AnyConnect popping up

lmorel
Getting noticed

AnyConnect popping up

I am testing AnyConnect and got the authentication part working well (SAML). But now I am wondering about the user experience and the AnyConnect client popping up anytime there is a change in connectivity with my wifi or ethernet connection. For example, I am in the office right now and anytime I stepped away from my desk long enough and I come back, the AnyConnect client is open with the "You may need to use a browser to gain access". Interestingly enough, my laptop is plugged in with power and set to not go to sleep. I suspect power saving changes made by Microsoft in the last few years are more aggressive and some devices go to "sleep". AnyConnect picks up on it and pops up. While this might be a small annoyance (just close it), I know my users are going to complain a lot. 

 

I thought I just needed to disable the Disable Captive Portal Detection option and I already did that. And this is what I have in my profile file:

<DisableCaptivePortalDetection UserControllable="false">true</DisableCaptivePortalDetection>

 

Other options I have currently configured in my profile file that might be relevant (or not):

 

<AutoConnectOnStart UserControllable="false">false</AutoConnectOnStart>

<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>

<AutoReconnect UserControllable="false">false</AutoReconnect>

<SuspendOnConnectedStandby>false</SuspendOnConnectedStandby>

<AutoUpdate UserControllable="false">true</AutoUpdate>

 

<AutomaticVPNPolicy>true
<TrustedDNSDomains>my_domain_here</TrustedDNSDomains>
<TrustedNetworkPolicy>Disconnect</TrustedNetworkPolicy>
<UntrustedNetworkPolicy>DoNothing</UntrustedNetworkPolicy>
<AlwaysOn>false
</AlwaysOn>
</AutomaticVPNPolicy>

 

4 REPLIES 4
lmorel
Getting noticed

OK, so I noticed under the Options of the client, I am seeing that the "Disable Captive Portal Detection" option is unchecked (value is "true" in xml file, not false...) and present ( = but User Controllable is set to false in xml file).

I am not sure I understand why these values are not observed though. That would explain why I am having those pop-ups then....

 

lmorel_0-1646161155923.png

 

 

 

lmorel
Getting noticed

So I double-checked that I didn't use the Profile Update on the MX for the AnyConnect client. It was disabled. So I decided to upload that profile.xml file with the settings I mentioned in the original post. And what do you know. It works now and the settings are properly showing the chosen options. I will monitor how the Disable Captive Portal Detection option behave.

lmorel_1-1646162106421.png

 

 

lmorel_2-1646162236758.png

 

 

I saw that updating my profile xml enabled the users to control the Captive Portal Detection, but as you noted, even though I set it to True and True, the setting did not check the box.  Each user had to go into the Anyconnect settngs and check the box.

 

I discovered that when they set the option to Disable CPD, the setting got applied to the preferences_global.xml file under the <ControllablePreferences> section.  This entry was written:

 

<DisableCaptivePortalDetection>true</DisableCaptivePortalDetection>

 

Preliminary testing looks good. I had a person with this issue happening repeatedly and it appears to have stopped.

Samuel_Young
Comes here often

How did you all go with this issue?
I've a site reporting something similar, issues seem to "float" and not effect all users.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels