Cisco NAC web agent failure

Is there a list somewhere that shows what the status's mean?  I have a few users getting this error, while others are working fine -
Failed to download  Cisco NAC Web Agent ( status = -2 ) !
Thanks!

For the web agent, there are three error states
-1 means that it was unable to launch the control at all,
-2 means it failed to download the agent executable,
-3 means there was an error running the web agent
Are you using the Java or ActiveX version of the web agent?  Definitely check the browser settings for both and make sure that it's either allowing or prompting the user for the applets.  If you're using the ActiveX version, you could try forcing the Java version, as most users seem to have more lenient browser settings by default for it.

Similar Messages

  • Cisco NAC Web Agent + Windows 8

    Hello,
    I´m implementing a Cisco ISE 1.2 and I am having troubles with NAC Web Agent and Windows 8 compatibility.
    All time that I try install NAC Web Agent in Windows 8, I get the message "Agent User Operating System is Not Supported".
    Follow are some informations about my Environment:
    ISE 1.2 Patch 3
    OS: Windows 8 Enterprise
    IE: 10 (In Desktop Mode w and w/o Compatibility View)
    NAC Web Agent: 4.9.0.1007
    Could you help me ?
    Best Regards,
    Daniel Stefani

    Hi Charles,
    I can download all this files, but I can’t import it in ISE Resourses.
    NAC Agent MST files
    nacagentsetup-mst-4.9.3.9.zip
    NAC Agent MSI Installation file
    nacagentsetup-win-4.9.3.9.msi
    NAC Agent Installation Package
    nacagentsetup-win-4.9.3.9.tar.gz
    Mac Agent Installation Package for MacOSX
    CCAAgentMacOSX-4.9.3.803.tar.gz
    NAC Agent MST files
    nacagentsetup-mst-4.9.3.5.zip
    NAC Agent MSI Installation file
    nacagentsetup-win-4.9.3.5.msi
    NAC Agent Installation Package
    nacagentsetup-win-4.9.3.5.tar.gz
    In this link that you sent me doesn’t have options to Cisco NAC Web Agent.
    But in the follow yes…
    http://software.cisco.com/download/release.html?mdfid=283801620&flowid=26081&softwareid=283802505&release=1.2&relind=AVAILABLE&rellifecycle=&reltype=latest
    Best Regards,
    Daniel Stefani

  • Cisco NAC web agent Network Security Policy

    I have a computer with an installed McAfee Antivirus that us up to date. However, each time try to access one of my client's server via VPN, I successfully connect to VPN using Cisco Anyconnnect but whenever I try to download the web agent and the device security check is being run, I get the feedback "Host is not compliant with network security policy". It also tells me a Remediation description of "please update your antivirus". (see attached screenshot)
    Please note that I already have my McAfee antivirus updated and I have done everything to keep my computer in good shape in terms of security.
    What is the possible cause for this?

    That means the CAM hasn't received an SNMP trap for that MAC address.  Double-check that the WLC is set up to send traps to the CAM: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cam/m_woob.html#wp1290626
    You can see if the CAM's received a trap for a specific MAC by looking under OOB Management > Devices > Discovered Clients.

  • Use NAC Web Agent login with Ipad

    Hello Guys,
    I'm using NAC 4.8, and I'd like to login using NAC Web Agent on Ipad.
    When I'm trying to do that, I'm receiving a message on Ipad that I need to install Java Plug-In, but there is no JavaPlug-in available for Ipad.
    Does anyone know if there is any aditional configuration that I have to do on NAC Manager to be able to access the network using NAC Web Login on Ipad ?
    Best Regards

    Hi Luciano,
    Unfortunately, the NAC Web Agent and the persistant Agent are not supported for the iPad operating system. (It is called iOS). The following table documents this fact under footnote 3:
    http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp125630
    Only normal Web Login with Safari browser is enabled.
    Hope this helps.
    -Shrikant
    P.S.: Please mark this question as answered if it has been resolved. Do rate helpful posts. Thanks.

