by Milan Stanojevic
Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He’s a PC enthusiast and he… read more
Updated on March 7, 2023
- A VPN authentication failed error will prevent you from logging in to your VPN client.
- Luckily, there are quite a few easy fixes to that and we explore all of them here.
- Whatever your software problem, we surely got it covered in the Software Troubleshooting page.
- You’ll find anything you want to know about virtual private network tools in our VPN Hub.
Using a VPN is one of the best ways to protect your privacy online, however, many users received a Cisco AnyConnect authentication failed message.
As a result, they are denied access to the VPN tool. However undesirable this situation is, tweaking a few settings should restore everything.
It’s worth mentioning that the same error was reported by the users of the following VPN clients:
- ExpressVPN
- NordVPN
- Asus OpenVPN
- Tunnelbear
The causes are, in most cases, similar and refer to either some antivirus settings, VPN settings, or even a corrupt VPN installation. Whatever the cause, take each solution presented below in turn.
Hopefully, you’ll get back access to your VPN tool before reaching the end of this article. So, let’s dig in.
How do I fix a Cisco AnyConnect login failed?
- Check your antivirus and firewall
- Disable your firewall
- Try switching to a different VPN client
- Check your login credentials
- Check the number of connections
- Make sure that your service is paid for
- Change your username and password
- Reinstall your VPN client
- Perform a Clean boot
1. Check your antivirus and firewall
One of the most common causes when getting a VPN authentication failed message is your antivirus or firewall.
The antivirus sometimes blocks VPN clients, detecting them as false positives.
To fix the problem, it’s advised that you check your antivirus settings and make sure to whitelist your VPN client. Additionally, you can try disabling certain antivirus features or disable your antivirus altogether.
If that doesn’t solve the problem, try uninstalling your antivirus. If you’re on Windows 10, you’ll be protected by Windows Defender even if you remove your third-party antivirus, so there’s no need to worry about your safety.
Once you remove your antivirus, check if the problem is still there. If the issue doesn’t appear anymore, it may be time to consider a different antivirus software.
You can find many good Windows 10 compatible antivirus software that won’t interfere with your VPN. Moreover, many worthwhile tools come with integrated VPNs, so you won’t have to invest in two apps.
2. Disable your firewall
According to users, sometimes VPN authentication failed message can appear if your firewall is blocking the VPN client. To fix this problem, users suggest to temporarily disabling your firewall and checking if that solves your problem.
To disable your third-party firewall, you’ll have to open its settings page and find the disable option.
However, Windows also has its own firewall, and you might need to disable it as well in order to troubleshoot this issue.
- Press Windows Key + S and enter firewall. Select Windows Firewall from the list of results.
- Choose Turn Windows Firewall on or off from the left pane.
- Select Turn off Windows Firewall (not recommended) for both Public network and Private network profiles. Now click the OK button to save changes.
After doing that, your firewall will be completely disabled. Bear in mind that disabling the firewall isn’t advised since it can leave your PC at risk.
However, if disabling the firewall fixes the problem with the VPN, the issue is most likely related to your firewall settings, so you’ll need to adjust them accordingly.
3. Try switching to a different VPN client
If other solutions couldn’t fix the VPN authentication failed error message, perhaps the problem is related to your VPN client. If that’s so, it’s advised to switch to a different VPN client.
Consider a VPN provider with a large number of servers across the whole globe, because these can generally ensure a good connection at all times, regardless of the specific online activity you engage in.
Some PC issues are hard to tackle, especially when it comes to missing or corrupted system files and repositories of your Windows.
Be sure to use a dedicated tool, such as Fortect, which will scan and replace your broken files with their fresh versions from its repository.
Another feature to look for when picking your VPN client is the privacy policy. Get a VPN that has transparent rules and is compliant with the regulations applicable in your area.
The best VPNs for Windows 10 should ensure that there’s no data leakage even if the connection drops, so make sure to look for the kill switch feature as well.
4. Check your login credentials
If your firewall or VPN isn’t the problem, perhaps you should check your login credentials.
It’s possible that you mistyped your username or password, and that might be causing your problem. To fix the issue, be sure to double-check your login information and make sure that it’s completely correct.
Be sure to check for uppercase and lowercase letters since they can be the common problem for login issues.
5. Check the number of connections
Many VPN clients allow you to have a limited number of VPN connections at a time, and if you exceed the number of these connections, you might get the VPN authentication failed message.
To fix the problem, be sure to check all the devices that are using your VPN.
If you have multiple PCs and phones using the same VPN service, try disabling the app on certain some of them and check if that solves your problem.
6. Make sure that your service is paid for
If you’re unable to use your VPN due to the VPN authentication failed error message, it’s possible that the problem is caused by unpaid service.
Sometimes, you might forget paying for the VPN service, and that can lead to this and many other problems. So log in to your VPN account and make sure that your service is paid for.
If everything is in order in terms of payment, you can proceed to the next solution.
7. Change your username and password
If you’re having issues with your VPN credentials, try to change them. Even if you’re certain that these are correct, you can try changing them to refresh the connection.
It’s possible that there’s a glitch with your VPN client, but you might be able to fix it this way.
8. Reinstall your VPN client
According to users, sometimes you can encounter a VPN authentication failed message simply because the VPN installation is corrupted. So the only workaround is to reinstall the client.
This is fairly simple to do, and the best way to do it is to use uninstaller software first. You can also remove it with Windows Settings, but many users reported that the Windows uninstaller utility leaves behind leftover files.
