Meraki

Community

Cisco Anyconnect is not connecting to active directory on my MX75

rsterchele
New here
yesterday
yesterday

Cisco Anyconnect is not connecting to active directory on my MX75

Hello, About a week ago my Cisco Anyconnect stopped authenticating users on the AD.  Nothing changed on the MX75 that I'm aware of.  Was there a change to the MX?  Did I miss a firmware upgrade or something?

Labels:
0 Kudos
5 Replies 5
michalc
Meraki Employee
Meraki Employee
yesterday
yesterday

Hi There,

 

It’s unlikely the MX would switch things up out of nowhere—those devices tend to stick to their routines! Did you happen to schedule a firmware upgrade sometime in the past week? Or maybe there were some other tweaks made to the network recently? Oh, and one quick check—can the firewall still chat with the AD?

I’d suggest kicking things off with an authentication attempt and running a PCAP toward the AD to see what’s up. Are we spotting that LDAP exchange? Does everything look happy and healthy? Let us know how it goes—we’re here to help!

0 Kudos
In response to michalc
rsterchele
New here
yesterday
yesterday

 
Okay.  Thank you.  When I try to refresh the LDAP Groups I get a TLS error.  I'm not using certificates in my setup. 
 
I get this error.  
 
ldap_Start_tls    Server is unavailable.   
 
Thank you
0 Kudos
In response to rsterchele
Mloraditch
Head in the Cloud
yesterday
yesterday

I would double check your domain controllers and their GPOs to see if someone may have enabled LDAP signing. It's also possible it may have been active and the certificate it uses has rotated or expired.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Mloraditch
Head in the Cloud
yesterday
yesterday

You can go to Organization Firmware Upgrades to see the most recent changes and when they  happened.

You may want to reboot your MX. While there are a variety of possibilities for what's going on, there could have been a Microsoft side change/patch. I've not heard of a recent update causing LDAP or NPS issues, but that doesn't mean it hasn't happened.

Have you attempted to do a packet capture or view the event logs on your relevant server to see if the requests from the MX are getting there and what might be happening?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

My guess - the certificate expired on your AD controller.  Are there any certificates on your AD controller that have expired around that time?

 

Pro-tip.  If you have Office 365/Azure AD/Entra ID - authenticate against that.

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SA...

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.