Cisco Security Agent unable to close tcp/135 port on Windows hosts

Hello
I've encountered with problem that Cisco Security Agent unable to close port TCP/135 on windows PC (XP or Win7).
I've configured rule module Network Access Control to prevent all client/server connections to port tcp/135.
I've checked my policy using nmap, so this port (TCP/135) during 20 minutes shows as filtered and i can see log in monitor event on CSA MC, during next 20 minutes it show as opened and no log shows. (time not exact, so it maybe 30 minutes or 5,it varies)
Can anyone explain how TCP/135 works and is it possible to close it using CSA?
Thanks in advance

There is another question for the same issue on the forums (see: CSA 6.0.2.145 problem with windows 7 firewall). I wrote:-
"I went ahead and tested this in the lab with winXP and CSA 602-149 (latest). I defined a rule with DENY tcp/135 and ran the nmap and it reports opened (wireshark shows syn-ack to the syn). I changed it to a PRIORITY DENY and now the nmap reports closed (wireshark shows reset to the syn). Via the cli, netstat -an shows the pc listening on tcp/135 & disabling CSA the syn gets the syn-ack response. To me this implies a couple of defect. 1: The DENY should block syn to tcp135 & 2: CSA should not send reset (it should be reset). Is it possible to open a TAC case and put my name (mwinnett) in it and I will open a defect."
Matthew

Similar Messages

  • Remote desktop connection blocked by cisco security agent

    Hi,
    I have a deployment of a Management Center for Cisco Security Agents 6.0.2 and i just noticed that the agent is blocking the remote desktop connection to the hosts, the agent installed on the server shows me the event but i'm not able to see it logged on the Management Center (i can see logged any other events), i'm not sure what rule should i enable in order to allow this connection.
    Do you have any ideas???
    Thanks in advance...

    Hi,
    Remote desktop connection uses the highest possible security level encryption method between the source and destination.
    In Windows Vista or later versions of Windows, the remote desktop connection uses the SSL (TLS 1.0) Protocol and the encryption is Certificate-based.
    TS Gateway can also make the connection more secure, enhance security, see detailed information in this link
    http://technet.microsoft.com/en-us/library/cc731264(WS.10).aspx
    Don't forget some known offical antii-virus software, they can also protect the connetion from network attack.
    Yolanda Zhu
    TechNet Community Support

  • Cisco security agent for Contact center express

    Hi,
    I have Cisco Contact center express version 7 SR 5 running on server with operating server Windows 2003.1.5. Please let me know which version of Cisco security agent is compatible with above mentioned CCX version & OS version.
    I refered to the CCX comaptibilty guide but but I did not get information regarding operating system comaptibility with CSA. Kindly provide the same.
    Also I tried version 5.0.0.235 of CSA it gave error "CIsco works common service is not installed" & insatllation aborted. I do not have CWLMS in network do i need to install some cisco works common services?
    Regards,
    Atul Kaul

    Hi Atul,
    These are the compatible version of CSA with 7.01Sr5. Recommended one is the highest and latest in the list 5.2.0.296-3.1(9)k9. You can install this in the server regardless of the version OS if you have UCCX 7.01 Sr5.
    4.5.1.639-2.0(3)
    4.5.1.645-2.0(4)
    4.5.1.655-2.0(5)
    5.0.0.187-3.0(1)
    5.0.0.205-3.0(3)
    5.0.0.210-3.0(3)
    5.0.0.216-3.0(4)
    5.0.0.217-3.0(5)
    5.0.0.217-3.0(6)
    5.0.0.225-3.0(7)
    5.0.0.232-3.0(9)
    5.0.0.235-3.0(10)
    5.2.0.281-3.1(3)k9
    5.2.0.282-3.1(5)k9
    5.2.0.282-3.1(7)k9
    5.2.0.296-3.1(9)k9
    Thank you
    Rajani Joshi

