Cisco VPN Client - Connection Error Reason 412

July 29, 2010

I just solved this 512 error. Turn your firewalls and virus scanners

off for troubleshooting first! We're using a Microsoft CA server and

certificate authentication for the client. It turns out that the

latest Cisco client 5.0.x may have some kind of flaw when requesting the

client side certificate. Our standard is to utilize a password in the

OU field and to use the rest of the fields = example: CN or O for

company name, organizational name etc. Well, it turns out if you use

lots of punctuation, spaces and special characters in that request, when

the cert is processed and given back to the end user, the cert will

malfunction. Also, since our CA is not publicly accessable, we need to

give the root cert to the end user and have the user right click and add

the root ca to their local microsoft store (default location that it

picks) then have the CISCO client IMPORT the root ca (using the import

button on the Cisco client of course) on the root CA.

Solution: keep your cert requests minimal and simple when you do

request them from the client. Try minimizing the amount of jibberish in

the fields. I made several successful by just entering a simple vendor

name (no spaces) in the CN field and our pw in the OU field. I

submitted it to the cert server, generated the cert, gave it back to the

end user along with a copy of the root CA cert, right clicked on the CA

cert and imported it into the microsoft cert store that it chose

automatically, then went to the cisco client, imported the issued

certificate, then imported the rootca into cisco as well... viola - no

more 412 errors!

I also got this to work also using a UBUNTU linux system and oracle

virtual box running XP pro under a bridged wireless adapter without any

hassle!

-

--

mattula

------------------------------------------------------------------------

Recommended Posts