  • NAC web agent question

    Hi,
    I need to know when can i use the NAC web agent???  is it used for guests or visitors only????
    If i used NAC web agent for guests , can i perform posture assessment for the guest users ( i mean check windows update , AV/AS or certain services)?? or network scanning will be only applied to the guests who are using NAC web agent???? 
    i read the userguide of 4.7.1 of CAM and CAS but i have some conflicts regarding the above topic , so please i need your help.
    Mohamed

    Mohamed,
    You can use it for any kind of users (guest/regular) and can do posture assessment, but no remediation. Remediation requires the full agent. The other limitation is that the web agent is only valid on Windows machines and cannot run on Mac/Linux etc.
    HTH,
    Faisal

  • ISE 1.3 NAC Web Agent for Posture

    Hi,
    We have two categories of wireless users (Vendors and Guests) and we need only Vendors to do posture (AV update check).We need to have two different portals to be redirected once each category of user hit as Vendor portal should also do device compliance checked and Guest portal should not do. We made a policy matching SSID (Called-Satation-ID=ssid) however when we tried it does not hits the particular rule. When we use single portal it can either do device complaint or not compliant..?
    Appreciate if any one has tried this out or has better idea how to accompany this requirement.
    Thanks in advance.

    Hello,
    Perhaps re-order the rules so the guests are first and use a rule that calls Guest Flow or Guest Identity and then vendors come next.
    Chris

  • ISE - Can't install Web Agent

    Dear guys,
    I have problem in my lab case like sequence below:
    A guest access into internal network, then will be redirect to Guest Portal.
    A guest log in successfully using credential (was created by sponsor account)
    Then, "Client Provisioning" process starts. Base on Client Provisioning policy with OS: Windows 8, guest session will be apply on Web Agent.
    Then Web Agent install and check status process starts. But, in this phase. I got a error like this:
    In Chrome & FF browser: "You will not be allowed to access the network due to internal error. please contact your administrator"
    In IE browser:
    "You will not be allowed to access the network due to internal error. please contact your administrator"
    "Your login session failed! (status = 36) You will have limited network connectivity. Please try disconnecting and reconnecting to the network to start a new connection (or) contact your system administrator if the problem persists"
    In addition:
    I imported certificated (was signed by AD Root CA) into Local Certificates.
    I imported AD Root certificated into Certificate Store.
    I will be grateful for any help you can provide.
    Have a nice day !

    Web agent should handle cert. revocation dialog box similar to Win agent
    CSCsl40626
    Description
    Symptom:
    Revocation failed dialog box keeps popping up on client machine despite of clicking "Yes" button
    Conditions:
    This issue is seen on the client machine performing login either using Windows agent or NAC web agent. The issue happens when the Clean Access Server (CAS) certificate root CA is not listed in the trusted store on the client machine. The issue is known to be reproducible on all flavors of Win XP & Win Vista using Windows or NAC web agent
    Workaround:
    Try selecting Yes. If this does not work you can turn off the security certificates revocation check by changing the options in Internet Explorer IE.
    Use the following procedure to change the option in IE:
    1. Launch IE
    2. From the tool bar, select Tools then Internet Options
    3. Select the Advanced tab
    4. In the Security section, un-check the option "Check for server certificate revocation"
    5. Click on the Apply button
    6. Click on the OK button
    7. Close IE
    8. Try the web login again
    Product:
    Cisco NAC Appliance (Clean Access)
    Known Affected Releases:
    (1)
    4.1(3.6)

  • Question about cisco nac agent

    When I deploy Cisco NAC appliance, the main different between using cisco nac appliance with or without agent? I see Cisco NAC agent has two function: scan and remediation. If Cisco NAC appliance without agent, Cisco NAC server will scan device and remediation. That is right?
    Please answer me early. Thank you for your answer.