  • Problem with Cisco Secure agent instalaltion

    Hi,
    I am having problems with installing the Cisco Secure agent 5.2-203 on a RHEL 3.0 AS server.
    I gives me the following error
    [root@ABC CSCOcsa]# ./install_rpm.sh
    Red Hat Enterprise Linux AS release 3 (Taroon Update 6)
    Preparing packages for installation...
    CSAagent-5.2-203
    cc -DMODULE -D__KERNEL__ -Dlinux -Dkernel -I. -I/usr/src/linux-2.4/include -I../ ../../include/unix -pipe -Os -march=i686 -fno-defer-pop -fno-common -mpreferred- stack-boundary=2 -c symbols.c -o symbols.o
    cc -DMODULE -D__KERNEL__ -Dlinux -Dkernel -I. -I/usr/src/linux-2.4/include -I../ ../../include/unix -pipe -Os -march=i686 -fno-defer-pop -fno-common -mpreferred- stack-boundary=2 -c fshook.c -o fshook.o
    cc -DMODULE -D__KERNEL__ -Dlinux -Dkernel -I. -I/usr/src/linux-2.4/include -I../ ../../include/unix -pipe -Os -march=i686 -fno-defer-pop -fno-common -mpreferred- stack-boundary=2 -c hotpatch.c -o hotpatch.o
    cc -DMODULE -D__KERNEL__ -Dlinux -Dkernel -I. -I/usr/src/linux-2.4/include -I../ ../../include/unix -pipe -Os -march=i686 -fno-defer-pop -fno-common -mpreferred- stack-boundary=2 -c adapt.c -o adapt.o
    adapt.c: In function `kutil_vprintk':
    adapt.c:3442: parse error before `char'
    adapt.c:3443: `buf' undeclared (first use in this function)
    adapt.c:3443: (Each undeclared identifier is reported only once
    adapt.c:3443: for each function it appears in.)
    make: *** [adapt.o] Error 1
    Failed to build adaptation kernel module. Aborting
    error: %post(CSAagent-5.2-203) scriptlet failed, exit status 1
    ./install_rpm.sh: installation failed
    Would like to know where the dependancy is and what is needed to be installed for this installation to work.
    Joel

    Hi Joel,
    The following packages are need to compile the 5.2 agent.
    *GCC*
    *kernel-snmp-devel*
    *compat-libstdc++*
    Also 5.2 error messages are alot less friendly than 5.1's

  • Need solution for solving TIME_WAIT in TCP/IP ports in Windows Server 2008 Standard Service Pack 2

    In one of our windows machine( OS : Windows Server 2008 Standard (Service Pack 2)-32bit), we are facing TIME_WAIT in all the TCP/IP ports and it is not getting closed.
    On analyzing the issue, we found solution for this from the below link,
    https://support.microsoft.com/en-us/kb/2553549
    In this page, we are able to get the hotfix for Windows Server2008 R2 SP1 but i can't able to get for  Windows Server 2008 Standard SP2(32bit). If we try to apply the hotfix vailable for SP1, it is showing "The update does not apply to your System".
    Kindly provide us the solution for solving TIME_WAIT issue in the machine. 
    OS Details : Microsoft Windows Server 2008 Standard
    Version : 6.0.6002 SP2 Build 6002
    System Type : 32 bit(x86-based PC)
    Awaiting for the response.
    Thank you,
    Pushpalatha.A

    Download correct version from Microsoft Update Catalog. Run it with elevated rights.
    M.

  • Cisco Finesse- Agent Unable to Login

    Hi,
    When I connect Finesse Webpage for loggin, the system displays "Invalid ID or password. Please try again.". But I make sure the ID and password are correct.
    In Team Resource tab, I just only see Default with ID 1.
    Anybody know this issue?
    Thanks
    Thuc

    Hi all,
    I opened TAC case and the engineer looked that the Peripheral ID had been wrong. And I changed it and fixed issue.
    Thanks all

  • Cisco Secuirty agent version 5.2

    I installed the cisco security agent version 5.2 on my windows xp machine, i am not in a server enviroment only at home. i go to control panel and try to remove it does nothing and then i try from the program files and try there nothing how do i get this off my system

    I started it and right click and yes i can turn it off and i can also just disabled the service under services? but that is not what i wnat to do i want to remove it off my system. i was simply curious about what this was and i really dont understand what it does, i know its for a client server architecture but what else is it for.

