CISCO NAC AV/AS Support details UPDATE

HI,
Can anybody help me in understanding that how to updae a Clean access manager from cisco site for AV/AS vendor list update.
We cant connect internet directly to our CAM, is there any mnaul procedure for the same.
Incase not let me know the procedure through internet like where to connect internet cable, how to configure ip and access updates etc.
regards,
Sanjeev Das

Hi,
If you do not have an internet connection do you have an internet proxy? You can point the clean access manager to the proxy server and get the updates that way.
You can try to run a proxy service on your machine where you can point the manager to, and then try to get the updates that way.
Which version of clean access are you on?
Tarik Admani
*Please rate helpful posts*

Similar Messages

Cisco NAC: AV Defination Update Scenario !!!

Hi,
I just want to brain storm for this scenario to keep check the AV defiantion rule & requirement !!!
I am using the Cisco NAC (4.8.2.3).... NAC updates are working fine and configured.
My customer is using the Trend Micro OfficeScan AV (Ver = 10.5). I have configured the AV installation rule & requirement & mapped to the role. I wanted to check the 15 Days older AV Defnations. Configuration seems working fine.
But, the issue is that, Cisco NAC Agent is showing the "Installed" Defination Date which is different for the each users. The showing date is the one, when they installed the AV on users. So, the users are getting failed to fullfil the 15 days older virus definations. When, i change the 15 days to e.g., 150 days to let th users fulful the requirement, then it works fine.
The AV console is showing the right date on its software. I also found some registry keys which is keep updating & showing the latest date for AV defiantion date. I can use them but then it would need the administration to change it manually after each 15 days. But, i want to keep it automatic.
how can we change in cisco nac agent to check the specified registry key???
Please advise..
BR,
Mubasher Sultan

Yes Correct,... Manuall update of antivirus when the PC is in quarantine state is working...it updates, but same the NAC agent is not triggering the antivirus update,
Ok thanks Nicolas, i think i have to open TAC case for this issue.
One thing more, does it has anything to do with av-posture-pack-win-3.4.16.1.tar.gz ??
should i update this module ???

Does Cisco NAC support Wireless LAN?

Hi There
I know Cisco NAC supports Wireless LAN. I have deployed this myself with various brands of Autonomous APs. These works fine only in in-band mode, not in out-of-band mode.
However, Cisco did mentioned for Cisco AP, with Cisco NAC and Cisco switches, out-of-band is supported. I tried this today, and it's either Cisco is wrong, which is highly unlikely, or I did not configure either the NAC portion or the Cisco AP correctly, which is most likely? I wonder where did I go wrong? Please somebody, advice me on this?
Regards,
Ram
+6012-2918870

Hi Ramraj,
You can do out-of-band with Wireless deployments now, however you must have a Wireless Lan Controller managing your APs. You cannot do it with standalone APs.
The guide below goes through most of the configuration:
http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080a138cc.shtml
Thanks,
Nate

Does Cisco NAC support for HP Switches

Dear all,
the existing network has HP switches , is there any way i can deploy Cisco NAC solution here ?
Pls revert .
thanks ,

Cisco NAC has lots of limitations, and surly this is one of them. But while I respect the fact that cisco will not support NAC on HP switches. It can work. And it will perform just fine, once you understand “Cisco NAC” and able to configure it for the first time, you will be able to support it without the need of TAC.
The idea is that Cisco NAC sends commands to the switches on the network to apply specific access list or Vlan changes, since Cisco can only speak Cisco, it does not know how to tell other switches to do that. . The work around is that you would have the NAC running in in-line mode on your network, yes this will introduce a bottleneck, but that is the only way to do it. The NAC then will look at the traffic based on the MAC or IP and apply set of policies depending on the source or the destinations.
Please do your research and look at other NAC solutions before you decide the best vendor to go with.