    Sorry, I believe daldden is correct, without the agent you can still scan using the built-in Nessus scanner.
    We don't use the Nessus scanner, but these are some things to consider if you use the scanner. These are from memory though so anyone who actively uses the scanner may be able to give more up to date or complete info:
    1) You have to decide which vulnerabilities you want to scan for.
    2) The more plug-ins you enable, the longer (obviously) the scan takes.
    3) There are configuration steps for many of the plug-ins
    4) Your users will still need to go to a login page in order to be scanned.
    5) You have to configure the remediation information (URL, steps, etc) for each plug-in you enable.
    From our view point, the only reason we would enable the scanner is if we were looking for a specific vulnerability, perhaps a new threat that didn't yet have a patch. If it had a patch, we would watch for the patch using the agent (installed or web based).
    It was much easier for us to use the agent, to scan their system and make sure that the MS critical hot fixes were installed and/or an AV system was installed and up to date. As mentioned, if there is a patch for a vulnerability, you can use the agent to make sure that specific hot fix is installed.
    Remember that there is also a web agent. The web agent is an ActiveX or Java (you pick which one you want to use) applet that is loaded onto the person's machine, the system scanned, then the applet is unloaded.
    Of course, the agent is only for MSoft (with some MAC options), so if you have Linux systems, the Nessus scanner would be your only option.

  • Cisco NAC Agent 4.9.1.682 Problems with Mac Os X 10.7.4

    Hi
    My Cisco NAC Agent  (version 4.9.1.682) doesn't work since I upgraded my Mac OS X  4 months ago, This happens every time with CISCO and MAC when there is a new update and it always seems to take forever to fix.
    The NAC agent just keeps asking for my login in details even though there are correct (I can log in with a PC no problem).
    Any update on when a new version is going to be released - Its getting really frustrating?

    I figured out a solution that works you must disable Online Certificate Status Protocol (OCSP) on the affected system. To do this :
        Open Keychain Access. Keychain Access can be found by selecting Go in the Finder and choosing the Utilities option. Keychain access should be listed in the folder that appears. Double-click the Keychain Access icon to open it.
        Select Keychain Access -> Preferences from the menu at the top of the screen
        Choose the Certificates tab
        Change the OCSP option from Best Effort to Off
        Close the Preferences dialog and quit Keychain Access
        You should be able to NAC now

  • Cisco Nac agent "List of Antivirus & Anti-Spyware Products Detected by the Agent "

    Hi All,
    We have posture assessment working with cisco Nac agent. Checking only symantec Antivirus def update and installation. Since there is windows defender in all the user pcs and turned off not in use. But cisco Nac agent is showing both windows defender and symantec in List of Antivirus & Anti-Spyware Products Detected by the Agent field. We dont want windows defender to show in this list.
    Anyone encountered this list before?? Please suggest.. I want to get rid of windows defender from this list in nac agent.

    Closest enhancement I could check on this is
    CSCts34764    NAC: Request for ANY rule to pass if 1 AS/AV definition is up to date
    Currently Windows Defender AnitSpyware comes installed on all Windows 7 machines.  Many users disable this and install their own AntiSpyware product.  Currently when using the ANY AntiSpyware up to date rule, it will fail if say MSE is up to date but not Windows Defender (since it is disabled).
    This is an enhancement request to add the ability to pass the ANY check if 1 AntiSpyware or AntiVirus definition is up to date but another is installed and out of date.  Currently if a customer wants to accomplish this they need to create a rule for every AntiVirus or AntiSpyware product and use the "Any Selected Rule Succeeds" option which is very cumbersome to configure.
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

  • Mac OS X 10.8.1 and Cisco Nac Agent to 4.9.1.683

    We have this problem with on of our clients:
    "Cisco NAC Agent is having a difficulty with the server. Agent user operation system
    is not supported".
    Anyone encounter this problem ?
    thanks.

    Hi Tarik,
    We have:
    Cisco Clean Access Server   Version 4.9.0
    Cisco Clean Access Lite Manager   Version 4.9.0
    I can see Your point now,  that I should start from upgrading to 4.9.1.
    Let me do  that, and see if it helps.
    thanks  very much, I will keep You posted.