  • Cisco Secure ACS with UCP assistance and enable password

    I am running Cisco Secure ACS version 4.2 running on a
    Standalone Windows 2003 Enterprise 2003with the lastest
    windows service pack and update. Secure ACS is running
    fine and I can authenticate with Cisco routers and
    switches. The Windows 2003 server is also running Microsoft
    IIS Server. In other words, the IIS server and Cisco
    Secure ACS is running on the same windows 2003 server.
    I am trying to get Cisco User-Changeable password to work
    with Cisco Secure ACS. I followed the release notes lines
    by lines and the work around provided below:
    Also server require more privileges for the internal windows user that runs CSusercgi.exe.
    The name of the windows user that runs UCP is IUSR_<machine_name>.
    Workaround steps:
    1) Install UCP 4 on a machine that runs IIS server.
    2) Open IIS manager
    3) Locate Default Web Site
    4) Double click on the virtual name 'securecgi-bin'
    5) Right click on CSusercgi.exe and choose Properties
    6) Choose 'File Security' tab
    7) Choose 'Edit' in 'Authentication and access control' area
    8) Change username from IUSR_<machine_name> to 'Administrator' and enter his
    password (make sure that 'Integrated Windows authentication' is checked)
    I still can NOT get this to work. I got this error:
    It says:
    The page cannot be found
    The page you are looking for might have been removed,
    had its name changed, or is temporarily unavailable.
    HTTP Error 404 - File or directory not found.
    Internet Information Services (IIS)
    I modified everything in the Windows 2003 to be "ALLOWED" by
    EVERYONE. In other words, there are NO security on the windows 2003.
    It is still NOT working.
    The other question I have is that can Cisco UCP allow user
    to change his/her enable password?
    Can someone help? Thanks.

    Yes bastien,
    Thank you.
    But one thing more i want to know that in its Redundant AAA server, when i try to open IIS 6.0 window 2003; it prompts for Username and Password.
    I've given it several time; also going through Administrator account with administrative credentials but it always failed.
    Any suggestions/solution/?
    This time many thanks in advance.
    Regards
    Mehdi Raza

  • Failed to secure agent to oms

    10.2.0.5
    both agent and oms at latest psu.
    Linux Redhat 4.
    As a test, trying to secure the agent that is on the same server as the OMS. I am secure it against a VIP, since we have active/passive failover.
    I already secured my oms against the VIP. It is running. I can reach grid control through the VIP. The agent functions fine against the regular IP before securing.
    On this step:
    $AGENT_HOME/bin/emctl secure agent -emdWalletSrcUrl https://<virtual_hostname>:<upload_port>/em
    I just get a failed. Here are the errors from the log. I got 2.
    2011-06-09 15:36:42,538 [main] INFO agent.SecureAgentCmd secureAgent.223 - Requesting an HTTPS Upload URL from the OMS
    2011-06-09 15:39:42,616 [main] ERROR agent.SecureAgentCmd main.207 - Failed to secure the Agent:
    java.io.InterruptedIOException: Connection establishment timed out
    at HTTPClient.HTTPConnection.getSocket(HTTPConnection.java:3261)
    at HTTPClient.HTTPConnection.doConnect(HTTPConnection.java:4020)
    at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3003)
    at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2843)
    at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2635)
    at HTTPClient.HTTPConnection.Get(HTTPConnection.java:923)
    at oracle.sysman.emctl.secure.agent.SecureAgentCmd.openPage(SecureAgentCmd.java:836)
    at oracle.sysman.emctl.secure.agent.SecureAgentCmd.getOMSSecurePort(SecureAgentCmd.java:782)
    at oracle.sysman.emctl.secure.agent.SecureAgentCmd.secureAgent(SecureAgentCmd.java:224)
    at oracle.sysman.emctl.secure.agent.SecureAgentCmd.main(SecureAgentCmd.java:200)
    2011-06-09 15:49:33,715 [main] INFO agent.SecureAgentCmd secureAgent.223 - Requesting an HTTPS Upload URL from the OMS
    2011-06-09 15:49:34,357 [main] ERROR agent.SecureAgentCmd main.207 - Failed to secure the Agent:
    javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523)
    at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:782)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:618)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
    at java.io.ByteArrayOutputStream.writeTo(ByteArrayOutputStream.java:112)
    at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3018)
    at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2843)
    at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2635)
    at HTTPClient.HTTPConnection.Get(HTTPConnection.java:923)
    at oracle.sysman.emctl.secure.agent.SecureAgentCmd.openPage(SecureAgentCmd.java:836)
    at oracle.sysman.emctl.secure.agent.SecureAgentCmd.getOMSSecurePort(SecureAgentCmd.java:782)
    at oracle.sysman.emctl.secure.agent.SecureAgentCmd.secureAgent(SecureAgentCmd.java:224)
    at oracle.sysman.emctl.secure.agent.SecureAgentCmd.main(SecureAgentCmd.java:200)

