ZCC vs. Cisco AnyConnect: Hostscan CSD prelogin verification failed

Hi,

we are currently running a poc for the Client Connector on Windows (Tunnel 1.0-mode; packet filter based driver).
When ZCC is running and AnyConnect tries to reconnect, e.g., after 16hrs timeout.
AnyConnect does not reconnect due to:
Posture Assessment Failed: Hostscan CSD prelogin verification failed.

I am currenly waiting on feedback from the AnyConnect Colleagues but if someone could give me a hint, what check may fail due to ZCC, I am quite thankful. :slight_smile:

Thank you & best regards
Andreas

I’ve not seen that message before, but have seen where AnyConnect does not like when there is a proxy listener on port 9000. Do we still use the loopback port when we are in ZT 1.0 tunnel mode?

Hi,

yes, i think that the loopback listener is active, even if tunnel 1.0 is used. Do you think it does not like the proxy listener in general or just not on port 9000? Port can be changed.

Best regards
Andreas

I don’t think that it’s port 9000 is the reason. What I have seen in the past is that it disables the loopback port, not that it fails posture because of it (see link). However, given that the AnyConnect designers seen to consider a loopback listener a cause for concern, perhaps that is what is triggering a posture fail.

Thank you, I hope I get some info from the cisco team and what checks they apply.
Best regards
Andreas