2factor VPN - Correcting problem where AnyConnect continues to use old PKI certificate

Some users of 2factor VPN may encounter trouble when attempting to connect using their new UW Digital ID certificate if the old PKI certificate is also still installed. This is caused by AnyConnect attempting to use the old certificate even when the new one should be used. This document explains what options are available to correct this problem.

AnyConnect stores the default certificate to use when connecting in a preferences.xml file. If that certificate ceases to be valid (as is the case now that we're switching to the new UW Digital ID certificates) then that default certificate setting can cause problems. Fortunately, the preferences.xml file can be deleted:

  1. Quit AnyConnect completely

  2. Locate the preferences.xml file:

    • In Windows XP, go to C:\Documents and Settings\{Your local Windows logon name}\Application Data\Cisco\Cisco AnyConnect VPN Client

    • In Vista and Windows 7, go to C:\Users\{Your local Windows logon name}\AppData\Local\Cisco\Cisco AnyConnect VPN Client

    If you are unable to view these files/folders, you may need to show hidden files and folders. See Windows XP - Show Hidden Files and Windows Vista, 7, & 10 - Show hidden files for further help.

  3. Right-click on the preferences.xml file and choose to Delete it

  4. Connect to 2factor VPN again and you should now either successfully connect or be able to select your UW Digital ID and connect successfully




Keywords:2factor tunnel security ocis pki uw digital id anyconnect any connect wiscvpn vpn cisco client entrust geotrust old certificate   Doc ID:16994
Owner:Leah S.Group:DoIT Help Desk
Created:2011-02-20 19:00 CDTUpdated:2019-09-11 12:58 CDT
Sites:DoIT Help Desk
Feedback:  0   0