    I have same setup like you. I configured it a long time ago, so stuff are a bit fuzzy in my head!
    I remember I deleted the old wallet file, changed the REPOSITORY_URL and emdWalletSrcUrl in emd.properties in AGENT_HOME/sysman/config to use the VIP hostname. Then ran "emctl secure agent".
    Please note the upload port and SSL usage are different for wallet and repository URLs.
    What I changed:
    REPOSITORY_URL=https://<virtualhostname>:1159/em/upload
    emdWalletSrcUrl=http://<virtualhostname>:4889/em/wallets/emd
    What I Didn't change:
    EMD_URL=http://<physicalhostname>:3872/emd/main/
    This will automatically change to HTTPS after successfully securing agent.
    HTH

  • Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service

    Hello,
    Question regarding the work around for the recent Cisco Security Advisory (cisco-sa-20070124). The link to this advisory is here:http://www.cisco.com/en/US/customer/products/products_security_advisory09186a00807cb0e4.shtml#vuln
    The work around says to create an access-list for example:
    access-list 150 permit tcp TRUSTED_HOSTS MASK INFRASTRUCTURE_ADDRESSES MASK
    So trusted_hosts, is that the hosts on my network?
    Infrastructure_addresses, is this my routers
    I'm not sure what they are saying here. If anyone could shed some light, that would be great
    Thanks
    Mike

    Pretty close. Trusted hosts SHOULD be hosts that are A.,trusted and B., require access to those devices. So as an example "TRUSTES_HOSTS" could be management stations, admin desktops, or whatever is required to have access and you is "trusted". Ideally infrastructure address space should only be reachable from trusted users that need access and no one else. Infrastructure space would likely include addresses for routers, firewalls, switches , authentication servers, monitoring servers, basically anything that makes the network run and keeps it alive. Hope this helps.

  • Unable to Install Cisco Security Manager

    Hi,
    I facing issue when trying to install Cisco Security Manager in my Windows Server 2008.
    I had attach the print screen of my server version and error message.
    The error message had mention that it was due to unsupport OS or terminal service.
    But, i check and it show that my Window Server was the recommend version and no terminal service been enable.

    Hi Vincent,
    Please understand that Window Server 2008 R2 Enterprise Server is not same as Windows Server 2008 Enterprise Server. I had faced the same problem earlier. The R2 version is supported only CSM 4.1 onwards.
    Regards,
    Chetan

  • ORA-28545: error diagnosed by Net8 when connecting to an agent Unable to retrieve text of NETWORK/NCR message 65535

