Cisco NAC Agent 4.9.1.682 Problems with Mac Os X 10.7.4

Similar Messages

• Mac OS X 10.8.1 and Cisco Nac Agent to 4.9.1.683

  We have this problem with on of our clients:
  "Cisco NAC Agent is having a difficulty with the server. Agent user operation system
  is not supported".
  Anyone encounter this problem ?
  thanks.

  Hi Tarik,
  We have:
  Cisco Clean Access Server   Version 4.9.0
  Cisco Clean Access Lite Manager   Version 4.9.0
  I can see Your point now,  that I should start from upgrading to 4.9.1.
  Let me do  that, and see if it helps.
  thanks  very much, I will keep You posted.

• Cisco NAC agent services not running on Windows XP

  Hi,
  I've problem with Cisco NAC agent services on Windows XP professional SP3.
  After first installation using user local administrator, the services of Cisco NAC agent on windows machine running well, but after logout, and login using another user which is registered in domain users, the services of Cisco NAC agent is going to stopped (going to Manual mode not automatic, and the status is stopped).
  This situation is not happened on all windows machines, several machines running well.
  Cisco NAC agent version 4.9.0.42
  Has anyone seen this type of problem?
  Below i attached windows machine information from ones running well and not running, Thanks
  Regards,
  Rian

  Hi thanks for your answers, dbconsole is started in services.msc and also Agent, but goes on to say that the agent is not running.
  In sysman log shows this,
  "03/20/2012 13:38:54,553 [MetricCollector: HOMETAB_THREAD600: 60] ERROR rt.DbMetricCollectorTarget _getAllData.328 - oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
  oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
  at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest_ (EMDClient.java: 1330)
  at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest (EMDClient.java: 1223)
  at oracle.sysman.emSDK.emd.comm.EMDClient.getMetrics (EMDClient.java: 640)
  at oracle.sysman.emo.perf.metric.rt.DbHomeTab._getAllData (DbHomeTab.java: 324)
  at oracle.sysman.emo.perf.metric.rt.DbHomeTab.getData (DbHomeTab.java: 139)
  at oracle.sysman.emo.perf.metric.eng.MetricCached.collectCachedData (MetricCached.java: 402)
  at
  at oracle.sysman.emo.perf.metric.eng.MetricCollectorThread.run (MetricCollectorThread.java: 320)
  at java.lang.Thread.run (Thread.java: 595)
  20/03/2012 22:00:03,335 [JobWorker 772: Thread-13] ERROR em.jobs executeCommand.161 - UpdateARUTables: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup parameters required to September."
  In event viewer shows this,
  "Agent process exited abnormally DURING initialization." but this message appears a few hours after having started the service.
  I am using the Administrator account

• Cisco Nac agent "List of Antivirus & Anti-Spyware Products Detected by the Agent "

  Hi All,
  We have posture assessment working with cisco Nac agent. Checking only symantec Antivirus def update and installation. Since there is windows defender in all the user pcs and turned off not in use. But cisco Nac agent is showing both windows defender and symantec in List of Antivirus & Anti-Spyware Products Detected by the Agent field. We dont want windows defender to show in this list.
  Anyone encountered this list before?? Please suggest.. I want to get rid of windows defender from this list in nac agent.

  Closest enhancement I could check on this is
  CSCts34764    NAC: Request for ANY rule to pass if 1 AS/AV definition is up to date
  Currently Windows Defender AnitSpyware comes installed on all Windows 7 machines.  Many users disable this and install their own AntiSpyware product.  Currently when using the ANY AntiSpyware up to date rule, it will fail if say MSE is up to date but not Windows Defender (since it is disabled).
  This is an enhancement request to add the ability to pass the ANY check if 1 AntiSpyware or AntiVirus definition is up to date but another is installed and out of date.  Currently if a customer wants to accomplish this they need to create a rule for every AntiVirus or AntiSpyware product and use the "Any Selected Rule Succeeds" option which is very cumbersome to configure.
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• Hide Cisco NAC agent window

  Dear all,
  We have cisco NAC version 4.9.1 and the agent version is 4.9.1.5. We want to know if there is a way to hide the cisco NAC agent window so the user do not see it, i mean run it on the background to make it a bit more transparent to the final user.
  Anyone have any ideas?
  Thanks in advance.