Cisco NAC Agent 4.9.1.682 Problems with Mac Os X 10.7.4

Hi
My Cisco NAC Agent (version 4.9.1.682) doesn't work since I upgraded my Mac OS X 4 months ago, This happens every time with CISCO and MAC when there is a new update and it always seems to take forever to fix.
The NAC agent just keeps asking for my login in details even though there are correct (I can log in with a PC no problem).
Any update on when a new version is going to be released - Its getting really frustrating?

I figured out a solution that works you must disable Online Certificate Status Protocol (OCSP) on the affected system. To do this :
    Open Keychain Access. Keychain Access can be found by selecting Go in the Finder and choosing the Utilities option. Keychain access should be listed in the folder that appears. Double-click the Keychain Access icon to open it.
    Select Keychain Access -> Preferences from the menu at the top of the screen
    Choose the Certificates tab
    Change the OCSP option from Best Effort to Off
    Close the Preferences dialog and quit Keychain Access
    You should be able to NAC now

Where i can get a Cisco VMware Vsphere ESXi 4.1 update 1 installable media

Hi All,
can someone from cisco tell me how to get cisco vmware vsphere ESXi 4.1 update 1 that was certified by Cisco ?
because the last release from the vmware website still 4.1 without update 1.
http://downloads.vmware.com/d/details/esxi41_cisco_oem_iso/ZHcqYnRkdHdiZCpwcA==
Thanks.
Berwin H.

Sorry for any spelling errors:
What is working well for us, is to always get the latest ESX(i) release from vmware, apply all patches and then make sure to install the newest drivers for Cisco fnic (hba) and enic (lan) that can be found on the vmware site.
During our first UCS upgrade (we did not have installed the Cisco drivers) we experienced some issues. A lot of our VMs lost connectivity to storage for about 2-3 minutes during the reboot of the primary FI. After opening a support request at vmware and Cisco, vmware sent us a newer fnic driver, as the standard driver included in the ESX iso did not handle hba failover very well.
Since that upgrade we always keep up to date the enic and fnic drivers for Cisco UCS. They can be found on the VMWare ESX download site.
Newer drivers are also available on the Cisco UCS driver CD, but those are not yet signed by vmware, so it may be a better idea to use those tested by vmware.
Since we are handling ESX updates like this, every UCS upgrade and everything else worked like a charm and my pulse during upgrades got divided by 2
BTW: Also with other server manufacturers we could have saved us a lot of trouble if we simply had upgraded adapter drivers earlier.

Cisco NAC Agent and Windows 8 still not working

Hello. I recently upgraded the Cisco NAC Agent to the latest version (4.9.1.13) on a Windows 8 VM. The release notes state that Windows 8 support has been added, and that a patch must be downloaded. However, the information about the patch is vague. I'm not sure if it's a client or server-side patch, or perhaps if I already have it as a result of upgrading to the latest version.
I ask this because I plan to upgrade some computers to Windows 8, and have noticed that Cisco NAC Agent can't handshake with the NAC server on Windows 8 (both native and VM), and despite upgrading to the latest version, the handshake is still unsuccessful.
Thanks,
-Collin

Hi Collin,
The 4.9.1 Patch for Windows 8 Support can be downloaded from the following link :
http://www.cisco.com/cisco/software/release.html?mdfid=282910502&flowid=34713&softwareid=282573326&release=4.9.1&relind=AVAILABLE&rellifecycle=&reltype=latest
The patch should be applied to both 4.9.1 CAM and CAS.
Please go through the README file for patch provided in the download link provided above. It has detailed information.
Regards,
Karthik Chandran

How Cisco NAC and Cisco NAC Agent works

HI,
Can anyone help in explaining in detail for Cisco NAC will work in L2 OOB mode?
Also, what is the path from the time the end user connects to the network till he gets access to the network?
Please reply soon.Its urgent.

