Cisco Anyconnect Secure Mobility Client Service Unavailable

0 views

Skip to first unread message

Claribel Szwaja

unread,

Aug 3, 2024, 12:06:42 PM8/3/24

to banmolidudh

From 14 May 2024, your SSO (single sign-on) login details will be requested through your default web browser when connecting to the VPN. If you have recently logged into another SSO protected service in your browser, the login step may be skipped.

After connecting to the VPN you use your computer as normal, but your internet connection will be identified as coming from the University and your internet traffic will route across University servers.

For issues due to the default web browser being used to provide the username, password and MFA details, the VPN application's internal web browser can be used instead by providing the server name as vpn.ox.ac.uk/cisco-browser when logging in.

The socket filter runs all the time, but does not do anything when the VPN is not connected. If required, it can be removed if you delete the application "Cisco AnyConnect Socket Filter.app" then reboot.

If you are concerned about the security of your network, you should instead connect to vpn.ox.ac.uk/tunnel-all to make all network traffic to go through the VPN tunnel. You will still be able to connect to printers and other devices on your local network.

On macOS 13 (Ventura) and above, after installing or upgrading the Cisco Secure client, connecting to VPN displays "Connect capability is unavailable because the VPN service is unavailable." You may also see a warning message in the Connect box saying: "No connection to VPN service. Reattach failed" where normally it would show "Ready to connect". This applies to new installations, manual updates, and forced updates to the Cisco Secure Client - AnyConnect VPN Service.

If you are an Administrator of the Mac, Go into > System Settings > General > Login Items, and make sure the switch against Cisco Secure Client - AnyConnect VPN Service shows as enabled. You can toggle this off and on (for luck) if it is already enabled.

Starting with macOS 13 (Ventura), Apple made changes, including allowing users who have administrative access to their macOS devices, to have more visibility of, and control over, tasks running in the background. Previously, it wasn't possible to view and manage background tasks from the GUI. From Ventura, you can view and change them in System Settings\General\Login Items in the Allow in Background section.

When recent versions of the Cisco Secure Client are installed on devices running macOS 13 (Ventura) and above (including upgrade scenarios), you may be prompted to allow the VPN Service to run in the background. The prompt includes a link to the System Settings and an image to show the setting change you need to make. If you either ignore the prompt or cannot make the change (e.g. because you don't have permission), you won't be able to connect to the VPN.

If you do not allow the socket filter kernel extension, it may continue to show warnings, but the VPN should still work. However, if you don't allow the VPN Service to run in the background, the VPN will not be able to connect.