  Go to "Administration > User Pages" and make sure you have configured a proper login page for Windows 7.

• Question about cisco nac agent

  When I deploy Cisco NAC appliance, the main different between using cisco nac appliance with or without agent? I see Cisco NAC agent has two function: scan and remediation. If Cisco NAC appliance without agent, Cisco NAC server will scan device and remediation. That is right?
  Please answer me early. Thank you for your answer.

  Sorry, I believe daldden is correct, without the agent you can still scan using the built-in Nessus scanner.
  We don't use the Nessus scanner, but these are some things to consider if you use the scanner. These are from memory though so anyone who actively uses the scanner may be able to give more up to date or complete info:
  1) You have to decide which vulnerabilities you want to scan for.
  2) The more plug-ins you enable, the longer (obviously) the scan takes.
  3) There are configuration steps for many of the plug-ins
  4) Your users will still need to go to a login page in order to be scanned.
  5) You have to configure the remediation information (URL, steps, etc) for each plug-in you enable.
  From our view point, the only reason we would enable the scanner is if we were looking for a specific vulnerability, perhaps a new threat that didn't yet have a patch. If it had a patch, we would watch for the patch using the agent (installed or web based).
  It was much easier for us to use the agent, to scan their system and make sure that the MS critical hot fixes were installed and/or an AV system was installed and up to date. As mentioned, if there is a patch for a vulnerability, you can use the agent to make sure that specific hot fix is installed.
  Remember that there is also a web agent. The web agent is an ActiveX or Java (you pick which one you want to use) applet that is loaded onto the person's machine, the system scanned, then the applet is unloaded.
  Of course, the agent is only for MSoft (with some MAC options), so if you have Linux systems, the Nessus scanner would be your only option.

• Cisco NAC Agent and Windows 8 still not working

  Hello. I recently upgraded the Cisco NAC Agent to the latest version (4.9.1.13) on a Windows 8 VM. The release notes state that Windows 8 support has been added, and that a patch must be downloaded. However, the information about the patch is vague. I'm not sure if it's a client or server-side patch, or perhaps if I already have it as a result of upgrading to the latest version.
  I ask this because I plan to upgrade some computers to Windows 8, and have noticed that Cisco NAC Agent can't handshake with the NAC server on Windows 8 (both native and VM), and despite upgrading to the latest version, the handshake is still unsuccessful.
  Thanks,
  -Collin

  Hi Collin,
  The 4.9.1 Patch for Windows 8 Support can be downloaded from the following link :
  http://www.cisco.com/cisco/software/release.html?mdfid=282910502&flowid=34713&softwareid=282573326&release=4.9.1&relind=AVAILABLE&rellifecycle=&reltype=latest
  The patch should be applied to both 4.9.1 CAM and CAS.
  Please go through the README file for patch provided in the download link provided above. It has detailed information.
  Regards,
  Karthik Chandran

• Different between cisco NAC agent and cisco Clean Access Agent

  Hi all,
  if anyone has idea about different between cisco NAC agent and cisco Clean Access Agent, please share your ideas.
  thank you

  In 4.6, the agent was overhauled and is now called the NAC agent.  Previous versions were referred to as the Clean Access Agent.  So pretty much, the 4.5 agent and 4.1.3.2 agents are Clean Access agents, and the 4.6.x and 4.7.x agents are called NAC agents.
  Some of the changes made were moving a lot of the agent configuration to an XML file, redesigning the GUI, adding a service portion (so that the stub agent is no longer required), and better agent logging.

