Cisco AnyConnect, OS X and Firefox

When I started work at brightsolid one of the tasks given (or rather one of the tasks I gave myself) was to get the Cisco AnyConnect client working on OS X.

The symptoms are not very helpful in diagnosing the issue, the error you get will be something like “posture assessment failed”. Fortunately Cisco provide an excellent logging tool known as DART (Diagnostic and Reporting Tool). Looking through the DART bundle it was pretty clear that the firewall was rejecting the connection attempt due to a missing user certificate.

On Windows you just need a certificate (issued by a CA that the firewall trusts) installed to the users Personal certificate store.

On OS X adding the certificate to the keychain made no difference. I’m still not 100% sure why but I suspect Apple changed the way certificates worked between major releases and Cisco never got around to fixing it. I do plan to talk to Cisco about this issue at some point so I will post an answer once I have one.

The workaround, which I discovered by looking through the DART logs, was to add the user certificate to the certificate store in Firefox.

Further testing has revealed that it only works for Firefox 3.X anything newer and AnyConnect fails in the same way.

Currently then OS X users with AnyConnect version 2 or newer will need Firefox 3 installed too.

If anyone out there has any further information about this I’d love to learn more or get a permanent fix that doesn’t rely on old browsers!

EDIT: I’ve found that this may be a policy setting on the firewall, despite having been assured this has been checked you can force OSX clients to not check the Keychain for certificates. There may be a way to override this locally so I’ll be trying that first then will look at the firewall config again.

Home Server Rebuild 2011

This post has been pending for a long while, I finished rebuilding my home server in May. It went pretty smoothly but there were some hiccups along the way, some doubt in the products I had bought and so on.

All turned good in the end though.

The setup is as follows:

The build went pretty smoothly as I’ve already mentioned, the biggest upheaval was the realisation that the exact model of 2TB drive I had bought from Samsung had a firmware problem causing data loss in some specific circumstances, bad times! So I had to flash the 4 brand new drives before the build could start.

From here the build was smooth, motherboard, cpu, memory, and storage controller in to the case everything looked good. Then when mounting the drives I noticed a problem, the storage controller would touch the bottom of the drive chassis just a no more. Worried about shorting something or causing some other damage I insulated the edge of the storage controller with some electrical tape.

Hardware all built it was time to configure, the plan was 2 x 1TB drives in a RAID 1 set using the motherboards built in storage controller, this would be the system drive and host client backups (2 PCs and 1 Mac), and 4 x 2TB drives in a RAID 5 set using the 3Ware storage controller for the main file shares.

Partitions were therefore setup as follows:

  • 60GB system partition
  • 871GB for client backups
  • 5.45TB for file shares

OS install took about an hour, some config changes needed to be made to move the backups to the partition I wanted, and the media shares to the largest partition. Once this was done it was time to start copying data, it took a couple of days to complete and that was it. I ran the WHS connector installer on all clients running into another problem, it wouldn’t install on my MacBook Pro (it still won’t but that’s an aside they’ve not updated it for Lion yet).

And that’s it. I’ve been running it now since completion with problems occurring only once when I think it had overheated which brings me back to what I said at the beginning about doubt in the products I had bought.

Specifically the Fractal Design case. Once ordered I started worrying about airflow and heat, the drives are tightly packed together and there’s only one case fan on the rear so it was a real concern. I am still watching it closely using SpeedFan but so far so good.