[SOLUTION] Your certificate is invalid for the selected group – Cisco AnyConnect VPN Client

For a company that I work with, two users called me with the same error when trying to connect to the Cisco AnyConnect VPN Client: “Your certificate is invalid for the selected group”.  If you look in Internet Explorer’s certificates, the user’s digital certificate had disappeared (was missing). [If the certificate is still listed, check the expiration date.] After installed the certificate again, it would just disappear again. I found that the cause with a malware infection. On the Windows 7 machine, I ran MalwareBytes’ Anti-Malware, it found one infected file and some bad registry entries, but also ran HitmanPro (do a one time scan and make sure to activate a free license first) and it found two other infected running processes (one a service and one just running). HitmanPro said it would clean on reboot. After rebooting, it appeared that the malware was gone, but I would get this message after authenicting to Cisco:

The VPN client was unable to setup IP filtering. A VPN connection will not be established.

This post helped me figure out that the Base Filtering Engine was missing from the Services.  I ran into this before trying to install my prefered antivirus program, ESET NOD32, and they have a tool to repair the missing BFE here. Success!   On the Windows XP machine, it looked like Symantec had finally wiped out the malware, so I just ran MalwareBytes’ and HitmanPro to clean up the remnants — then I reinstalled the certificate.

[SOLUTION] Hard drive keeps filling up automatically

This is a very specific problem — you have run out of space, so you delete 10GB, 20GB, 100GB, yet the hard drive keeps filling up.

I first used RidNacs (a hard drive space utility) to help me see what directories are taking up all the space on the hard drive. Once you get that installed, choose the drive in question (usually C). In the case of the computer I was working on, it showed 185GB worth of data accounted for, but Windows reported that 270GB of 280GB were used. He then moved 45GB of data off to an external drive and within a few days he only had 25GB available. I noticed upon running RidNacs again that it listed some directories with “Access is denied” next to them. One was “System Volume Information” and one “Documents and Settings”. I struggled with getting ownership of them with the Security tab in Windows, so I found these instructions to do it with a Command Prompt. This stuff is probably going to be for professionals.

a)Go to > Start > All Programs > Accessories.

b)Right-click on Command Prompt, and then click Run as Administrator.

c)To take ownership of a folder, type the following command and press ENTER:

takeown /f <foldername in QUOTATION MARKS if spaces> /r /d y

d)Then to assign the Administrators group Full Control Permissions for the folder, use this syntax:

icacls <foldername in QUOTATION MARKS if spaces> /grant administrators:F /T

The /T parameter is added so that the operation is carried out through all the sub-directories and files within that folder.

(posted by Shinmila H – Microsoft Support)

Here is something that claims to be a simpler way to do this that I didn’t test yet.

Now at this point, I found that System Volume Information had 116GB and Documents and Settings 127GB.

I wanted to see if I could get Windows to reduce that or keep it from growing, so I went to System in the Control Panel, then System Protection and found that the Automatic restore points configuration is disabled by Group Policy. To overcome that, I used these instructions. (I deleted the DisableConfig key, even though it was zero.) Then I went back to the System Protection tab and unchecked the C drive. It warned that it would delete the Restore points (great!). Indeed it did. I then turned it back on and clicked Create to make a fresh restore point. I then checked the hard drive. 140GB FREE!!

I believe that this damage was done by malware and I wasn’t successfully about to fix all the Access is Denied directories, but I think the hard drive filling issue is now fixed.

Please comment below if this helps or you have things to add.