• Problems with Mac OSX 10.5.2 and installing my pro tools le 7.1.1

  Problems with Mac OSX 10.5.2 and installing my pro tools le 7.1.1.
  My garage band & reason software don´t open anymore giving me a error messasge regarding the midi drivers in the operating system.
  Please help!!!
  Thanks,
  Paolo

  Somewhere at either Macworld or here I learned that DVDSP 2, DVDSP 3 and now DVDSP 4 "internally" are major re-writes.
  Support for HD among a few other items along with QT 7 which comes with Tiger means sincerely that one set of applications/OS is not going to be stable.
  Personally I think of all the issues possible its DVDSP vs QT.
  Unless you move to DVDSP v4 the alternative is to wipe the disk and go back to Jaguar (10.2) or perhaps Panther but avoid upgrading QT beyond 6. I advocate wiping the disk because I'n not sure an archive and install to down shift to an earlier version of the OS is possible. If it is I'd still worry about mis-matched files in all sorts of locations.

• Hello  I have a problem with Mac Pro, iPhoto does not want to stay open and close as I can figure this out?  thanks

  Hello  I have a problem with Mac Pro, iPhoto does not want to stay open and close as I can figure this out?  thanks

  Refer below link once
  App doesn’t open | Progress wheel spins continually

• After I updated lion to 10.7.4, app store does not recognize my ID APPLE and it unable to connect me to app store in order to update/download apps? What have I to do? I have the same problem with mac mini e mac book air. Please help me!

  After I updated lion to 10.7.4, app store does not recognize my ID APPLE and it unable to connect me to app store in order to update/download apps? What have I to do? I have the same problem with mac mini e mac book air. Please help me!

  Your advice did not help me. I also installed 10.7.4 combo but the situation is the same.
  my internet connection is ok, mail is ok, but app store after 3 resets does not recognize my ID and it says "connection is not possible". Why? I have the same problem in both my mac mini late 2009 and mac book air 2010? Is it a problem of 10.7.4 update? I have to solve this problem and how can i return to 10.7.3 if my last backup was not with 10.7.3???thank you for your kind collaboration...