I really do not know if you will find the answer that you are looking for. From what I remember NAP was an option that was available with the ACS via a special patch. This is only supported for vista clients if memory serves me correct.
Here is the link that will help you with the basics.
http://www.cisco.com/en/US/netsol/ns466/index.html
We do not get much case volume or exposure to the NAP solution and with ACS 5.2 and ISE around the corner it might be too late to go through this setup and then run into issues with acs 4.2 possibly hitting eol/eos.
Thanks,
Tarik

May Release: New partner support, Infrastructure updates, Site templates and bug fixes

Link: http://www.businesscatalyst.com/_blog/BC_Blog/post/May-release-New-partner-support-Infrast ructure-updates-Site-templates-and_bug-fixes/
We are announcing a new Business Catalyst release, scheduled to go live on Thursday, May 3rd. With this release, we are continuing our investments in system performance and stability by increasing our web servers capacity, enabling HTTP acceleration to provide faster site loading times, and improving the site creation speed by using pre-generated sites.
On the product side, we have completely revamped our partner support workflow taking advantage of the Adobe support infrastructure and tools, enhanced the site templates workflow for partners, and included lots of bug fixes and improvements. Read through the following sections to get detailed information about this release:
Partner support
Infrastructure updates
Features and enhancements
Issues fixed by this release
What's next
You can jump to the corresponding section by clicking the above links.
Partner support
Updated Help & Support partner experience
Following Adobe ID support, we have upgraded BC support tools (cases, chat, documentation) with standard Adobe tools. As a partner, you can now benefit from the same support tools as the rest of Adobe Creative Suite, and can track your support cases with Adobe BC, Dreamweaver, Muse or Photoshop in a single place.
Partners with more than 100 paid sites will get 2nd level chat support, which includes a higher priority, by default. If you have more than 100 paid sites, but spread across different Partner Portals, please ask support to enable 2nd level chat for you.
Support experience for your Small Business owner clients can now be owned by partners (see below).
Custom Help & Support URL for your clients
As a partner, you are probably already offering various additional services to your clients besides building & maintaining their BC site. Support, tailored specifically to your client needs, is usually one of these value-added services. We are now enabling you to take your Support service to the next level. In Partner Portal Settings, you have the option to set a custom URL for what will open when your client clicks on Help & Support inside Admin Console:
If you have multiple partner accounts, for different verticals, you can specify a Support URL for each of these.
The default Support experience provided by BC for your clients will be updated in a few releases to be similar to the partner support experience. This includes BC-branded support cases and documentation. If you'd like to keep a white-label experience for your customers, please set your own Help & Support URL in Partner Portal.
For more details please read the Improved support workflow and new forums announcement on our blog.
Infrastructure updates
Between our April release and the following infrastructure updates have been enabled
Limited trial sites for free partners – starting with our May release, the number of trial sites a Free Partner can have will be limited to 100. Once the limit is reached, Free Partners that need to create a new trial site have the options to upgrade to a higher partner plan, upgrade some of the trial sites to paid or delete unused/expired trials.
Automatic trial expiry extension - with this release, trial site expiry date will be automatically extended with 30 days every time an admin user logs in the system through the admin interface or through FTP.
Installed additional hardware - we have installed additional web servers on all our data centers, that translate into an increase of the existing capacity with over 70%.
Updated DNS infrastructure - we have improved the DNS resolution for email delivery so that we can increase the rate at which we're sending the system operational emails
HTTP acceleration – all sites static assets are served from a new cache engine (images, CSS and JavaScript files, together with improved headers that should allow the browser to cache them better for a browsing session). This update has been turned on along with our April release, and has made all the BC sites load faster on first and on subsequent loads.
Accelerated site/partner creation – we've changed the way new sites are created for faster speed, pre-creating them and reusing pre-created sites when needed, and have also improved the creation process for new partners, minimizing the impact of new CCM customers on the existing datacenters.