  • NAC 4.8 web agent with WSUS checking

    Hi,
    In some cases we would like to use the NAC 4.8 Web agent to check the WindowsUpdate  related things.
    We have a managed WSUS server, the ckeck working well with native win32 clients, but when we try connect with web agent,
    the report show the following:
    Information:
    Failed to find Windows updates
    Description:
    Missing windows updates: 0
    At the Windowsupdate.log file there is NOTHING about it, nor connecting, or any related.
    Tried with the activex and Java client, the result is same. Also tried to catch some ip packets with Wireshark going to wsus server, but there is active connection.
    Is this a bug, or the web agent is not WIndowsUpdate check compatible?
    Thanks
    Attila

    Hi Eduardo,
    We can check all the requirement rules, but notes,
    this check is works well with native win agents, so I assume the CAM Requirements and Rules side is ok.
    Pls. confirm, there is no matter how I'd like to check win patches (via web or with client) at Checks/Rules/Roles/Requirements config.
    Attila

  • NAC - Using ActiveX web agent with low level user

    Hi:
    I have NAC installed in-band and running. We have a group of test taker with user rights to the PC. The ActiveX web agent will not load and the Java agent does not start.
    Any suggestion o dealing with some low secuirty issue and the browser.
    Thanks
    Dan

    Hi Eduardo,
    We can check all the requirement rules, but notes,
    this check is works well with native win agents, so I assume the CAM Requirements and Rules side is ok.
    Pls. confirm, there is no matter how I'd like to check win patches (via web or with client) at Checks/Rules/Roles/Requirements config.
    Attila

  • Hide Cisco NAC agent window

    Dear all,
    We have cisco NAC version 4.9.1 and the agent version is 4.9.1.5. We want to know if there is a way to hide the cisco NAC agent window so the user do not see it, i mean run it on the background to make it a bit more transparent to the final user.
    Anyone have any ideas?
    Thanks in advance.

    Go to "Administration > User Pages" and make sure you have configured a proper login page for Windows 7.

  • Cisco NAC agent services not running on Windows XP

    Hi,
    I've problem with Cisco NAC agent services on Windows XP professional SP3.
    After first installation using user local administrator, the services of Cisco NAC agent on windows machine running well, but after logout, and login using another user which is registered in domain users, the services of Cisco NAC agent is going to stopped (going to Manual mode not automatic, and the status is stopped).
    This situation is not happened on all windows machines, several machines running well.
    Cisco NAC agent version 4.9.0.42
    Has anyone seen this type of problem?
    Below i attached windows machine information from ones running well and not running, Thanks
    Regards,
    Rian

    Hi thanks for your answers, dbconsole is started in services.msc and also Agent, but goes on to say that the agent is not running.
    In sysman log shows this,
    "03/20/2012 13:38:54,553 [MetricCollector: HOMETAB_THREAD600: 60] ERROR rt.DbMetricCollectorTarget _getAllData.328 - oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
    oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
    at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest_ (EMDClient.java: 1330)
    at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest (EMDClient.java: 1223)
    at oracle.sysman.emSDK.emd.comm.EMDClient.getMetrics (EMDClient.java: 640)
    at oracle.sysman.emo.perf.metric.rt.DbHomeTab._getAllData (DbHomeTab.java: 324)
    at oracle.sysman.emo.perf.metric.rt.DbHomeTab.getData (DbHomeTab.java: 139)
    at oracle.sysman.emo.perf.metric.eng.MetricCached.collectCachedData (MetricCached.java: 402)
    at
    at oracle.sysman.emo.perf.metric.eng.MetricCollectorThread.run (MetricCollectorThread.java: 320)
    at java.lang.Thread.run (Thread.java: 595)
    20/03/2012 22:00:03,335 [JobWorker 772: Thread-13] ERROR em.jobs executeCommand.161 - UpdateARUTables: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup parameters required to September."
    In event viewer shows this,
    "Agent process exited abnormally DURING initialization." but this message appears a few hours after having started the service.
    I am using the Administrator account

Maybe you are looking for