• AD account Login problem with MAC 10.6.8

  Hi All,
  We have around 50 odd MAC that are connected to windows server 2008 R2. the user were logining in to these MACs using their AD account. Recently few of the random MAC did not allow the user to login using their AD account.When analyzed though the MAC shows that it has connected to the Domain and the server is active with green button it has unbind itself from the server.I had to login in as local user bind the MAC back to get this resolved.
  Now the same has started happeneing for most of the MAC that we have and every morning I have login as local Admin and unbind / bind the MAC with the server. this gets reset once the user reboots or shutsdown.
  Have tried with few of the below solution but nothing helped:
  Solution 1:
  <key>mdns_timeout</key>
  <integer>2</integer>
  The integer value is in seconds; changing it to at least 5 should allow the Mac OS X client to reconnect to the Active Directory domain after a network interruption. In some configurations, a larger timeout value may be required.
  You can change this value by using the sudo command and a text editor to edit the preference file directly. Or you can use the Terminal command below, making sure to enter it all on a single line:
  sudo /usr/libexec/PlistBuddy -c 'Set :mdns_timeout 5' /System/Library/SystemConfiguration/IPMonitor.bundle/Contents/Info.plist
  Solution 2:
  I have seen all of the probable solutions and tried everything and still I am getting issues with 10.6.6 and after rebooting the Mac gets unbind. Or the Mac gets Network Accounts Available even when not accessing the list of users from AD. But the thing that I have done that has solved all my issues with AD on the Macs is to uncheck the box to search on all domains. For some reason I am seeing that when the Macs have this option checked, it searches through out the forest on the same domain controller more than once, so AD stops the handshaking of the authentication.
  I hope this helps like it did on our Network, since then I have not seen the Macs lose the binding or slow SMB.
  If you've tried this please let us know.
  TIP: Uncheck Allow Authentication from any domain for Mac AD problems
  Wednesday, April 20, 2011
  Steven Wells sent a fix and an explanation of problems with Macs losing their binding to Active Diretory:
  Unchecking "Allow authentication from any domain in the forest" is working at our college. We have been beating our heads on this for about 2 terms, with no understanding of why it works in some places and not in others. When we found this working, our IT guy said that the Security SID is being duplicated, when it looks in other domain forest, and that is what is causing the problem. This is the first time I have found an explanation for the problem.
  If you've tried this approach please let us know.
  Solution 3:
  Solved it. Create a file in Textedit with the name 'auto_master' (no file extension) with the following contents:
  # Automounter master map
  +auto_master # Use directory service
  /net -hosts -nobrowse,hidefromfinder,nosuid
  /home auto_home -nobrowse,hidefromfinder
  #/Network/Servers -fstab
  /- -static
  Place this in /etc/ folder
  Hope this helps
  solution 4:
  TIP: a Kerberos fix for OS X 10.5 and 10.6 binding to Active directory
  Friday, November 11, 2011
  Mehdi Mafi forwarded a fix he found for problems with Leopard and Snow Leopard binding to Active Directory:
  This was taken from Dane Riley's imaging building for DeployStudio.
  With Mac OS X Leopard every Mac is now running a KDC (Kerberos Distribution Center). Basically each imaged machine is using the same security certificate and hash. Deploying a single image will deploy the same KDC to every system. This [Apple] article covers how to reset the local KDC so that each system is unique. Basically, do the following:
  Launch Keychain Access
  Search for com.apple.kerberos.kdc and delete all 3 items
  Using Terminal type sudo rm -fr /var/db/krb5kdc
  After deployment, perhaps using Apple Remote Desktop to all systems, re- establish the KDC by typing sudo /usr/libexec/configureLocalKDC
  If you've tried this approach with Mac OS X 10.5, 10.6, or even Lion, please let us know. .
  TIP: More on a kerberos fix for AD binding problems
  Monday, November 14, 2011
  Mehdi Mafi updated his Friday report about Mac OS X 10.6 problems binding to Active Directory:
  You may want to add this. If the Mac keeps unbinding from AD (people can't log in to a Mac), here is how to fix it:
  Unbind it from Domain
  Launch Keychain Access
  Search for com.apple.kerberos.kdc and delete all 3 items
  Using Terminal type sudo rm -fr /var/db/krb5kdc
  Re-establish the KDC by typing sudo /usr/libexec/configureLocalKDC
  Bind it to domain again ( When you bind, uncheck allow authentication from any domain in the forest in: Directory Utilitiy-> Advanced Options\Administrative ) this fix the issue that sometimes it can' find AD under search space.
  If you tried this please let us know.
  Solution 5:
  For Snow Leopard AD login issues, use upper case domain
  Solution 6: for .local
  To create this StartupItem, create the following directory as root:
  /Library/StartupItems/FixADAuth
  Then chown it to root:wheel and chmod it to 755. These must also be the owner/permissions on the two files it will contain, below:
  Contents of our /Library/StartupItems/FixADAuth/FixADAuth:
  #!/bin/bash
  . /etc/rc.common
  date > /var/log/FixADAuth.log
  n=0
  AuthSuccess=0
  while [ $AuthSuccess != 1 ]
  do
  id Administrator && AuthSuccess=1 || networksetup -setsearchdomains Ethernet "Empty"; networksetup -setsearchdomains Ethernet middlewich.local; n=$(($n+1))
  done
  echo Authentication successful: $AuthSuccess >> /var/log/FixADAuth.log echo Operation count: $n >> /var/log/FixADAuth.log
  date >> /var/log/FixADAuth.log
  Contents of our /Library/StartupItems/FixADAuth/StartupParameters.plist:
  Description = "Fixes Active Directory authentication issue";
  Uses = ("Disks");
  Obviously you'll need to change "middlewich.local" to your own domain name (and the network interface name if your connection is wireless). The script checks to see if it can see the user "Administrator" on the domain, as he's a fairly common bloke, but if you've renamed yours for security reasons then pick another one. I've also included some logging functionality for debug purposes, so you can verify how well the script is working if you need to and time it in your environment before telling the users how long to wait. The /var/log/FixADAuth.log file will contain the date/time the process started, the success variable set to 1 (just to verify), how many DNS operations were required to fix the problem, and the date/time it ended. For us the time difference is normally about +30-40 seconds with around 120-180 operations taking place. Once you're happy with the script, you can strip it down to its bare functionality if you like, like so for us:
  #!/bin/bash
  . /etc/rc.common
  AuthSuccess=0
  while [ $AuthSuccess != 1 ]
  do
  id Administrator && AuthSuccess=1 || networksetup -setsearchdomains Ethernet "Empty"; networksetup -setsearchdomains Ethernet middlewich.local
  done
  I hope this helps someone!
  Regards