Adobe ID for partners - in order to support an integrating experience between the various Adobe tools a partner may use (Dreamweaver, Muse, Support forums) we have added Adobe ID support for Business Catalyst partner accounts. Starting April 19, partners are asked to merge their current Business Catalyst account with their Adobe ID accounts. For more details about the transition process and FAQ please read the Introducing Adobe ID blog post.
Updated Terms of Use - Along with several other changes in our processes in the past few months, we also revamped our Terms of Use and the signature process by requesting every admin user to sign a TOU. We have completed the rollout for partners, and we might be pushing an updated partner Terms of Use version within the following weeks. For more details and questions about this change, read the New Terms of Use for Business Catalyst blog post.
Features and enhancements
Site templates
To support the increasing number of partners building, sharing or reusing templates to create new sites, we're extending our site templates support from our partner portal with a new template type and improved management support. The update is going to enable partners to mark sites as templates and choose between making them available in Online Business Builder and keeping them private in their partner portal. A template site will not expire and has the same limits as any other trial site.
Based on your partner level, you can create private or public templates using the Site Details screen or the Tools>My Site Template section from your Partner Portal. Standard partners can only create private templates, while Free Partners can only view site templates that have been transferred to their accounts by other partners.
The number of templates a partner will have will be limited and will vary based on partner level: free partners can store up to 5 templates in their partner portal, standard partners have up to 100 site templates while Premium Partners might have up to 200 templates. Paid sites marked as templates are not counted against these limits.
Business Catalyst Partner fixes
While we are really focused on making the Business Catalyst integration into Creative Cloud a smashing success, we are slowly resuming our efforts to deliver fixes that have been requested by our partners. This release includes the following partner fixes:
Improved product custom fields - we have increased the maximum number of characters for product custom fields to 1024 (previous limit was 256); this gives partners and customers additional space to use when working with products
Improved Secure Zone subscribers list - we have added the customer email address in the Secure Zone Subscribers list to enable partners better filter and manage customers
Better experience when exporting data - to prevent customer confusion when exporting data from Mac computers, we have removed the export to excel option and exporting in CSV format by default.
Social plugins integration updates
Starting with our May release, we are updating the social plugins support to require users to get the plugin code from the third party provider and saving into his Business Catalyst website. The module tags and configuration will remain unchanged, but will render an empty tag until the partner or site owner will update the module template to include the corresponding module code snippet from the third party platform provider.
For more information about how you can enable the Social Plugins on a Business Catalyst websites, read the Social Media: Integrating Facebook and Twitter knowledge base article.
Other changes
Updated weekly emails - Starting with our May release, the information in the site weekly emails has been filtered based on the site's plan. For example, webBasics site reports will no longer include the sales report.
Localization - we improved and increased the coverage of the admin interface translations into German, French and Japanese
Site Settings -> Ignored IP addresses has been relocated under Reports -> Visitors -> More.
BC-Dreamweaver integration performance improvements
Development Dashboard has been removed, as it didn't provide a clear useful, ongoing benefit. The information present in the development dashboard has been integrated into our new Help & Support section.
Payment gateway settings - for more privacy and data protection, we have updated the Payment Gateway configuration screens to obfuscate the sensitive login information. Fields that have been obfuscated are now requiring confirmation.
Report abuse badge on trial sites - for compliance reasons, a "Report Abuse" link has been added to the front-end of all trial sites of free partners that don't have any paid sites. When they click the Report Abuse link, site visitors are redirected to a form submission page on businesscatalyst.com site.
Issues fixed by May release
Issues 3051303, 3168786 - Workflow notifications - Fixed a problem preventing workflow notifications emails from being sent.(see get satisfaction forum discussion)
Issue 3164074 - Fixed a bug causing the lightbox gallery created from Muse to be displayed behind page elements
Issue 3162810 - Fixed a bug in rendering engine to prevent content placed between body and head tags being incorrectly moved inside the body tag
Issue 3166610 - Fixed a broken link to Partner Portal in Internet Explorer
