Meraki

Community

Sudden untrusted server blocked error message with AnyConnect clients

Solved
lmorel
Getting noticed
‎Dec 14 2022 9:29 AM
‎Dec 14 2022 9:29 AM

Sudden untrusted server blocked error message with AnyConnect clients

Hello everyone!

 

Two of my users just reported they get the following error message when using AnyConnect and connecting using the default appliance hostname as we have done for over a year now without issues. What could create this? Meraki cloud issue and/or certificate issue on Meraki's side?

 

Running MX 16.16 on MX250.

 

lmorel_0-1671038870296.png

 

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 14 2022 10:55 AM
‎Dec 14 2022 10:55 AM

Some things you could try:

  • Make sure you run the current stable firmware (or newer).  I recall there was a certificate renewal bug in the past.
  • Try turning AnyConnect off and then back on again (on the MX) to try and trigger a certificate renewal.

 

After doing the above, wait 10 minutes.  If the issue is still happening open a support case and get them to trigger a certificate renewal.

View solution in original post

8 Replies 8
alemabrahao
Kind of a big deal
‎Dec 14 2022 9:48 AM
‎Dec 14 2022 9:48 AM

Click on Change settings on Anyconnect to allow untrusted server.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
lmorel
Getting noticed
‎Dec 14 2022 9:52 AM
‎Dec 14 2022 9:52 AM

I apologize, I should have mentioned we did this already. I'm more worried about certificate and/or DNS issues. We use SAML as well for AnyConnect authentication.

0 Kudos
In response to lmorel
alemabrahao
Kind of a big deal
‎Dec 14 2022 10:32 AM
‎Dec 14 2022 10:32 AM

I'm pretty sure if you disable it the message will no longer show up. Try with just the IP address.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
lmorel
Getting noticed
‎Dec 14 2022 1:45 PM
‎Dec 14 2022 1:45 PM

Thank you for the tip! Meraki Certificate for that appliance is expired so it won't work, even if I use the IP. I suspect SAML authentication and possibly other things break at that point.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 14 2022 10:55 AM
‎Dec 14 2022 10:55 AM

Some things you could try:

  • Make sure you run the current stable firmware (or newer).  I recall there was a certificate renewal bug in the past.
  • Try turning AnyConnect off and then back on again (on the MX) to try and trigger a certificate renewal.

 

After doing the above, wait 10 minutes.  If the issue is still happening open a support case and get them to trigger a certificate renewal.

In response to PhilipDAth
lmorel
Getting noticed
‎Dec 14 2022 1:48 PM
‎Dec 14 2022 1:48 PM

Thank you Phil! I created a case by calling them. Was an hour on the phone and agent was trying to figure out if certificate was expired. He also escalated the issue internally. He asked me to upgrade tonight to latest firmware to force the certificate recreation. 

I also used my AnyConnect android app to clearly show me the details on when the certificate expired (last night) and was not automatically renewed. I asked them via email to see if they can generate a new/valid certificate before tonight, I cannot work on that MX until late tonight or users will come out with pitchforks and torches.

0 Kudos
In response to PhilipDAth
lmorel
Getting noticed
‎Dec 17 2022 10:02 AM
‎Dec 17 2022 10:02 AM

Thank you Philip! I turned off AnyConnect then waited 30min or so (busy with something else) then turned it back on. Fixed it. 

 

I rebooted the MX first with 16.16 firmware. Didn't fix it (certificate was still expired). I did not upgrade firmware to latest either. I also asked if support could manually renew certificate and they said no (or didn't want to). 

In response to lmorel
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 17 2022 1:52 PM
‎Dec 17 2022 1:52 PM

Support can trigger a certificate renewal - but it is a rare thing to do, so they probably just hadn't done it before.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.