Wednesday, February 11, 2015

Cisco AnyConnect "Failed to Initialize Connection Subsystem"

I run Windows 8.1 and run Cisco AnyConnect Secure Mobility Client version 3.1.03103 to access a VPN.  After getting the error I updated to the latest AnyConnect Client version 4.0.00061 and got the same result.

Last night I install all of the updates from patch Tuesday (over 1.1G worth including Office 2013 patches).  Today, after I hit connect, it stopped working out of the blue with the error:

Failed to initialize connection subsystem

I suspect a recent Windows update must be the cuplrit.  Here's the steps you will find all over the web to fix it.  THIS DOESN'T WORK!  To fix just uninstall the KB3023607 published for install yesterday!

1. Close the Cisco AnyConnect Window and the taskbar mini-icon
2. Right click vpnui.exe in the “Cisco AnyConnect Secure Mobility Client” folder. (I have it in “C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\”
3. Click on the “Run compatibility troubleshooter” button
4. Choose “Try recommended settings”.
5. The wizard suggests Windows 8 compatibility.
6. Click “Test Program”.  This will open the program.
7. Close

Cisco has escalated this issue to Microsoft for investigation from what I can find.

This issue was introduced by KB# 3023607: Secure Channel cumulative update changes TLS protocol renegotiation and fallback behavior (https://support.microsoft.com/kb/3023607) and included with Microsoft Security Bulletin MS15-009 – Critical Security Update for Internet Explorer (3034682)

This issue is rumored to affect Windows 7 with IE 11 as well.  I have not experienced this myself as I no longer run Windows 7 on any of my machines.