Issue 3175003 - Fixed an issue that caused an incorrect price display for the Year One-Off Setup Fee when upgrading a site from Admin using CB
Issue 2567278 - Fixed a bug causing site replication to ignore product attributes
Issue 2947989 - CRM passwords are now case sensitive
Issue 2723731 - Removed CSS files from the head section of the Layouts files, when downloaded and opened in Dreamweaver, via the BC extension
Business Catalyst new admin interface updates
Added "Save and Add New" button in Web App Item Add & Edit screens (see get satisfaction forum discussion)
Updated Quick Actions menus to add more actions (see get satisfaction forum discussion)
Fixed an issue causing Recent items menu to display deleted items (see get satisfaction forum discussion)
Fixed a display issue on File Manager making top buttons unreachable (see get satisfaction forum discussion)
Fixed the scrollbars in Email Marketing>Campaign>Stats>Bounced Emails reports (see get satisfaction forum discussion)
Fixed an issue causing Recent items menu to brake after selecting the current page from the Recent Items menu (see get satisfaction forum discussion)
Replaced the Success notification displayed when selecting Users or Permissions tabs from User Roles with an Warning
Change the action label displayed in User Roles list from View to Edit to match the list pattern from Admin Users
Fixed a missing file JavaScript error occurring when trying to open image manager from product details-> Attributes -> options
Moved System Emails section from Site Setting to Site Manager (see get satisfaction forum discussion)
Updated Domain Management interfaces to close the modal window and refresh the domain list after successfully adding a domain
Fixed an issue preventing the Hyperlink Manager to function properly (see get satisfaction forum discussion)
Updated the confirmation message received after copying a page to match the new workflow and button names
Fixed an issue causing the current screen or section to not be highlighted in the menu
Updated styling on the new dashboard, user management and email accounts interfaces
Updated dashboard reports filters and chart display; made the chart and the filter use the site time zone
Fixed an issue preventing users from inviting new admin users or create new email accounts on Internet Explorer 8
Fixed an issue preventing users from deleting Email Accounts or Admin Users in Internet Explorer 8
Fixed some issues preventing password recovery email from being sent
Removed the alert message displayed when the user or email account limit has been reached
Added localization for the simplified dashboard
Fixed display issues for site limits, domains and user list in the simplified dashboard
Added Custom reports for webBasics plan
Fixed a bug generating a "500:Collection error" on the simplified dashboard when user did not had View users permission
Added TOU checkbox in the email account setup screen
Updated Site Preview link in the dashboard to load the default domain
Fixed an issue in the new File Manager forcing a user to press Undo twice in order to see the change take effect if the code that was previously formatted contained any <"tag" with more than 2 lines
Fixed an issue causing the File Manager editor toolbar to incorrectly render if page URL path is longer than certain value; starting with this release, the site URL is trimmed
Fixed an issue causing the invite users to be displayed as [object Object] in dashboard and admin user list
Fixed a bug in the new admin causing the interface to become unresponsive when using the browser Back button
Fixed an issue in the new File Manager causing "Save Draft" button to publish the default page template instead of creating a draft version
Fixed a broken invite link issue in the Email Account invite email
Updated loading indicators in File Manager and Email Accounts screens
What's next
The first item on the what's next list might not be news for many of you, but it's definitely one of the most important milestones this year. The Creative Cloud launch is just around the corner, and Business Catalyst is playing an important role in that, as the publishing platform for Adobe® Muse and Dreamweaver. This launch will capture all our attention within the next weeks as we want it to be our best ever.
We'll start our next development cycle on May 15th, while the next Business Catalyst release is going to be pushed live in mid June. That being said, the following items are already on our launch plan for the next release and a few more will join the list. Please expect an update on our 2012 plans around mid May.
HTTP throttling – all page load and API calls to BC will be protected against attacks, this might trigger problems for API heavy sites. We are looking into enabling this update along with our June release, and will help make sure that a reasonable number of requests will be accepted from the same computer per minute.
Automatic site deletion - Starting with the June release, we are going to start automatically delete expired trial sites and canceled sites. Customers will be notified twice before we are going to proceed with deleting the sites.
Thank you,
Cristinel Anastasoaie
Adobe Business Catalyst Product Manager

