Machine Tunnel XML File Disappears in Secure Access for XDR-Managed Clients

Available Languages

Download Options

  • PDF     (3.7 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (83.4 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (68.5 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:May 7, 2026
Document ID:225870

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Contents

Issue

The machine tunnel XML configuration file used by Cisco Secure Access (Secure Client Remote Access VPN) disappears unexpectedly causing machine tunnel to unable to connect.

Environment

  • Cisco Secure Access - Secure Client Remote Access (VPN, Posture, Private Resource)

  • Deployment template: A deployment package on XDR

  • Cloud Management and Zero Trust Access (ZTA) components present

  • Client machine managed by the XDR deployment package

  • Machine tunnel configured and operational

Resolution

The issue was resolved by embedding the machine tunnel XML configuration directly within the deployment package to protect it from deletion by Cloud Management enforcement policies.

Step 1: Modify Deployment Package Configuration

The machine tunnel XML configuration was embedded directly within the JAY-TEST deployment package. This approach protects the XML file from deletion by Cloud Management enforcement policies.

These are the deployment package modification steps:

1- Identity the deployment package assigned to the machine.

2- Edit the deployment package.

3- Create or upload a VPN Management Tunnel profile.

4- Upload the Machine Tunnel VPN XML file.

5- Assign the Machine Tunnel Profile.

6- Save the configuration.

7- Deploy the package to the client machines.

Step 2: Test Modified Configuration

After implementing the embedded XML approach, testing confirmed that the machine tunnel XML no longer disappeared after closing and reopening the VPN authentication window. The configuration remained persistent and stable.

Step 3: Verify Resolution

Post-implementation testing validated that normal operation was restored, with the machine tunnel maintaining both connectivity and configuration persistence regardless of authentication window manipulation.

Cause

The root cause was identified as a conflict between the Cloud Management configuration enforcement policies and the machine tunnel XML file storage mechanism. During the periodic XDR package updates then machine tunnel XML file was getting deleted as it was not assigned to the deployment package

Related Content

Revision History

Revision Publish Date Comments
1.0
07-May-2026
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Jaikishan Yadav
    Technical Consulting Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products