VPN Client on Microsoft Windows 10 / 11

Summary

You can directly reach the VPN server of the TUHH on the wireless network VPN/WEB and establish a connection to the intranet and internet.

Download the preconfigured Cisco AnyConnect VPN client.

Use your RZ credentials to log in.

Installation of the Cisco Anyconnect VPN Client

Please follow the instructions for the installation (to enlarge, click on the screenshots):
  1. Download the latest Cisco AnyConnect VPN Client from our download page for Windows.
  2. Start the installation with administrative rights. If the Benutzerkontensteuerung a.k.a. User Account Control interferes, please allow the execution with administrative rights.
  3. The client ist embedded in a preconfigured installation packet:
  4. After extraction the installation starts automatically and the software is installed without any further questions.
  5. The Cisco Anyconnect VPN Client is accessible through the start menu; or over the tile UI under the name Cisco AnyConnect Secure Mobility Client. To start up the VPN quicker, you can create a shortcut on the desktop.

Establish a VPN Connection

  1. Start the VPN Client.
  2. Connect to the VPN server "TUHH" through clicking on "Connect". After a successfull connect a window will appear in which you have to enter your username and Kerberos-password. Please ask questions regarding your account (username, password) at the User Service Center (Helpdesk).
  3. If you have successfully been authenticated as a TUHH user, you will receive a welcome message.
  4. A lock in the system tray (left to the clock) shows the state of the encrypted connection to the TUHH:
    If the lock is closed, you are securely connected to the TUHH. If the lock is open, there is no VPN tunnel!

  5. You can display the connection status with a right click on this symbol and a selection of Open AnyConnect:

  6. Depending on whether you are at the TUHH or connecting from somewhere else, the following is applicaple:
    • internal: At our VPN sockets and our notebook workspaces the VPN Client is used for authentication and in the TUHH Wi-Fi (VPN/WEB) also for additional security of the connection.
    • external: All the connections of your computer are now redirected into the TUHH over an encrypted VPN tunnel. Your PC will appear in the internet with an IP of the TUHH.

Disconnect from VPN

  1. To disconnect from the VPN please click on Disconnect in the window of the VPN Client or right click on the symbol in the taskbar and left click on VPN Disconnect.
  2. The connection will be disengaged and the symbol in the taskbar will change accordingly. The locked lock will open now.

Uninstallation of the Cisco AnyConnect VPN Clients

  1. Press the Windows-Key and open the settings via the gear. Alternatively, you can search for settings.
  2. Click Apps.
  3. Under the Apps and Features tab, search for the Cisco AnyConnect Secure Mobility Client and then click Uninstall. Now click again on the newly displayed Uninstall.
  4. Allow the systemchange and run the uninstall program.
  5. Confirm the question of the Cisco AnyConnect Secure Mobility Client and the program will be uninstalled.

No Internet after logging in to the Cisco AnyConnect Client?

If you do not have access to Internet services or to those of TUHH after logging in to the Cisco AnyConnect Client, try the following:

  • If you have Intel or DELL Wi-Fi auxiliary software installed, remove it. Leave the Wi-Fi management to Windows, so use only the required drivers. Check to see if the problem persists.
  • If the problem persists or if you are not using additional software, uninstall the Cisco AnyConnect Client completely. Remove any trace of data storage from the following directories:

    HKLM\Software, HKLM\Software\WOW6432Node, C:\ProgramData, C:\Program Files, C:\Program Files (x86), C:\Users\Public, %APPDATA% und %LOCALAPPDATA%

    Now reinstall the Cisco AnyConnect Client according to the instructions.
  • Should you encounter any further problems, please contact servicedesk@tuhh.de.
  • FAQ