In reference to this change in the Custom Reports... Better experience when exporting data - to prevent customer confusion when exporting data from Mac computers, we have removed the export to excel option and exporting in CSV format by default.
What is the customer confusion we are trying to stop here? I've got even more confused customers at the moment because all of a sudden they can't find the export to excel option but know it exists if they log in on a PC?
Mark

Supporting detail disappeared and the could not edit

We have a planning app (v 11.1.2.2) and one user told me he entered some data into supporting detail for one cell. After he save it and the cell data became 0. And he could not edit that cell anymore. Tried to editing supporting edit for that cell brought back a blank page. I tried that cell and although the data is 0 and I could not update supporting detail either. It just brings a blank page for supporting detail. User can still enter and edit supporting details for other cells. I can think of a couple things to do:
1. Check the relational db and delete the supporting detail for that cell.
2. Restart Planning services to see if that fixes it.
But before I do that, I want to know if anyone of you encounter the same thing or not. And is there any other way to fix that.
Thanks

Thanks! That icon color is barely visible. I never noticed it was there! I need to change it to more contrast color.

Cisco NAC Web Agent + Windows 8

Hello,
I´m implementing a Cisco ISE 1.2 and I am having troubles with NAC Web Agent and Windows 8 compatibility.
All time that I try install NAC Web Agent in Windows 8, I get the message "Agent User Operating System is Not Supported".
Follow are some informations about my Environment:
ISE 1.2 Patch 3
OS: Windows 8 Enterprise
IE: 10 (In Desktop Mode w and w/o Compatibility View)
NAC Web Agent: 4.9.0.1007
Could you help me ?
Best Regards,
Daniel Stefani

Hi Charles,
I can download all this files, but I can’t import it in ISE Resourses.
NAC Agent MST files
nacagentsetup-mst-4.9.3.9.zip
NAC Agent MSI Installation file
nacagentsetup-win-4.9.3.9.msi
NAC Agent Installation Package
nacagentsetup-win-4.9.3.9.tar.gz
Mac Agent Installation Package for MacOSX
CCAAgentMacOSX-4.9.3.803.tar.gz
NAC Agent MST files
nacagentsetup-mst-4.9.3.5.zip
NAC Agent MSI Installation file
nacagentsetup-win-4.9.3.5.msi
NAC Agent Installation Package
nacagentsetup-win-4.9.3.5.tar.gz
In this link that you sent me doesn’t have options to Cisco NAC Web Agent.
But in the follow yes…
http://software.cisco.com/download/release.html?mdfid=283801620&flowid=26081&softwareid=283802505&release=1.2&relind=AVAILABLE&rellifecycle=&reltype=latest
Best Regards,
Daniel Stefani

Installation of Cisco ISE 1.1.4 on Cisco NAC Appliance 3315

Hi,
I am re-imaging the Cisco NAC Appliance 3315 and installing the Cisco ISE 1.1.4...
After finishing the Installation, when i type "SETUP"... It gives me the below Error;
# ERROR: INPUT/OUTPUT ERRORS FOUND DURING THE INSTALLATION! #
# PLEASE REIMAGE THE APPLIANCE OR VM FROM THE INSTALLATION MEDIA. #
Please advise....
I tried to change the Time/Date as per UTC/GMT accordingly... But, i didn't find the RAID in CLI... see the link below
(http://www.cisco.com/en/US/docs/security/ise/1.1.1/installation_guide/ise_app_f-installing_on_NAC-AC.html)
any idea...
Regards,
Mubasher Sultan

Where did you get the recovery media? Did you download from cisco.com?
Please download the image from CCO and ensure the ISE image is valid by checking the MD5 checksum of the downloaded image is matching to CCO image.You will then need to burn this ISO image onto bootable DVD.
Supporting link:
http://www.cisco.com/en/US/docs/security/ise/1.1/installation_guide/ise_ins.html#wp1134146
Jatin Katyal
- Do rate helpful posts -

Cisco Nac agent "List of Antivirus & Anti-Spyware Products Detected by the Agent "

Hi All,
We have posture assessment working with cisco Nac agent. Checking only symantec Antivirus def update and installation. Since there is windows defender in all the user pcs and turned off not in use. But cisco Nac agent is showing both windows defender and symantec in List of Antivirus & Anti-Spyware Products Detected by the Agent field. We dont want windows defender to show in this list.
Anyone encountered this list before?? Please suggest.. I want to get rid of windows defender from this list in nac agent.

