Troubleshoot Secure Access Error "Login Denied. Your Environment Does Not Meet the Access Criteria Defined by Your Administrator"

Available Languages

Download Options

  • PDF     (178.6 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (267.1 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (221.4 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:November 3, 2023
Document ID:221176

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes a way to resolve the error "Login denied. Your environment does not meet the access criteria defined by your administrator".

    Problem

    When a user tries to connect with RA-VPN (Remote Access VPN) to the Secure Access headend, the error is printed in the Cisco Secure Client notification popup:

    Login denied. Your environment does not meet the access criteria defined by your administrator

    Cisco Secure Client errorCisco Secure Client error

    The reason behind this error is that the end client PC does not meet the VPN posture conditions defined in the Secure Access dashboard.
    If connecting to the Secure Access headend was possible from the same PC in the past, there is a possibility that some posture conditions changed over time.
    For example, antivirus was disabled, or a given process is not running on the system anymore.

    Solution

    To fix this connection error, please make sure that the PC meets the Connect Time Posture Profile that is defined under the VPN Profile in the Secure Access Dashboard.

    1. Locate the VPN Posture Profile name in the VPN Profile configuration:


    VPN profile configurationVPN profile configuration


    2. Verify the configuration of the VPN Posture Profile:


    Posture profile configurationPosture profile configuration


    3. Ensure that the PC you are trying to connect from is compliant with all conditions. Failing to meet either of the configured conditions would result in connection failure. 
    In this example, the VPN Posture Profile enforces MAC OS, when the connection is attempted from a Windows PC.

    To generate a full posture report from the client side, you can collect the DART bundle and look for the file called WaDiagnose.txt.

    For further help with the investigation of this error, please open a TAC case and attach the collected DART bundle.

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    03-Nov-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Wojciech Brzyszcz
      TAC

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products