Unable to connect to Cisco AnyConnect VPN Client on Windows 8? The fix is simple!

I usually like to stay on the bleeding edge of software releases, so naturally as soon as Windows 8 RTM was announced and was made available to developers such as myself on MSDN, I wanted to take full advantage of learning the extra capabilities – I created a development machine to be able test the environment and was getting it ready to move live.

The problem for me was that there were a few business-critical applications that were not playing well with Windows 8. We have a customer that requires us to use Cisco AnyConnect VPN Client – specifically version 2.5.0217.

Upon connecting to a VPN, I would either get a The VPN client driver has encountered an error message or a blue screen forcing a reboot.

To fix this, a simple registry change will save the day. (Note, you should always back up the registry before making changes)

Run Regedit

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vpnva

Change DisplayName to Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64, basically you want to remove the beginning inf% information before the word Cisco.

Close RegEdit (and the VPN client, if it is open) and reopen and attempt connection.

If you aren’t required to use a lower version of the AnyConnect VPN Client, you should be able to use version 3.0 or above without any issue.

Shayne Estes is an Application Services Engineer at eGroup, Inc.

Contact Shayne via email here.

To start, let me say that Hyper-V 2012 is a strong product– a very strong product. Its entrance to the market was loud and impressive, but the noise around it has since quieted down. After spending quite a bit of time using it, and coming from the background of years on the VMware vSphere platform, I’ve been able to make a comparison between the two and wanted to share my thoughts on how it stacks up.

Installation 

For those who aren’t aware, Hyper-V 2012 can be installed as a Server Role on top of Server 2012, and the installation process (once the OS is already loaded) is just about as easy as it gets. You check the box for the Hyper-V role in the add new role wizard, and in a few minutes, it’s installed and live on your server. There is also a standalone, Core-only (command line only) version called Hyper-V 2012 Server, that you can install onto the server hardware directly. The difference here is that the Role added on Server 2012 includes licensing for Server OS virtual machines that will run on top of the host, whereas the Hyper-V 2012 Server installation does not. In addition, Hyper-V Server is command line only, as it runs the “core” installation of Windows Server.

I won’t spend much time on the licensing details other than to say unless you are running a small number of virtual machines, going the Datacenter edition is probably going to be the best bang for the buck, as it covers an unlimited amount of Windows Server OS VMs that run on the licensed host. To state it another way, once you pay for the Datacenter Edition license, install it on a server, and enable the Hyper-V role, all other server VMs that you subsequently run on that physical server, require no additional Server OS license.

It’s important to note that at this point, you have the equivalent of a standalone hypervisor server– a “standlone ESXi host” is a good point of comparison. You do not have the benefits of high availability, live migrations for either the virtual workload or its underlying storage, and no dynamic workload balancing.

Hardware Considerations

Throughout our time installing, upgrading, and managing Hyper-V hosts, we’ve found that Microsoft is very picky about the underlying hardware used, and reference their hardware compatibility list in several documents and interfaces (especially in the Failover Clustering interface, which we’ll get to later). While an HCL exists from the other hypervisor vendors, it’s almost a background consideration in a lot of cases, as compared to Microsoft’s position of putting the HCL “front and center.”

Given this fact, we’d strongly suggest to anyone deploying Hyper-V 2012, and especially those who are upgrading from previous versions, that you very carefully validate that your hardware is certified for Server 2012 before going into production.

Networking

One of the major improvements in Server 2012, which has an upward and positive impact to Hyper-V, is the addition of NIC Teaming through the Server 2012 OS itself, as opposed to only being available through the use of vendor specific teaming utilities.

The result here is a very similar capability to what I’ve been accustomed to having from VMware for some time now. NIC Teaming provides the ability to load balance NICs from different vendors, NICs that are on the motherboard with NICs that are add-ons through a PCIe slot, as well as load balancing of traffic through the NICs (in an “active/active” manner) without any configuration on the upstream switches.

Additionally, you can load balance your NICs in an active/standby configuration, or the commonplace active/active with “switch awareness” (a port channel in the Cisco world– which can be “static”– channel-group mode on in Cisco terms, or using LACP, channel-group mode active in Cisco terms).

Assuming a standard 6 or 8 NIC server design, the only real “difference” in the networking configuration for a Hyper-V server as opposed to an ESXi host is that there is generally a NIC (or two) dedicated for “outside of Hyper-V” server OS communication. This can be done with a team, and is something that should be discussed as part of your design and hardware purchase (to ensure you have the correct amount of NIC ports).

