Cisco VPN Client on Windows 8

Just upgraded my late 2007 MacBook Pro Boot Camp partition to Win 8 RTM and was in the process of re-installing several apps. The Cisco VPN Client we use to connect to our corporate network was a bit finicky. There are a few workarounds to get it running on Win8.

First, you need to fix the following registry key to resolve error 442 Unable to enable virtual adapter:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA\DisplayName

It will be set to something like “@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows” – drop everything before “Cisco Systems” from that value.

Next, when using certs, you cannot use your certificate from the local user store. Rather, import the certificate to the local computer store and delete it from your user store. This should resolve error 403 Unable to contact the security gateway.

17 thoughts on “Cisco VPN Client on Windows 8

  1. Thank you man!
    You saved my day (and also the past couple of weeks I spent trying to solve this issue).

    Regards,
    Edgar

  2. Hi,

    Just wanted to say you are the man!! I was stumped…..Just got my new laptop and tying to connect and had the 442 error. I did a lot of reading before came across your fix and this worked straight away. Thanks!!

  3. TERRIBLE solution if you need 2 factor authentication. If I have to extract the certificate from my token and install it on local machine I lose the 2 factor auth which is against company policy. Anyone get this working with etoken, or some other form of 2 factor authentication?

    • I have not been able to get past the ‘Reason 403: Unable to contact the security gateway’ error using a smartcard certificate. I’ve manually extracted the certificate as David did and loaded in the Local Machine personal certificate store.

      Anyone else able to get a smartcard certificate configuration working with Win8?

      • Hi, still have the same problem without (unfortunately) any fix.
        403 error connecting over VPN Client, using the eToken Pro, with the following logging :

        13 Sev=Warning/2 CERT/0xyz
        Could not load certificate cn=uxyz (VPN),ou=VPN,o=xyz GmbH,st=Germany,c=DE from store Microsoft User Certificate. Reason: store empty

        Sev=Warning/2 IKE/0xyz
        Unable to open certificate (cn=uxyz (VPN),ou=VPN,o=xyz GmbH,st=Germany,c=DE).
        If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again.

        System : Windows 8 64bit, VPN-Client Cisco V5.0.07.0440, Aladdin/safenet etoken Client 5.1.66.0

        Any helpfull ideas ?

        Thanks a lot in advance !

  4. How did you made Cisco VPN client to use Computer certificates? Because when i insert etoken, my certificate is automatically stored in User certificates store (even when i disable that in etoken properties). And VPN client automatically recognizes that cert from user store. How to tell Cisco VPN to use Computer certs?

    • For me, the Cisco VPN client would not recognize certificates unless they were in the Computer’s personal store. You should be able to export the certificate from your User store (using certmgr.msc) – be sure to export the private key as well, and then import to the Computer store. Delete it from the User’s store once it’s properly imported with the private key.

      • I can export certificate but not the private key from User store. Imported it in Computer store (without private key), deleted the User store cert , then when i try to connect i’m getting the same error: “error 31: the certificate (xxx xxx) associated with this connection entry no longer exists or failed to open.
        When i dissconnect and connect etoken, then cert again is in User store.
        I had the same problem on Win8, now the identicall problem win Win10. Installed VPN client on clean windows following this:
        http://itthatshouldjustwork.blogspot.lt/2015/07/cisco-64-bit-vpn-client-on-windows-10.html?m=1
        acctually i have this problem for 2 years and nothis seemed to move forward

  5. On Windows 8.1

    I tried the procedure, but I’m not seeing a distinction between local user store and local computer store. From mmc, if I right click on personal and import, it imports fine, but I still can’t see the certificate listed.

  6. “Next, when using certs, you cannot use your certificate from the local user store. Rather, import the certificate to the local computer store and delete it from your user store. This should resolve error 403 Unable to contact the security gateway.”

    You Rule!!! This did it for me

Leave a Reply to SeS Cancel reply

Your email address will not be published.