Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2 Source: acvpnagent

Source
Level
Description
message string data: Function: CNetEnvironment::TestAccessToSG
File: .\NetEnvironment.cpp
Line: 1015
Invoked Function: CCertHelper::VerifyServerCertificate
Return Code: -31326190 (0xFE220012)
Description: CERTIFICATE_ERROR_VERIFY_CHAIN_POLICY_FAILED_ASKUSER
server name: 172.168.2.66
Comments
 
This type of message is recorded by the Cisco VPN client. In the event description it will record they error codes that it has encountered at that specific time. There are many potential errors with the same event id (event id 2) so the troubleshooting should concentrate on the error description recorded in the event. For example, in the example above, the error description is: CERTIFICATE_ERROR_VERIFY_CHAIN_POLICY_FAILED_ASKUSER.

Searching for this error code, we found this information in a Cisco support forum:

"The default rekey lifetime is 30 minutes so if you are seeing it happen every 5 minutes, you may want to double check the "svc rekey time" configuration under the respective group policy.  I did run into a similar issue with another customer which wound up being related to DNS. In that case, the CN and subject names of the certificate were configured to use FQDN which was only resolvable via public DNS servers. AnyConnect, however, was configured to send all DNS requests over the SSL tunnel. The resolution requests were being sent to a DNS server that could not resolve so the rekey process hung. Once the active tunnel was torn down, the FQDN in the certification could now be resolved by the DNS server on the physical interface allowing the new connection to establish.  Configuring Split DNS resolved the issue for this particular customer. You may look into your configuration to see if this applies."

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...