WDS – PXE Boot Error TFTP Timeout
KB ID 0000485 Problem Seen when using WDS on Windows Server 2008 (and 2008 R2). When attempting to PXE boot a client machine, it sucessfully gets an IP address. But it times out at the TFTP stage. This is a common occurance if the WDS server is also a DNS server. It happens on machines that have had the MS08-037 security update installed. Basically the ports that WDS needs are being reserved for DNS. Solution 1. On the WDS server...
Cisco Remote (IPSEC) VPN Clients Timeout / Disconnect
KB ID 0000309 Problem By default, your remote VPN clients will timeout their connections after 300 seconds of inactivity, should you wish to increase that you can, on a user by user basis, however sometimes that does not work. To fix the problem you need to disable ISAKMP monitoring at the “Head End”. Solution Enable via Command Line (see below for ASDM instructions) 1. Connect to the the firewall (see here for...
Cisco AnyConnect – Untrusted VPN Server Blocked!
KB ID 0000651 Problem The newest versions of the AnyConnect client now show you the following; If you are seeing this you’re using the (default) self signed certificate, or you connected to an IP address rather than the FQDN. But unlike before, you can now ‘lower’ the security so it does not warn you every time. Solution 1. From the warning screen (shown above) select ‘Change Settings…’. 2. Untick...
AnyConnect Error ‘The secure gateway has rejected the connection attempt, No assigned address’
KB ID 0000876 Problem I upgraded a clients ASA5510 firewall(s) yesterday. Post upgrade he got this error; The secure gateway has rejected the connection attempt. A new connection attempt to the same or another secure gateway is needed, which requires re-authentication. The following message was received from the secure gateway: No assigned address. Solution Thankfully the error is pretty descriptive, the remote client can not get an...
AnyConnect – ‘Service Provider is Restricting Access’
KB ID 0000950 Problem I only tend to use AnyConnect for VPN. So while I was at a clients site the other week, I wanted to jump onto my test servers at home and was greeted by this; “The service provider in your current location is restricting access to the Internet. You need to log on with the service provider before you can establish a VPN session. You can try this by visiting any website with your browser.” Solution I...