Uninstaller software are specifically configured to find and remove everything related to the app you want to delete. This will ensure that you will be able to seamlessly reinstall your VPN.
Once you remove your VPN client completely, install it again and check if the problem is still there.
9. Perform a Clean boot
- Press Windows Key + R to open the Run dialog. Enter msconfig and click OK or press Enter.
- Navigate to the Services tab and check Hide all Microsoft services Now click the Disable all button to disable all these services.
- Head over to the Startup tab and click Open Task Manager.
- Right-click the first application on the list and choose Disable from the menu. Repeat this step for all startup applications on the list.
- Once you disable all startup applications, go back to the System Configuration Now you just have to click Apply and OK to save changes and restart your PC.
A clean boot should stop any interference of other applications or processes upon the VPN. So once your PC restarts check if the problem is still there.
If the issue doesn’t reappear, it’s possible that one of the startup applications or services was causing it. To find the cause, you need to enable all disabled applications and services one by one until you manage to recreate the issue.
Bear in mind that you’ll need to restart your PC or at least log out and log back in to apply the changes. Once you find the problematic application or a service, disable it or remove it from your PC.
Although the VPN authentication failed error can be quite problematic, we hope that you managed to solve it by using some of our solutions.
We’d like to hear if this article helped. Feel free to drop us a line in the comments below.
Newsletter
Introduction
This document describes an issue where you receive an «HTTP Status 401» error message after a period of inactivity when you use Single Sign-On (SSO).
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- SSO
- Active Directory Federation Service (AD FS)
- CloudCenter
Components Used
This document is not restricted to specific software or hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Problem
When you use SSO, you can receive a «401» error after a period of inactivity, instead of a prompt to log in again as shown in the image.
The only way for you to be able to log in again is to close the entire web browser and reopen it.
Solution
This is caused by a mismatch in the timeout values between CloudCenter and the SSO server.
An enhancement allows the ForceAuthn Parameters support, which can allow a mismatch between the two values and CloudCenter to log out gracefully. This enhancement can be tracked here https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg36752.
The only workaround is to remove the mismatch. There are three locations where the timeout values need to match. The first two are on the CCM itself.
- Navigate to /usr/local/tomcat/webapps/ROOT/WEB-INF/web.xml.
- Modify the <session-timeout>time_In_Minutes</session-timeout> to reflect the timeout desired in minutes.
- Navigate to /usr/local/tomcat/webapps/ROOT/WEB-INF/mgmt.properties.
- Modify the saml.maxAuthenticationAge.seconds=timeout_in_seconds to reflect the timeout desired in seconds.
The third is on the SSO server and the location can vary which depends on what type of SSO server is running. The web SSO lifetime value must match the two values configured on CloudCenter.
Once all three match, when the timeout has occurred, you are dropped back to the log in screen before allowed to view the page.
authentication failed issues
I am currently doing some testing of ISE on a few of our users and I have a situation where two users have an issue every few days where they cannot authenticate with dot1x or mab. The logs for the port continuously repeat below:
AUTHMGR-5-START: Starting ‘dot1x’ for client
DOT1X-5-FAIL: Authentication failed for client
AUTHMGR-5-START: Starting ‘mab’ for client
MAB-5-FAIL: Authentication failed for client
This will keep on looping continuously until the user restarts the Wired Auto Config service. Can anyone much smarter than me help me trouble shoot what could be the issue here? I am thinking it is a hardware issue as I have most of the trial group working with no issues.
Thank you all for your time!
greetings,
today i was doing some experimenting with the production switch (my mistake), problem was that i can login to cisco 3750 via telnet and it asks for password only and it work ok, but ssh access was not working and asking user name password and after entering correct details, it says password failed type message, after doing some googling and added few commands like aaa-methods, and after writing it, now telnet asking for id and d password, i have lost telnet access too :O it gave authentication failed.
i still have gui access, but its not helping. how can i restore access ?
Bryan Decker,
For future reference, the following is not an error message:
User “bdecker” attempted to authenticate using authenticator “SecurID_Native.”
The user belongs to security domain “SystemDomain.”
That message in the Description field is just explains what was happening. You tried to authenticate to the Authentication Manager server using the SecurID Native protocol and you exist in the SystemDomain security domain. The reason why the authentication failed is shown in the Action Result Key and Result Key fields, that is AUTHN_METHOD_FAILED and Authentication method failed.
As Nada Khaled mentioned, that error can display for several reasons. Confirming the token is working through the Self-Service console is a good place to start. If it works, we know the time offset between the token and the server is correct and we can look at other causes. If it fails, you may want to try to Resynchronize a Token and test the ASA again.
If the ASA is new, please check the Cisco Systems Inc. — Technology Integrations implementation guide for the ASA to ensure your configuration is correct. One thing that might cause the authentication method failed error is if the ASA has multiple IP addresses. If you set up your authentication agent information in the Security Console for IP address 1.1.1.1 and the traffic is coming from the ASA on 1.1.1.2, authentication will fail. On the ASA, confirm all of the IP addresses that belong to it. Once you have the list, go back to the agent record in the Security Console (Access > Authentication Agent > Manage Existing) and go through the list of all of the IP addresses. Make the change, save the agent update and test the ASA with the real time authentication activity monitor (Reporting > Real Time > Authentication Activity Monitor) open to see how the authentication request is handled by the server.
Regards,
Erica