SecureAuth version affected: All
Description: When attempting to connect to a SecureAuth server through Cisco's SSL Clientless VPN service, the following error is encountered: Connection failed Server (IP address) unavailable.
Cause: There could be a few reasons for this error. One of them could be that Cisco cannot read the SHA-2 512 ECDSA appliance certificate, that's bound to the SecureAuth server's IIS Bindings, by deafult. This is confirmed if a VPN connection can be successfully established through Cisco's AnyConnect client, but not though Cisco's SSL Clientless VPN Service.
Resolution: Bind a different certificate to Default Web Site in IIS. A SHA-1 appliance certificate or purchased wild-card certificate should do the job.
Open Internet Information Services Manager (IIS)
- From the left-hand panel, in the manager window, expand the directory under your machine’s name.
- Expand Sites and click Default Web Site.
- From the right-hand panel, click Bindings...
- From the Site Bindings window, select https 443, and click Edit...
- From the SSL certificate drop down menu select an appropriate alternative to the SHA-2 512 ECDSA appliance certificate. The View... button can be used for verification purposes.
- Click OK and test.
**Note: If your desired certificate does not appear in the SSL certificate drop-down menu, it may not have been properly imported into the certificate console. Be sure that the certificate is in the Personal folder of the Local Machine and that the certificate has a private key.