Hebrew U. Link HUCA -HelpDesk

 

Samba VPN - troubleshooting


 

VPN Client

Or choose by error message received:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Connection attempt has timed out

When trying to connect you get the following error:

Connection attempt has timed out. Please verify Internet connectivity.

Solution:
It is caused by an invalid entry in your hosts file.
Edit the hosts file and remove all lines containing samba.huji.ac.il.

  • Windows: Run cmd as administrator.
    On Windows 8/10: Right click the start button and click Command Prompt (Admin).
    On windows Vista/7: Go to the run box and type in cmd.
    Instead of hitting the Enter key, use Ctrl+Shift + Enter.

    Click Yes in the User Account Control.

  • Type the following commands:
    cd /d %windir%\System32\drivers\etc
    type hosts | findstr /v "samba.huji.ac.il" > hosts.nosamba
    copy hosts.nosamba hosts
  • Linux: Remove all lines containing samba.huji.ac.il from /etc/hosts
  • Mac: Remove all lines containing samba.huji.ac.il from /private/etc/hosts

Anti virus related problems

Note: This type of errors is the most common type.

Some Anti virus programs interfere with encrypted traffic or block programs that they do not recognise from passing traffic to the Internet - this behaviour prevents AnyConnect from reaching the HUJI gateway.

Error messages:

AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.

The VPN connection is not allowed via a local proxy. This can be changed through AnyConnect profile settings.

Here is a list of links to guides for known errors, that samba encounters with certain anti virus software:

 

iCloud

The iCloud service makes major changes to the personal data management on Macs and Apple's devices, and takes control over some system functionalities.

Moreover, the iCloud "Back to to My Mac" feature disables the University's Samba VPN client.

Therefore, we do not currently recommend joining the iCloud service.
We are testing the iCloud service and we will later recommend the configuration for using the service safely.

 

Routing and Remote Access error

Error - When trying to connect you get the following error:

The Windows Routing and Remote Access service is not compatible with the VPN client. The VPN client cannot operate correctly when this service is running.

The Windows Routing and Remote Access service is not compatible with the VPN client. The VPN client cannot operate correctly when this service is running.

Solution - Stop the service Routing and Remote Access (Click Start->Run, type services.msc, locate the Routing and Remote Access, click stop).

 

Failed to initialize connection subsystem.

Error - When trying to connect you get the following error:

Failed to initialize connection subsystem.

This error is caused by by an update to Windows 8.1 (since February 2015) or Internet explorer in offline mode.

Solution 1 (Windows 8.1) - This problem was resolved by newer updates. Use Windows update to install the latest updates.

Solution 2 - take Internet explorer out of offline mode:

  • Load Internet explorer
  • Click File (if the File|Edit|View toolbar is not visible - click on Alt)
  • Clear the check-box
    ☐ Run Internet Explorer in offline mode
  • In case you use Internet explorer 11 this setting is not available.

 

Internet Connection Sharing

Error - When trying to connect you get the following error:

The vpn client agent was unable to create the interprocess communication depot.

This error is caused by Internet Connection Sharing.

Solution 1 (recommended) - Stop Internet Connection Sharing:

  • Click on Start
  • Click on Settings --> Control Panel
  • Click on View Network Status and Tasks
  • Click on Change adapter settings
  • Right click on the shared Internet connection and choose Properties
  • Choose the Sharing Tab
  • Uncheck Allow other network users to connect through this computer's Internet connection Checkbox
  • Click OK

Solution 2 -Temporarily stop Internet Connection Sharing:

  • Right click on My Computer and choose Manage
  • Click on Services and Applications
  • Click on Services
  • Right click on Internet Connection Sharing and choose Stop

 

Fast User Switching

Error - When trying to connect you get the following error:

AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer. A VPN connection will not be established.

AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer.  A VPN connection will not be established.

Solution - Log off all active users.

 

Remote Control

Error - When trying to connect you get the following error:

VPN establishment capability from a remote desktop is disabled.  A VPN connection will not be established.

Solution - The client will not connect when the computer is controlled by a remote control client such as Remote Desktop Connection.

Laptop error (especially Dell)

Error - The automatic update process repeats itself endlessly.

Solution - Uninstall the program Embassy trust suite by wave systems.

 

Firewall

Error - The Samba VPN Client faild to connect.

Solution - Some personal firewalls (such as Kaspersky Internet Security) needs to be manually configured for Samba VPN Client to work.

There are two options for configuration:

  1. Exclude these programs:
    1. c:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    2. c:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpndownloader.exe
    3. c:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

  2. Exclude these ports:
    1. HTTPS
    2. TCP/443
    3. UDP/443

Certificate error

Error -When trying to connect you get the following error:

  • Solution - Make sure that no SSL proxy is set up (proxy guides) or contact your system administrator.
  • Solution - Update root CA certificates
    Updating root CA certs on Windows 10:
    Launch powershell as administrator and run the following commands:

    cd (Get-Item $env:temp).fullname
    certutil -generateSSTfromWU roots.sst
    $sststore = ( Get-ChildItem -Path .\roots.sst )
    $sststore | Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root

 

 

'0x7c9611de' error

Error -When trying to connect you get the following error:

The instruction at '0x7c9611de' referenced memory at '0x7c9611de'.
The memory could not be read.
Click OK to terminate the program.

Solution - Update your Java from http://java.com

 

Mac OS X errors

If you have upgraded your system, reinstall the connection using this guide.

Note for System 10.8 owners- if you have not done this while installing:
Open security and privacy from system preferences.
Choose Anywhere under the option: Allow Applications downloaded from.
Otherwise an error will occur.

Error - The vpn client disconnects immediately after connecting

The vpn connection to the secure gateway was disrupted...

Solution - Try to change the connection type to PPPoE (instead of PPTP).

 

Linux errors

Error - The vpn client disconnects immediately after connecting

The vpn connection to the secure gateway was disrupted...

Solution - Try to change the connection type to PPPoE (instead of PPTP).

 

Error - Security Warning: Untrusted VPN Server Certificate

Security Warning...

  • Solution (Ubuntu) - In a terminal enter the following command:
    sudo ln -s /etc/ssl/certs/*.pem /opt/.cisco/certificates/ca/
  • Solution (RedHat) - In a terminal enter the following command:
    sudo ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /opt/.cisco/certificates/ca/

 

RedHat 7 - Failure to run AnyConnect of RHEL 7, Centos 7 and Fedora.

Solution - The issue is caused by missing libraries or CA certificates.

  • libpangox is not available from the mainstream repositories, you should add the EPEL repository:
    sudo yum install epel-release
  • Install the required libraries:
    sudo yum install atk ca-certificates gtk2 nss pango pangox-compat
  • Create a softlink to allow AnyConnect to locate the CA certificates:
    sudo ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /opt/.cisco/certificates/ca/

Additional troubleshooting guides

These links contain additional tips and guides:



 

Web VPN

 

Error - E-Journal site do not work properly .

Solution - Write to .

 

 

 


Last updated: 20/07/2020