Closest enhancement I could check on this is
CSCts34764 NAC: Request for ANY rule to pass if 1 AS/AV definition is up to date
Currently Windows Defender AnitSpyware comes installed on all Windows 7 machines. Many users disable this and install their own AntiSpyware product. Currently when using the ANY AntiSpyware up to date rule, it will fail if say MSE is up to date but not Windows Defender (since it is disabled).
This is an enhancement request to add the ability to pass the ANY check if 1 AntiSpyware or AntiVirus definition is up to date but another is installed and out of date. Currently if a customer wants to accomplish this they need to create a rule for every AntiVirus or AntiSpyware product and use the "Any Selected Rule Succeeds" option which is very cumbersome to configure.
~BR
Jatin Katyal
**Do rate helpful posts**

Cisco NAC 4.8 and Windows Server 2008 Enterprise 64bit SSO

Hi,
     I try to setup SSO on Cisco NAC 4.8 and Windows Server 2008 Enterprise 64bit, but I can't start Active Directory SSO Service that show error follow below. I saw this error " KDC has no support for encryption type (14)" . Could anyone help me to troubleshoot this problem?
FQDN: active.test.com
Domain Name : test.com
User : ccasso
2011-02-05 12:00:30.225 +0700 WARN com.perfigo.wlan.jmx.adsso.GSSServer
- Server was not running ...
2011-02-05 12:00:30.225 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- Server starting server ...
2011-02-05 12:00:30.225 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- Server is now running ...
2011-02-05 12:00:30.225 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - SPN : [ccasso/[email protected]]
2011-02-05 12:00:30.225 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - building kdc list for domain active.test.com
2011-02-05 12:00:40.224 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - done building kdc list for domain active.test.com
2011-02-05 12:00:40.224 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - KDC(s) :[10.0.240.100]
2011-02-05 12:00:40.224 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - writeKrbFile: writing to file ../conf/krb.txt
2011-02-05 12:00:40.224 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - writeKrbFile: wrote to file ../conf/krb.txt
2011-02-05 12:00:40.224 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - creating login context ...
2011-02-05 12:00:40.224 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- GSSServer - created login context ...javax.security.auth.login.LoginCon
text@5ad7b2
2011-02-05 12:00:40.239 +0700 ERROR com.perfigo.wlan.jmx.adsso.GSSServer
- Unable to start server ... KDC has no support for encryption type (14)
2011-02-05 12:00:50.244 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- Notifying GSSServer status Stopped
2011-02-05 12:00:50.244 +0700 INFO com.perfigo.wlan.jmx.adsso.GSSServer
- server is exiting .

Hi,
This error means that your DC does not support the encryption method the ACS wants to use.
Usually this happens when you run 2008 Server with 2003 functionality...
You will need to run ktpass.exe according to the DC you are running:
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cas/s_adsso.html#wp1277452.
For Windows 2008 Server at 2003 Server functional level:
ktpass -princ newadsso/[adserver.][email protected] -mapuser newadsso -pass
PasswordText -out c:\newadsso.keytab -ptype KRB5_NT_PRINCIPAL
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

Mac OS X 10.8.1 and Cisco Nac Agent to 4.9.1.683

We have this problem with on of our clients:
"Cisco NAC Agent is having a difficulty with the server. Agent user operation system
is not supported".
Anyone encounter this problem ?
thanks.

Hi Tarik,
We have:
Cisco Clean Access Server Version 4.9.0
Cisco Clean Access Lite Manager Version 4.9.0
I can see Your point now, that I should start from upgrading to 4.9.1.
Let me do that, and see if it helps.
thanks very much, I will keep You posted.

CISCO NAC AV/AS Support details UPDATE

Similar Messages

Maybe you are looking for