Hyper-V Virtual Switches

This topic took me a little while to understand how it actually applied, especially since I was trying to relate it to what I was used to working with from VMware.

Imagine that you have 2 NICs in an active/active, switch independent team, that you’d like to use for the “normal” virtual machine network/LAN traffic. First, you must create this team using the NIC Teaming interface through the Server Manager in Server 2012 (this is done OUTSIDE of Hyper-V, as it’s an OS feature, and not a Hyper-V specific feature).

Once configured, note the non-editable name that Windows assigns to the logical team interface, as this is what you will be creating your virtual switch to use as its communication link. This is a minor annoyance. Being able to change the name to something more usable, or having Hyper-V use the team name as opposed to the OS assigned name, would be a simple and a more user-friendly implementation. Maybe in a patch or future update.

Staying off of the Hyper-V configuration and speaking specifically to the Server 2012 OS use of the network team interface, you have the ability to specify a VLAN, and can also create additional LOGICAL sub-interfaces off of the NIC team for specific VLANs. If you set no VLAN, the interface will listen for traffic on all VLANs that the upstream, physical switch is passing down to it.

If you specify one on the team interface itself, that’s the only VLAN it will be listening for traffic on.

If you create a sub-interface and assign it a VLAN ID, that interface will only listen for that specific VLAN’s traffic, but the logical TEAM interface will continue to listen on all others.

The recommendation for Hyper-V is to NOT create sub-interfaces on the network team interface, and to NOT assign any VLANs to the team interface, but leave the VLAN tagging to the vNICs for the virtual machines (this is a bit different than ESXi’s vSwitching, which we’ll outline further below).

Now, back to Hyper-V. From Hyper-V Manager , you’ll find the Hyper-V Virtual Switch Manager in the top right corner, and once you open it, you’ll have the ability to add a new network. There are three network types, but the most common and the one you’ll want to create to allow virtual machines to talk to your physical LAN is the “External Network” type.

If you create a network called “Server Network,” you’ll notice that you can ONLY assign it a VLAN if you share it with the management OS. What this means is that if you want to tag it with a VLAN at this level, you won’t be keeping it as a dedicated network for Hyper-V, but rather will be sharing it with the Server 2012 OS you installed Hyper-V onto as well. I suggest you NOT check this option, and that you do not assign it a VLAN.

As part of the creation of the new network, you’ll have the ability to select the network interface you want to use for it as well via a drop down menu. Once you select an interface for a new virtual switch, it cannot be used again for another one. This is important to take note of for your configuration.

So at this point, consider the diagram below, taken as a screenshot from ESXi. You have created a virtual switch, and assigned it physical interfaces on which to connect– the center piece, and the pieces to the right.

What you have NOT done, which is what confused us for a while, is create the “VM Port Groups” on the left hand side (See “ExNet” in the diagram).

In a typical VMware deployment, you would create a VM Port Group for each VLAN you wanted to have available to your virtual machines, and in that port group, you would set a VLAN ID. The upstream communication would be on trunking (or tagging) interfaces, and thus providing you with access to the VLANs you need– and this part is the same in Hyper-V. What’s different, however, is that Hyper-V 2012 does not have the concept of a VM Port Group. Instead, you assign a VLAN ID and “virtual port” on the vNIC of the virtual machines themselves.

So let’s say that Server Network has access to VLANs 10-20, and you want to be on the “DMZ” VLAN, which we’ll say is VLAN 15 in our example. On the VM you are putting in the DMZ, you would go to Edit Settings, find its NIC, and check the box to “Enable VLAN Tagging”, and specific VLAN 15. Then you’d press OK, and the VM would be able to communicate out on the network.

I know this can be a bit confusing, so if you have any questions, please do not hesitate to post in the comments or drop us an email– we’re happy to help clarify!

At the request of some of my teammates here at eGroup, I decided to accept a challenge of running nothing but Linux Mint 14 on my MacBook Air for the entire month of February. The ultimate goal was to test its usability during my daily work regime while not being disruptive. In other words, in order to pass the test, Linux Mint 14 needed to “just work” without impacting my ability to do my job, deliver service for our customers, and continue in the field work, as is usually the case.

After (now almost 40 days), I’m proud to say that I have succeeded, and it wasn’t nearly as hard as I was originally expecting it to be.

To start with, Linux Mint is based off of Ubuntu, which I’ve used on and off for a few years now. It’s kind of the new “hot and trendy” Linux distro for its ease of use, wide device support, and the options it provides for its desktop environment.

