I recently ran in to a problem where I would get the dreaded "User not authorized for AnyConnect Client access, contact your administrator" error message from my Cisco ASA running version 9.2(2) when trying to connect to the VPN service (IPSec, IKEv2). The really frustrating part was my Mac could connect just fine, but my Windows VM would not. After some research I figured out what the fundamental problem was and what was causing it.
The main issue was the AnyConnect Client Profile was not getting downloaded to the Windows machine. The reason my Mac worked, is I had successfully downloaded it at some point and it was cached. On Windows 7 you can find the file in the following directory:
C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile>
On Mac you can find the same profille in:
The reason it was not getting downloaded is I had turned off the SSL Access configuration in the AnyConnect Connection Profiles interface section, since I was not using it. You turn this back on, and viola it works. So if you are getting the dreaded error, check to see if you have your AnyConnect Client Profile first.