5 Steps to make Cisco VPN Client work in Windows 8

Updated Oct 2017 (with amazingly high success rate!)

This is the earlier Windows 8 guide. If you are looking for the more updated Windows 10 guide for Cisco VPN client, visit this guide here instead.

When the world moved to Windows 8, those would could not and would not move their legacy Cisco VPN software would have hit some problems while using VPN on their newer Windows 8 machines. This is because the legacy Cisco VPN-client is not supported under Windows 8 and as the client is EOL anounced, it probably will never be supported anymore. Yet, for some reasons, there are still users (like myself) who are not able to use the newer Cisco AnyConnect, as it might not be supported by their existing VPN infrastructure or some other reasons. Faced with similar issue, I searched for possible solutions online and tried different ways of overcoming the issues, which is often a hit and miss affair.

( This tutorial is becoming even more robust as more and more reported success and provided additional tips to improve the process, and I have enhanced the tutorial, to make it as foolproof as possible for you.  Many reported they can now work from home, or use a single machine to access VPN instead of two machines, or simply made their life much simpler! Thanks to the Gleescape.com community, this tutorial has become a better one.)

Most users will face the first error, which says:

Secure VPN Connection terminated locally by the Client.
Reason 440: Driver Failure.

Rebooting the machine does not help, trying all other solution does not help. After some fumbling, painful, repetitive, trial and error, finally I found the way to do it right.

You can do like-wise by following the steps below, to ensure that your Cisco VPN Client continues to work well after migrating to Windows 8/8.1 OS (Edit: Some users reported that it worked with Windows 10 Tech Preview, although I had not tried it myself).

If you are lazy (or too busy) to find the software listed below in the instructions, you can download the all-in-1 package from here for your convenience (hosted locally): Download All-in-1 here (for Win8/8.1) 

As the usual disclaimer goes, I will not be held responsible if anything goes wrong with your computer or hardware or software, or causes you to suffer any loss of any sorts, so do backup your data if you want to go ahead. Ok, now that we have got the disclaimer out of the way:

First step you would need to tackle would be the secure boot that is offered on the newer hardware and Windows 8.

While secure boot is a useful security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC manufacturer, sometimes it gives us more problems than convenience. Many older 32-bit (x86) drivers are not signed, because kernel-mode driver signing is a recent requirement for Secure Boot. Therefore, in this case, the older Cisco VPN software is not compatible with secure boot, and means that you will have to disable secure boot on your PC. This may be escalating problem if you are using BitLocker, and it may require you to get a recovery key to boot in non-secure-boot mode. Well, at least it was necessary on my Windows 8 machine.

Step 1: Disable Your Secure Boot

(Only if applicable. If your secure boot is NOT enabled by default, then skip this! 🙂

  1. Open the PC BIOS menu. You can often access this menu by pressing a key during the bootup sequence, such as F1, F2, F12, or Esc.
  2. Or, from Windows, hold the Shift key while selecting Restart. Go to Troubleshoot > Advanced Options: UEFI Firmware Settings.
  3. Find the Secure Boot setting, and if possible, set it to Disabled. This option is usually in either the Security tab, the Boot tab, or the Authentication tab.
  4. Save changes and exit. The PC reboots.
  5. Install the graphics card, hardware, or operating system that’s not compatible with Secure Boot.

Note: In some cases, you may need to change other settings in the firmware, such as enabling a Compatibility Support Module (CSM) to support legacy BIOS operating systems. To use a CSM, you may also need to reformat the hard drive using the Master Boot Record (MBR) format, and then reinstall Windows. For more info, see Windows Setup: Installing using the MBR or GPT partition style. If you’re using Windows 8.1, you may see a watermark on the desktop alerting you that Secure Boot is not configured correctly. Get this update to remove the Secure Boot desktop watermark.

Step 2: Download the Cisco VPN Software

You may get the Cisco VPN Software from here:

Cisco VPN client download:

The following are the versions that are available as far as I know (and works for this tutorial ):

  1. 32-bit Windows 7 / Vista / XP VPN Client (version 5.0.07)
  2. 64-bit Windows 7 / Vista VPN Client (version 5.0.07)

DO NOT install the Cisco VPN client software just yet. Make sure any versions you might have installed are cleanly uninstalled with all directories removed just to be on the safe side.