The Website is Linux Mint (just don’t judge the distribution by the appearance of the website).

While some strongly dislike the Unity interface on Ubuntu, I have no issues with it. Some complain that it’s too slow, or too “Windowsy,” and maybe it’s because I’m that accustomed to Windows that I don’t notice, but I’ve never had issues with its performance (and that includes running it on a 5 year old Shuttle PC I have at home). The interface itself, while a little more “bold,” has a kind of polished elegance about it.

Moving to Mint and away from Unity, I will say the Cinnamon desktop environment experience on Linux Mint 14 was much more enjoyable – from the smoothness of the “Start menu” to the hot corners which I now find myself addicted to.

To avoid impact on my ability to do my job, I used the Citrix Receiver to hit our internal Citrix XenApp deployment for all Office application needs, including and especially Outlook, as well as some of our other Windows-native applications. And, while it comes with LibreOffice, the free, compatible, and open source Office-like product, I still needed Outlook. This was a no brainer for me, since I use the Citrix Receiver every day on the Mac– as do millions of others. But if you don’t, the Wine software is the way to go. 

I’ve used my own device for work for almost 2 years now (I really live the BYOD dream), and having applications and desktops delivered to my preference of device is very liberating. Without that ability, I couldn’t have run this challenge.

On the client side, offline and accessible locally, I found that almost every one of the “really nice to have” applications were available for debian-based Linux distributions (of which Ubuntu and Mint are), including Skype and Spotify. For anything else, the use of the free “Wine” Windows app emulation layer did the trick.

While onsite with customers, simply connecting to their servers via RDP provided me access to any systems that did not have tools available for Linux clients.

Most of those I told about this little challenge asked me why I would even bother. Well, and the answer is simple: I believe it will become a valuable skill set to have for technologists ranging from the home user, to the veteran sysadmin. I believe, and have shared this belief with my teammates, that Linux, in all of its distributions, will continue to grow in popularity, riding on the back of cloud computing. And with the “bleh” response to Windows 8, and Canonical’s push of Ubuntu into more and more client devices (including smartphones), growth will come on the end user front as well. Do you agree? Am I nuts (yes)?

Do you think you could survive 30 days using Linux exclusively on your personal or work computer? Give it try and let us know!

["First Day...Four Questions" will be an ongoing blog series throughout 2013 as we on-board dozens of new team members. We want you to understand what makes our new colleagues tick. And what drives them to be "serious competitors." We hope you enjoy.]

Why eGroup?

There are a few reasons why I joined eGroup. First, being a smaller company where I could have a large revenue generating impact. Second, because of the competitive nature and culture of everyone working here. It’s great to work for a company that demands a high level of engagement from their employees. I was drawn to eGroup because I can expand our reach to the Charlotte market and help our customers to be the most successful in their industry.

What makes you a serious competitor?

My competitive nature stems from my serial entrepreneurial attitude. I started my first business in high school and have since been eager to compete for anything. I most recently sold my business that captured over 20% market share in under 3 months and had an ROI of over 1200% after 18 months. Needless to say, I love making things happen and seeing projects in motion.

If you weren’t in Tech what would you be doing?

I would be a professional ski bum with a mountain biking problem.

What’s your Headline?

“For smooth sailing you need a strong Hull.”

[eGroup editor comment: Congratulations Will, you locked up the headline competition for the next two years. Well done.]

["First Day...Four Questions" will be an ongoing blog series throughout 2013 as we on-board dozens of new team members. We want you to understand what makes our new colleagues tick. And what drives them to be "serious competitors. We hope you enjoy.]

Why eGroup?

The people of eGroup. I was introduced to eGroup over a year ago by Brad Shannon. It seemed like every time we got together he would brag about how great his fellow associates were. I had to see this for myself! One thing that became apparent in the interview process was the common vision everyone had. Everyone was on the same page and everyone seemed like they would be awesome to work with. I have since found eGroup to be a positive, genuinely supportive environment and I love it!

What makes me a serious competitor?

My commitment to establishing/cultivating profitable long term relationships. Ask any of my prior clients and the response will be unanimous. Tom Matlock takes his business seriously and will get the job done! My clients tend to be extremely loyal. The opportunity I now have to introduce eGroup to the Upstate is huge and makes me a serious competitor.

If you weren’t in Tech what would you be doing?

Networking. I thrive on meeting new people and growing/maintaining relationships.

What’s your headline?

“Yes, that’s right, Matlock, like the TV show… No, I’m not related.”