface Pro3.

    As a work-around for us we were unable to use wireless until we completely uninstalled Cisco NAM and rebooted. We are now using the Windows Wireless Supplicant and able to connect. (simply disabling the client did not resolve the issue)
     
    mcsenerd likes this.
  6. mcsenerd

    mcsenerd Active Member

    Joined:
    Mar 25, 2014
    Messages:
    247
    Likes Received:
    55
    Trophy Points:
    28
    Location:
    Nation of Texas
    My Device:
    Surface Book
    Thanks ZZATU. One way to use the built-in Windows Wireless control without uninstalling is to simply disable the filter driver in the wireless adapter properties. I guess...I'll have to drag the USB Ethernet adapter around everywhere with me for now :)
     
  7. mcsenerd

    mcsenerd Active Member

    Joined:
    Mar 25, 2014
    Messages:
    247
    Likes Received:
    55
    Trophy Points:
    28
    Location:
    Nation of Texas
    My Device:
    Surface Book
    Well... not encouraging is the fact that they have it marked as fixed and the "fix" is... don't use NAM. Gee... thanks Cisco.
     
  8. mcsenerd

    mcsenerd Active Member

    Joined:
    Mar 25, 2014
    Messages:
    247
    Likes Received:
    55
    Trophy Points:
    28
    Location:
    Nation of Texas
    My Device:
    Surface Book
    Update folks... and I haven't tested this yet as I've been out on the road and not in the office to see if it now works or not, but it appears that the most recent update fixes several things that kept me from using the NAM on the Surface Pro 3. Here is the list of items fixed in the latest Cisco release:

    Caveats Resolved by AnyConnect 3.1.05182
    Identifier
    Component
    Headline
    CSCup97189
    posture-asa
    Hostscan doesn't detect Trend Micro OfficeScan Client 11
    CSCup54966
    nam
    AnyConnect NAM prevents Microsoft Store Credential request
    CSCup69555
    nam
    NAM: NAM does not work on Surface Pro 3, fails to associate

    CSCuq19848
    nam
    NAM: Unable to use Smart card if the card name contains a "+" sign
    CSCuq31511
    vpn
    DTLS vulnerabilities in OpenSSL
    CSCuq12791
    vpn
    Update 3rd party libraries
    CSCuq24666
    vpn
    SCEP enrollment broken

    I've personally suffered through both of the italicized items, so it's very encouraging that they are saying that they are both addressed in the latest update. I'll report back after I upgrade to the new AnyConnect version and give the NAM a go again at the office.
     

Share This Page

Search tags for this page
cisco anyconnect for surface pro 3
,
cisco anyconnect nam
,
cisco anyconnect surface pro 3
,
cisco nam filter driver
,
cisco nam not working windows 10
,
cisco nam smart card anonymous
,
cisco nam wireless connection issues windows 8
,

cscup69555

,
surface pro on cisco wlc
,
windows 8 cisco nam