Step 3: Install and run the DNE fix from Citrix

DNE stands for Deterministic Network Enhancer. This actually helps make sure that the DNE is fixed and cleaned up, in preparation for the Cisco VPN client software.

There are two steps:

First, go to: ftp://files.citrix.com/winfix.exe to get the file. Install the winfix.exe and run it. (If on an internal Citrix network, please use ftp://ftpsupport.citrix.com/winfix.exe)

Next, download and install the latest DNE:

For 32 bit OS: ftp://files.citrix.com/dneupdate.msi for 32-bit (If on an internal Citrix network, please use ftp://ftpsupport.citrix.com/dneupdate.msi )
For 64 bit OS: ftp://files.citrix.com/dneupdate64.msi for 64-bit (If on an internal Citrix network, please use ftp://ftpsupport.citrix.com/dneupdate64.msi)



Step 4: Install the Cisco VPN Client Software (finally!)

Run vpnclient_setup.MSI and NOT the vpnclient_setup.EXE.  This will increase the success factor of your installation. Some users have experienced problems with running the .exe version of the installer. Follow the usual installation steps thereafter.


Step 5: Make changes to the registry

If you do not make changes to the registry, you are likely receive the following error:

Secure VPN Connection terminated locally by the Client.
Reason 442: Failed to enable Virtual Adapter.

1. Open Registry editor regedit in Run prompt

2. Browse to the Registry Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA

3. Select the Display Name to modify, and remove the leading characters from the value data value as shown below,

For x86 machine, shorten the string “@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter” to just Cisco Systems VPN Adapter

– For x64 machine, shorten the string”@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows” to just “Cisco Systems VPN Adapter for 64-bit Windows

4. Reboot.

5. Once you have rebooted. You should be able to run your Cisco VPN client software successfully.

troubleshootTroubleshooting Section

Problem 1: You cannot ping your corporate servers using domain names e.g. proxy.mycompany.com:8080, fileserver1.mycompany.com.

If you experience DNS lookup problems after the VPN is connected, do this: set IP metric for the Cisco VPN to 1, and set the IP metric for Local LAN connection to 50. This will prioritise the Cisco VPN for DNS lookup when it is connected, hence your corporate servers’ DNS look will work correctly. (thanks to Chris’ tips!).  Just do the following:

Step 1: Click on the network icon on the system tray, select “Network Settings” -> “Change Adapter Options”. You will be show the list of adapters/connections in your PC.

Step 2: Right-click on the wired/wireless LAN connection, select “Properties”  –> Select TCP/IPv4 –> Click “Properties” –> Advanced –> Uncheck Automatic Metric –> Type “50” in the Interface Metric field.

Step 3: Right-click on the “Cisco Systems VPN adapter” or Cisco Systems VPN adapter for 64-bit Windows”, select “Properties”  –> Select TCP/IPv4 –> Click “Properties” –> Advanced –> Uncheck Automatic Metric –> Type “1” in the Interface Metric field.

Problem 2: You still experience 442 error even after changing the registry string

You can try to disable Internet Connection Sharing (ICS) – tip from Phil Raymond.

Problem 3: You still experience 443 error even after following the steps

Step 1: Click on the network icon on the system tray, select “Network Settings”.

Step 2: Go to the “Network and Sharing Center”under “Related Settings”  –> “Change Advanced sharing settings”, Under “HomeGroup connections”, select “Use user accounts and passwords to connect to other computers” –> “Save Changes”.

Problem 4: After Windows updates, your VPN software stopped working! 🙁

Sometimes, Windows updates will partially remove components of the VPN client. So the trick is as follows:

Step 1: Uninstall the VPN client using the “Programs and Features”, choose the VPN client software, click uninstall.

Step 2: Follow the instructions for reinstallation of the VPN client (i.e. Follow Steps 4 – “Install the Cisco VPN Client Software” and Steps 5 – “Make changes to the registry” above).

Please let me know if this solution works for you by adding into the comments below, and let’s see how we can fix/put this guide even better this together! :))

If you have used this guide and found it to be very useful, please support my efforts with a drink (just click on the button above) 🙂 lol.  I spent hours on the Internet piecing solutions together and trying it myself on my Windows machine in order to make this work. I hope you found it useful too.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x