For a company that I work with, two users called me with the same error when trying to connect to the Cisco AnyConnect VPN Client: “Your certificate is invalid for the selected group”. If you look in Internet Explorer’s certificates, the user’s digital certificate had disappeared (was missing). [If the certificate is still listed, check the expiration date.] After installed the certificate again, it would just disappear again. I found that the cause with a malware infection. On the Windows 7 machine, I ran MalwareBytes’ Anti-Malware, it found one infected file and some bad registry entries, but also ran HitmanPro (do a one time scan and make sure to activate a free license first) and it found two other infected running processes (one a service and one just running). HitmanPro said it would clean on reboot. After rebooting, it appeared that the malware was gone, but I would get this message after authenicting to Cisco:
The VPN client was unable to setup IP filtering. A VPN connection will not be established.
This post helped me figure out that the Base Filtering Engine was missing from the Services. I ran into this before trying to install my prefered antivirus program, ESET NOD32, and they have a tool to repair the missing BFE here. Success! On the Windows XP machine, it looked like Symantec had finally wiped out the malware, so I just ran MalwareBytes’ and HitmanPro to clean up the remnants — then I reinstalled the certificate.