Read Me

We had an issue on several Windows instances where the Cisco Umbrella module or plugin for Cisco AnyConnect went inactive. The usual troubleshooting steps didn’t solve anything, and at the time, the Internet seemed lacking information on the fix.

The fix I found by hunting through the AnyConnect ProgramData directory for logs. Within these logs, it kept indicating a particular file was corrupted.

Prerequisites

You need the following:

  • Administrative privileges.

The Inactive Issue

Firstly, let’s verify that we are all on the same page. Open the Cisco AnyConnect Secure Mobility Client and eyeball the Roaming Security module. If it’s inactive like you see below, chances you are running into the same issue!

Screenshot of an inactive UCisco mbrella module/plugin in Cisco AnyConnect.

An inactive Umbrella module or plugin in Cisco AnyConnect.

Many of you already know the %ALLUSERSPROFILE%\Cisco\Cisco AnyConnect Secure Mobility Client\ directory. What is also contained are any installed modules or plugins, in this case, the Umbrella Roaming module. If you dig further, you will find the following log file %ALLUSERSPROFILE%\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella\data\acumbrellaplugin.log.

The screenshot below is that log file. Within this log file, several warnings regarding the failure of device registration and a courrupt JSON file.

Screenshot of Umbrella Plugin log confirms corruption of the config.json.

The log acumbrellaplugin.log confirms the corrupt file as Config.json.

If we open Config.json, we discover the source of all our woes! All three value pairs are set to null, which explains the errors regarding failed device registration and file corruption!

Screenshot of the Umbrella plugin config JSON file with all values set to null.

The corrupt file as a result of null values for all three keys.

Let’s Fix It

  1. Quit or kill the Cisco AnyConnect Secure Mobility Client.

  2. Copy and paste this path %ALLUSERSPROFILE%\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella\data into Windows File Explorer. Alternatively, if the environment variable isn’t working for you or here is the explicit path C:\ProgramData\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella\data.

  3. Rename the Config.json file to anything you want; something like backup_config.json will do just fine.

    Screenshot of renaming of the config JSON file.

    Renaming original Config.JSON file.

  4. Open Cisco AnyConnect Secure Mobility Client. Give it several minutes to allow the JSON file to be recreated and device registration to Umbrella. You will see the Roaming Security Module go from inactive to active.

    Screenshot of roaming security going active.

    Roaming security is now active!

  5. We can verify that a new Config.json exists. Within this new JSON file, the key-values for deviceId and originId are now populated!

    Screenshoot of the recreated config JSON file.

    The Config.JSON is recreated.

    Screenshot of config JSON file that contains now values in the key-value pairs.

    Values are now populated.

  6. Delete that old and dirty previously config JSON file or keep it for memorabilia!

Conclusion

Hopefully, this helps your troubleshooting of an inactive Umbrella Roaming Module for Cisco Umbrella, good luck!

Resources

  1. Me