  You are welcome.
  But the question is 10.6 mac  just like 10.6.8  , as long  as its the same and works.
  Yes. You can save some updates by using the combo update.
  10.6.8 Combo Updater

• Email Problem with Mac

  Hi, I am new to FIOS so I hope this is the proper board to post in.  I set up 2 subaccounts for verizon.net email and configured them for my Mac Mail program. Everything worked well for about 2 days, and all of a sudden the Mail program keeps asking for my password (even though it was saved in my Mail settings) and says the the incoming mail server is offline.  I've Googled this issue and see that others have posted about the same authentication error. Has anyone else here experienced - and solved - this problem? Thanks. 

  I am having the same problems with Mac eMail.  I have two Macs, one that is running Lion and the other is running Snow Leopard.  I have spent days on the phone with Apple and Verizon and they are blaming each other and neither have a solution.  Have you been able to get a response?  It looks like this is something that happens from time to time but never really gets fixed.
  Please let me know if there has been a fix since the Mac Mail update in July?  With the Union Issues Verizon doesn't have enough people to address the issues both in person ( I had a tech come to the house and he didn't know anything about software ) or on the phone.  They keep kicking it back to Apple.  I also have a couple iPhones and both are working fine. So this seems to be OS X specific.  I've had Macs and iPhones for 3 years or more. 
  Just makes me think something was done to the mail servers they didn't get correct.

• Problem with Mac Office Password Protection

  I'm running Mac OS X 10.7.5 with MS Word for Mac 12.3.5 and MS Excel for Mac 12.3.5. 
  I created a Word (.docx) and an Excel (.xlsx) document on my Mac at home, both with password protection.  I uploaded the documents onto Google Drive.  I was able to open the documents a few times with the password on my Mac at home, and on my PC at work.  However, now upon opening the docs, Word and Excel say the password is incorrect (both home MAC and work PC). 
  I know I'm entering the correct password. I'm 100% positive. I was able to open the docs a few times previously just a day before.  Now they're completely inaccessible. My questions are:
  (1) Is this a common problem with Mac for Word/Excel docs?  
  (2) Are there ways to recover the password (a dictionary based brute force solution is unlikely to work, as I use non-word passwords with numbers)?
  (3) If this is a common problem, are there other alternatives to password protecting or encrypting Mac for Word and Excel docs that don't cause problems?
  Any feedback is greatly appreciated.  Thanks. 

  Could just be thats the way it runs on Rosetta. I called in apple to ask if I could return office '04 because I didn't want to take the chance, they were more than eager to return it for me because of the fact it would be slow/maybe have problems running in Rosetta.
  I just got iWorks instead till the universal version of office comes out (which if you buy office '04 you'll have to buy the new universal version as well, or so the rep told me).

• Problems with "Mac Help"

  My help files, especially "Mac Help", no longer work properly since upgrading to Tiger. If I open "Mac Help", for example, the help window will pop up, but the links will not work (nothing happens when I click on them) and the search feature in help will not work either (the little gray "clock" just spins next to the help bar and nothing else ever happens). Any suggestions on this one? As I'm a relatively recent Mac convert, the help feature was something that I came to rely on. Thanks!

  Hi CP,
  This is a common problem with Mac Help. When it happens, try first (quit Help) deleting this folder:
  Home/Library/Caches/com.apple.helpui
  If Help still doesn't work, try then deleting those files:
  Home/Library/Preferences/com.apple.helpviewer.plist
  Home/Library/Preferences/com.apple.help.plist
  (and this one if you find it):
  Home/Library/Preferences/com.apple.helpui.plist
  See also this KB article for more info
  - Mac OS X 10.2, 10.3: Mac Help Viewer unexpectedly quits
  and this excellent X Lab FAQ
  - Troubleshooting Help Viewer
  It seems (not sure about that), that Help caches get easily corrupted when interrupting searches instead of patiently waiting for its internet accessings etc?
  Good luck!
  Axl