The Cisco AnyConnect client may display one of these error messages when you attempt to connect to the NC State VPN. Follow an error’s link to find out how to resolve the problem.
- “Failed to initialize system subsystem.”
- “The VPN client was unable to setup IP filtering. A VPN connection will not be established.”
- “AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network.”
- “The VPN client agent was unable to create the interprocess communication depot.”
- “Warning: The following Certificate received from the Server could not be verified.”
- “vpn.pkg is damaged and can’t be opened. You should eject the disk image.”
On Windows 8.1 machines, the “Failed to initialize system subsystem” error will pop up as soon as a user tries to connect. This is the result of a Feb/2015 patch that was released by Microsoft that subsequently caused the Cisco AnyConnect VPN client to stop working. Details, as well as the fix/workaround, can be found here.
On Windows machines, the Cisco AnyConnect application will check to ensure that the “Base Filtering Engine (BFE)” service is running on your workstation before logging in. This service coordinates the filtering platform components in Windows, including Windows firewall. There are viruses/trojans in active circulation that disable and remove the BFE service as a first step in the infection process.
You can verify by opening the Control Panel, searching for “Services,” and opening “View Local Services.” Double-check that “Base Filtering Engine” is missing from the list.
If you are unable to make changes to your Windows firewall, it is another indication that the Base Filtering Engine has been removed.
It is recommended that you run a virus scan on your machine immediately to see if this resolves your issue. The BFE service should be restored if your antivirus software was successful. If not, it is recommended that you take your machine to the Walk-in Center or contact your LAN administrator to get your Windows firewall service (Base Filtering Engine) working again. Once your local workstation has been repaired, your Cisco AnyConnect client will work again.
“AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network.”
The solution depends on the OS you are using:
- CentOS and Fedora:
You may receive this message (or something similar) when the client cannot validate the certificate from the VPN device. This can be resolved by installing the root CA and intermediary certificates for InCommon into the following directory:
/opt/.cisco/certificates/ca/The certificates you’ll need:
InCommon Intermediate SHA256 Certificate
InCommon Intermediate CA
InCommon AddTrust Root Certificate
- Ubuntu 12.04:
If you upgrade from Ubuntu 11.x to 12.04 you might receive this error message upon trying to log in. Ubuntu is looking for the certificate authority that signed the certs, which currently exist in a different directory. All you need to do is copy the certs from
If this directory does not exist, you may need to create it:
1sudo cp /etc/ssl/certs/* /opt/.cisco/certificates/ca
- Older 64-bit versions of Ubuntu and other flavors of Linux:
This issue also comes up when certain 32-bit shared libraries are missing in older 64-bit versions of Ubuntu. The release notes list the following Linux requirements:”Firefox 2.0 or later with libnss3.so installed in /usr/local/lib, /usr/local/firefox/lib, or /usr/lib. Firefox must be installed in /usr/lib or /usr/local, or there must be a symbolic link in /usr/lib or /usr/local called firefox that points to the Firefox installation directory.”Make sure the 32-bit versions of the sqlite, nss, and nspr packages are installed:
12sudo yum install sqlite.i686 nss.i686 nspr.i686sudo apt-get install ia32-libs lib32nss-mdns
1# mkdir /usr/local/firefox # cd /usr/local/firefox # ln -s /usr/lib32/libnss3.so # ln -s /usr/lib32/libplc4.so # ln -s /usr/lib32/libnspr4.so # ln -s /usr/lib32/libsmime3.so
This error is caused by Internet Connection Sharing (ICS) being enabled in Windows. Disable it by using the method for your specific version of Windows:
- Disabling ICS (Internet Connection Sharing) in Windows 7
- Disabling ICS (Internet Connection Sharing) in Windows Vista
- Disabling ICS in Windows XP:
- Click Start.
- Click Control Panel.
- Double-click Network Connections.
- Click the local area network (LAN) connection
click the dial-up networking connection that you want to share (the one that connects to the Internet).
- Under Network Tasks, click Change settings of this connection.
- On the Advanced tab, clear the check box labeled Allow other network users to connect through this computer’s Internet connection.
You might receive this error upon trying to log in. Ubuntu is looking for the certificate authority that signed the certs, which currently exist in a different directory. All you need to do is copy the certs from
If this directory does not exist, you may need to create it:
sudo cp /etc/ssl/certs/* /opt/.cisco/certificates/ca
Apple OS X Mountain Lion:
Mac OS X 10.8 introduces a new feature called Gatekeeper that restricts which applications are allowed to run on the system. You can choose to permit applications downloaded from:
- Mac App Store
- Mac App Store and identified developers
The default setting is Mac App Store and identified developers (signed applications). AnyConnect release 3.1 does not have a signed installation package. This means that you must either use control-click open to bypass the Gatekeeper security setting or select the Anywhere setting in System Preferences under Security & Privacy to install and run AnyConnect installation.
To allow the install to proceed:
- Go to System Preferences -> Security & Privacy.
- Click on the General tab to highlight it.
- Click on the lock icon to allow changes.
- Under the heading “Allow applications downloaded from:” click on the Anywhere radio button.
- Double click on the vpn.pkg install package. The installation should proceed normally.
- When it is finished, you can change the Security & Privacy setting back to the previous setting.