VPN Troubleshooting FAQ

VPN Connection errors? Update CIsco AnyConnect 

This is often fixed by updating your client. Go to https://vpn.lehigh.edu and update your Cisco Anyconnect client with the most current version of the software for your device. 

Not Enrolled in Duo?

Enrollment in and authentication through Duo Two-Factor Authentication is required for access to the VPN.  If you attempt to log in with an account that's not enrolled in Duo, you'll see an error that looks like this:

 

MacOS: Unable to install Cisco AnyConnect because the program is already installed (but also doesn't appear in the Applications folder)

If you accidentally deleted the Cisco folder from your Applications without running the Uninstaller, you will be stuck with the program still partially installed. To resolve this situation, you must first open the Terminal app. You can open Terminal by searching for it with the magnifying glass icon in the upper-right corner of the screen, or by going to your Applications folder and then opening the Utilities folder. Once Terminal is open, you will see an old-style command prompt. Enter the following command:

sudo pkgutil --forget com.cisco.pkg.anyconnect.vpn

Press "Enter" after typing the above command, and you will be prompted to enter your Mac password. Note that the Terminal does NOT show you key presses as you type your password. There is no visual indication that you are typing as you put in the password. That's normal. Just enter the password followed by the "Enter" key. The command line will advance to a new blank line, indicating that it has completed the task. Close the Terminal and you should now be able to run the Cisco Anyconnect installer package.

Windows: Group Policy is Preventing Login (Switch User)

The complete message is: "Group policy is preventing login in because multiple users are logged into this machine." This occurs on Windows computers when you use the "Switch User" function to login an additional user while keeping the original user logged in (so as not to have to close the first user's programs and documents). Unfortunately, this just doesn't work for the Cisco client.  Before attempting to connect to the VPN, you must log all of the other users out. You must be the only user logged into the computer when you establish a VPN connection.

Windows: Interprocess Communication Depot Error (Internet Connection Sharing)

The error message is: "The vpn client agent was unable to create the interprocess communication depot." This error is caused by having Internet Connection Sharing (ICS) enabled. See Turn Off Internet Connection Sharing for instructions on how to disable Internet Connection Sharing, should you encounter this problem.

Windows: VPN Client Driver Error

The initial error message is: "The VPN client driver has encountered an error," followed by another dialog that says "AnyConnect was not able to establish connection to the specified secure gateway. Please try connecting again." We aren't yet sure what causes this problem. However, it appears that it may be resolved, at least in some cases, by uninstalling and re-installing the SSL VPN client. Use the Add/Remove Programs control panel to remove the Cisco AnyConnect client, just as you would any other program (do not just delete the desktop icon). It may be advisable to reboot. Then direct your web browser to http://vpn.lehigh.edu and download a fresh copy of the client.

Windows: Third-Party Firewalls

While LTS hasn't found a situation in which the built-in Windows firewall interferes with VPN connections, we have encountered situations where  third-party security products, such as McAfee Internet Security, may prevent a VPN connection from being established. The error message displayed in such a case may be the generic "Driver Error" message described above.

Ideally, those products should include configuration settings or controls to permit the connection, or temporarily disable the network protection function (usually, but not always categorized as a "firewall"), but as each product is different (including different versions from the same vendor), we cannot provide stepwise details for doing this.  Consult the vendor's website for your particular product.  In some cases, it may be necessary to remove the security product in question in order to get the VPN to work.

Some versions of McAfee may also cause a "Authentication failed due to problem navigating to the single sign-on URL." message to appear while connecting to the Lehigh VPN.  Specific steps to fix this vary among products, but in general, look for controls that allow you to disable the product's firewall or network security feature. The McAfee website has steps to disable its firewall for some of its products that may be helpful.

Using library/international option with the VPN – being redirected to Google Hong Kong?

There are two workarounds for this issue...

  1. Instead of going to google.com, go to google.com/ncr 
  2. Go to google.com/preferences and explicitly state your region as United States (option at the bottom)

Cisco's Troubleshooting Guide

If you don't find the answer you're looking for here, you might also try the Cisco AnyConnect VPN Client Troubleshooting Guide ... Of course, for many people, this guide is way too technical; that's ok. Contact the Help Desk at 610-758-4357, and tell us what's going on.

Connecting to VPN "Library/International" group using the AnyConnect Mobile app

 If you're trying to use a smartphone to connect to library databases, journal articles, or access your Lehigh subscription to The New York Times or The Wall Street Journal, you'll need to have the Cisco AnyConnect client installed. This free app is called "Cisco AnyConnect" on the iOS App Store, and on the Google Play App store it's just called "AnyConnect" from publisher Cisco Systems. After installing the app, start it up, tap on Connections, and tap on Add VPN Connection... Enter "Lehigh" as the description and 'vpn.lehigh.edu' as the server address, then tap on Save in the upper right. If an iOS or Android prompt appears, asking if you'd like to allow VPN Configurations to be added, tap on Allow.

Now that the Lehigh connection is present, on the AnyConnect home screen you can:

  1. Tap on the activation toggle for the VPN connection



  2. You'll be presented with the login screen. Instead of logging in immediately, look for the Back option in the upper left and tap on it.



  3. You'll see the Group menu, tap on it and the Select Group menu will appear with two options: "GeneralAccess" and "Library/International." Tap on Library/International and a check mark will appear next to that option, confirming your choice. Now tap on the Authentication button in the upper left and you'll be taken back to the login window.


  4. Enter your Lehigh username and password. The system will prompt you for your Duo second factor. Pick whichever method you prefer. After Duo authentication you'll be taken to the AnyConnect home screen with the connection toggle in green, and a small VPN icon at the top left of your screen.

  5. You can now switch to your web browser or other app requiring VPN access. As long as you see the VPN icon in the status bar at the top of the screen, you know you're connected to the Lehigh VPN. When you want to disconnect, just switch back to the AnyConnect app and tap on the activation toggle again. It will become greyed out and the VPN icon at the top of the screen will disappear. You're done!

Windows: Authentication failed due to problem navigating to the single sign-on URL (Mcafee)

 1. Open Mcafee Antivirus on your PC, you will be presented with the Mcafee Livesafe Window, Select the Three Lines on the Upper Left Side of the page

2. Select My Protection in the Left Pane

3. Click on Firewall

4. Select"Turn Off" Firewall

5.Select the Drop down Arrow and Choose "Never"

6. If message comes up about Mcafee Firewall being off, Select the checkbox "Dont Show Again", do not click the "Turn On" Button , or else Mcaffee's firewall will be turned back on



For immediate help, contact the LTS Help Desk (Hours)
EWFM Library | Call: 610-758-4357 (8-HELP) | Text: 610-616-5910 | Chat | helpdesk@lehigh.edu
Submit a help request (login required)