    • [faq1] Who is "Igor Pavlov", whose name appears in the VPN Client installer?
      Igor Pavlov is the author of the program 7-zip, which we use to create a self extracting installer for the VPN Client. 7-zip is an open source packager with a very high compression rate and is mainly published under the GNU LGPL Lizenz.
    • [faq2] The VPN Client cannot be installed after a previous removal and demands that the previous VPN Client has to be uninstalled.
      Only make changes in the registry if you know what you are doing! We do not take responsibility for damage done to your computer.
      This error message is created because of an uncomplete removal. Even after deleting the Cisco VPN Client folder (%ProgramFiles%\Cisco Systems\VPN Client), an installation is not possible, because the registry entries of the VPN Client are still left over. Exactly which entries are left is hard to describe in a FAQ; the following troubleshooting is possible:
      • To find the resgistry entries to which the VPN Client installation is referring, start the ProcessMonitor from SysInternals.com. Afterwards, try the installation again and pay attention to the displayed registry entries (show registry activity). When you see an entry that needs to be deleted, mark the entry and click Ctrl-J to get to the according entry in the registry, where you can delete it.
      • Alternatively you can directly use the registry editor with Start → run → regedit. Search for vpn and/or cisco and delete the entries, if necessary.
      After making changes in the registry restart the Computer for the changes to take effect.
    • [faq3]The Cisco AnyConnect client cannot be installed: The installation is aborted without an error message.
      If the installation is automatically aborted without an error message, but other programs can be installed without any issues, your device might have trouble invoking the Windows Installer msiexec. To check this, you first need to find the file path for the msiexec.exe. Click the Windows key, search for msiexec.exe and click on Open File Location. In normal circumstances, the file path is as follows: C:\Windows\System32. Afterwards, you need to check if the previously identified file path is present under Advanced System Settings → Environment Variables → System Variables → Path → Edit. If it's not present, add the file path via New → "File Path" → Ok. Finally, restart your computer as follows and run the installation program again: Windows key + R → shutdown /f /r /t 0 → Ok.
    • [faq4] omitted
    • [faq5] The Cisco AnyConnect Client prints the following error: "Could not create interprocess communication depot".
      Deactivate the "SharedAccess" service:
      over the graphical UI:
      • Start ⇒ run ⇒ services.msc
      • Stop "Internet Connection Sharing" (a.k.a. "Gemeinsame Nutzung der Internetverbindung") and set the start type to manual.

      Alternatively, you can run the following two commands with administrative rights in the console:
      • sc stop "SharedAccess"
      • sc config "SharedAccess" start= disabled
    • [faq6] The Cisco AnyConnect Client prints the following error: "VPN Service not available".
      Check, whether the Software "RapidBoot Shield" / "RapidBoot HDD Accelerator" is installed. It is incompatible with the AnyConnect Client and needs to be uninstalled or deactivated.
    • [faq7] The establishing of the connection stops with the message "VPN Service not available. The VPN agent service is not responding. Please restart this application after a minute".
      The AnyConnect VPN service under Windows doesn't start automatically. The error "VPN Service not available. The VPN agent service is not responding. Please restart this application after a minute." means that the service could not be started successfully. This may be caused by a boot-speed-up software, which changed the starting order of the Windows services, so that some services may not be started successfully. Programs which caused this error in the past were e.g. Lenovo Rapid Boot (also: RapidBoot HDD Accelerator, RapidBoot Shield). After the deinstallation of the accoring boot-speed-up software, the problem should be fixed. (Windows XP: Control Panel -> Software, Windows Vista/7/8: Control Panel -> Programs).

      Source: https://www.uni-marburg.de/hrz/internet/vpn/windows/problembehebung-windows
    • [faq8] Where does the user account ciscoacvpnuser come from?
      During the installation of the Cisco AnyConnect, a restricted user account (ciscoacvpnuser) is created for the management tunnel feature. This account is used by AnyConnect to enforce the principle of least privilege when initiating a management tunnel connection. This account does get removed during AnyConnect uninstallation. [more]
      Since the TUHH does not use this function at all, the user account ciscoacvpnuser can be safely deleted.
    • [faq9] Where is the pre-configured TUHH VPN profile?
      The settings for the TUHH VPN server are stored in an XML configuration file after the Cisco AnyConnect installation at: %ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\TUHH.xml (just type in the address line of the explorer).
    • go to the general VPN FAQ

    FAQ

    Questions/Support

    Please make sure that your device has the latest patches installed, that you are not using more than one anti-virus program and that no "unblocker" is active.
    (Unblocker are programs which can unlock content, that is blocked in one country, but not another.)

    If you have questions or problems, please have a look at our help pages first. (Klick here for VPN Help)
    With questions, suggestions, reports or further problems please contact our User Service Center (Helpdesk). We respond quickly to e-mails to servicedesk@tuhh.de.

    During the semester, the WLAN consultation will take place in E2.048 with Finn Müller and Phillip Vogel. You can find the dates here, as well as in the corridors in the E building.

    • Tuesday, 29.10.2024: 09:00am - 12:00pm
    • Wednesday, 30.10.2024: 10:00am - 1:00pm
    • Wednesday, 06.11.2024: 10:00am - 1:00pm
    • Thursday, 07.11.2024: 10:00am - 1:00pm
    Further dates will be announced soon.
    Between 28.10.2024 and 08.11.2024 the WLAN consultation will take place in the library.