Cisco Cisco AnyConnect Secure Mobility Client v3.x Release Notes
8
Release Notes for Cisco AnyConnect Secure Mobility Client, Release 3.0
AnyConnect Support for Windows 8
AnyConnect Support for Windows 8
AnyConnect 3.0.10055 and later versions (including the latest version of AnyConnect, version
3.1.01065), function on Windows 8 32-bit and Windows 8 64-bit operating systems, though there are
some limitations.
3.1.01065), function on Windows 8 32-bit and Windows 8 64-bit operating systems, though there are
some limitations.
Requirements
ASDM version 7.0.2 or higher
Limitations to AnyConnect Support for Windows 8
•
AnyConnect is not supported on Windows RT. There are no APIs provided in the operating system
to provide this functionality. Cisco has an open request with Microsoft on this topic. Customers who
want this functionality should contact Microsoft to express their interest.
to provide this functionality. Cisco has an open request with Microsoft on this topic. Customers who
want this functionality should contact Microsoft to express their interest.
•
Other third-party product’s incompatibility with Windows 8 prevent AnyConnect from establishing
a VPN connection over wireless networks. Here are two examples of this problem:
a VPN connection over wireless networks. Here are two examples of this problem:
–
WinPcap service “Remote Packet Capture Protocol v.0 (experimental)” distributed with
Wireshark
Wireshark
To work around this problem, uninstall Wireshark or disable the WinPcap service, reboot your
Windows 8 computer, and attempt the AnyConnect connection again.
Windows 8 computer, and attempt the AnyConnect connection again.
–
Outdated wireless cards or wireless card drivers that do not support Windows 8 prevent
AnyConnect from establishing a VPN connection.
AnyConnect from establishing a VPN connection.
To work around this problem, make sure you have the latest wireless network cards or drivers
that support Windows 8 installed on your Windows 8 computer.
that support Windows 8 installed on your Windows 8 computer.
•
AnyConnect is not integrated with the new UI framework, written in the Metro design language, that
is deployed on Windows 8; however, AnyConnect does run on Windows 8 in desktop mode.
is deployed on Windows 8; however, AnyConnect does run on Windows 8 in desktop mode.
•
AnyConnect 3.1.01065 and AnyConnect 3.0.10055, and later AnyConnect 3.0 releases, provide
“toast notifications.”
“toast notifications.”
•
Verify that the driver on the client system is supported by Windows 8. Drivers that are not supported
by Window 8 may have intermittent connection problems.
by Window 8 may have intermittent connection problems.
•
For Network Access Manager, machine authentication using machine password will not work on
Windows 8 / Server 2012 unless a registry fix described in Microsoft KB 2743127
(
Windows 8 / Server 2012 unless a registry fix described in Microsoft KB 2743127
(
) is applied to the client desktop. This fix includes adding
a DWORD value LsaAllowReturningUnencryptedSecrets to the
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa registry key and setting this
value to 1. This change permits Local Security Authority (LSA) to provide clients like Cisco
Network Access Manager with the Machine password. It is related to the increased default security
settings in Windows 8 / Server 2012. Machine authentication using Machine certificate does not
require this change and will work the same as it worked with pre-Windows 8 operating systems.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa registry key and setting this
value to 1. This change permits Local Security Authority (LSA) to provide clients like Cisco
Network Access Manager with the Machine password. It is related to the increased default security
settings in Windows 8 / Server 2012. Machine authentication using Machine certificate does not
require this change and will work the same as it worked with pre-Windows 8 operating systems.
Note
Machine authentication allows a client desktop to be authenticated to the server before the
user logs in. During this time server can perform scheduled administrative tasks for this
client machine. Machine authentication is also required for the EAP Chaining feature where
a server can authenticate both User and Machine for a particular client. This will result in
identifying company assets and applying appropriate access policy. For example, if this is a
personal asset (PC/laptop/tablet), and a company logon is used, server will fail Machine
authentication, but succeed User authentication and will apply proper access restrictions to
this client desktop.
user logs in. During this time server can perform scheduled administrative tasks for this
client machine. Machine authentication is also required for the EAP Chaining feature where
a server can authenticate both User and Machine for a particular client. This will result in
identifying company assets and applying appropriate access policy. For example, if this is a
personal asset (PC/laptop/tablet), and a company logon is used, server will fail Machine
authentication, but succeed User authentication and will apply proper access restrictions to
this client desktop.