    Hello All,
    I have verified entire otn community, but none of the solution working for me and hence posting this problem. I'm getting below error message when I try to connect from oracle 11g to sqlserver database. All details are given below and request some body to provide resolution.
    Oracle 11 g server installed in "Red Hat Enterprise Linux Server release 6.3"
    Sqlserver running in Windows server enterprise 64bit OS.
    $ cat initdg4msql.ora
    # This is a customized agent init file that contains the HS parameters
    # that are needed for the Database Gateway for Microsoft SQL Server
    # HS init parameters
    HS_FDS_CONNECT_INFO=[SJCGNMWQA2WEB01]:SQLEXPRESS//msdb
    # alternate connect format is hostname/serverinstance/databasename
    HS_FDS_TRACE_LEVEL=OFF
    HS_FDS_RECOVERY_ACCOUNT=RECOVER
    HS_FDS_RECOVERY_PWD=RECOVER
    $ cat listener.ora
    # listener.ora Network Configuration File: /home/oracle/11g/product/11/network/admin/listener.ora
    # Generated by Oracle configuration tools.
    SID_LIST_LISTENER =
      (SID_LIST =
        (SID_DESC =
         (SID_NAME = dg4msql)
         (ORACLE_HOME = /home/oracle/11g/product/11)
         (PROGRAM = dg4msql)
    $ cat tnsnames.ora
    # tnsnames.ora Network Configuration File: /home/oracle/11g/product/11/network/admin/tnsnames.ora
    # Generated by Oracle configuration tools.
    GNMDB =
      (DESCRIPTION =
        (ADDRESS = (PROTOCOL = TCP)(HOST = sjcgnm62v2db1.skta.com)(PORT = 1521))
        (CONNECT_DATA =
          (SERVER = DEDICATED)
          (SERVICE_NAME = GNMDB)
    dg4msql  =
      (DESCRIPTION =
        (ADDRESS = (PROTOCOL = TCP)(HOST = sjcgnm62v2db1.skta.com)(PORT = 1521))
        (CONNECT_DATA = (SID = msdb))
        (HS = OK)
    LISTENER =
      (DESCRIPTION_LIST =
        (DESCRIPTION =
          (ADDRESS = (PROTOCOL = TCP)(HOST = sjcgnm62v2db1.skta.com)(PORT = 1521))
          (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
    ADR_BASE_LISTENER = /home/oracle/11g
    Output of lsnrctl start
    $ lsnrctl start
    LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 22-NOV-2013 15:17:08
    Copyright (c) 1991, 2011, Oracle.  All rights reserved.
    Starting /home/oracle/11g/product/11/bin/tnslsnr: please wait...
    TNSLSNR for Linux: Version 11.2.0.3.0 - Production
    System parameter file is /home/oracle/11g/product/11/network/admin/listener.ora
    Log messages written to /home/oracle/11g/diag/tnslsnr/sjcgnm62v2db1/listener/alert/log.xml
    Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=sjcgnm62v2db1.skta.com)(PORT=1521)))
    Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
    Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=sjcgnm62v2db1.skta.com)(PORT=1521)))
    STATUS of the LISTENER
    Alias                     LISTENER
    Version                   TNSLSNR for Linux: Version 11.2.0.3.0 - Production
    Start Date                22-NOV-2013 15:17:08
    Uptime                    0 days 0 hr. 0 min. 0 sec
    Trace Level               off
    Security                  ON: Local OS Authentication
    SNMP                      OFF
    Listener Parameter File   /home/oracle/11g/product/11/network/admin/listener.ora
    Listener Log File         /home/oracle/11g/diag/tnslsnr/sjcgnm62v2db1/listener/alert/log.xml
    Listening Endpoints Summary...
      (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=sjcgnm62v2db1.skta.com)(PORT=1521)))
      (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
    Services Summary...
    Service "dg4msql" has 1 instance(s).
      Instance "dg4msql", status UNKNOWN, has 1 handler(s) for this service...
    The command completed successfully
    SQL> CREATE PUBLIC DATABASE LINK sqlserver CONNECT TO "sa" IDENTIFIED BY "gnm123" USING 'dg4msql';
    Database link created.
    SQL> select * from dual@sqlserver;
    select * from dual@sqlserver
    ERROR at line 1:
    ORA-28545: error diagnosed by Net8 when connecting to an agent
    Unable to retrieve text of NETWORK/NCR message 65535
    ORA-02063: preceding 2 lines from SQLSERVER
    SQL> select * from "sys"."tables"@sqlserver;
    select * from "sys"."tables"@sqlserver
    ERROR at line 1:
    ORA-28545: error diagnosed by Net8 when connecting to an agent
    Unable to retrieve text of NETWORK/NCR message 65535
    ORA-02063: preceding 2 lines from SQLSERVER
    Pl help.

    Hi Klaus,
    I just pick the gateway 11.2.0.3 patch to the installation. Here I got error and patch installation failed.
    [oracle@sjcgnm62v2db1 13092292]$ opatch apply
    Invoking OPatch 11.2.0.1.7
    Oracle Interim Patch Installer version 11.2.0.1.7
    Copyright (c) 2011, Oracle Corporation.  All rights reserved.
    Oracle Home       : /home/oracle/11g/product/11
    Central Inventory : /home/oracle/oraInventory
       from           : /etc/oraInst.loc
    OPatch version    : 11.2.0.1.7
    OUI version       : 11.2.0.3.0
    Log file location : /home/oracle/11g/product/11/cfgtoollogs/opatch/opatch2013-11-26_12-41-27PM.log
    Applying interim patch '13092292' to OH '/home/oracle/11g/product/11'
    Verifying environment and performing prerequisite checks...
    Prerequisite check "CheckApplicable" failed.
    The details are:
    Patch 13092292: Required component(s) missing : [ oracle.rdbms.tg4db2, 11.2.0.3.0 ]
    [ Error during Prerequisite for apply Phase]. Detail: ApplySession failed during prerequisite checks: Prerequisite check "CheckApplicable" failed.
    Log file location: /home/oracle/11g/product/11/cfgtoollogs/opatch/opatch2013-11-26_12-41-27PM.log
    Recommended actions: This patch requires some components to be installed in the home. Either the Oracle Home doesn't have the components or this patch is not suitable for this Oracle Home.
    OPatch failed with error code 39
    [oracle@sjcgnm62v2db1 13092292]$
    Pl help.

  • Unable to close windows

    I didn't find any other threads on this problem, so evidently it's just my system?
    A few days ago I installed the latest Tiger security patch (2007-009), Java 6 update and Quicktime 7.3.1 update.
    Since then I am unable to close ANY window in Safari. Safari seems to work fine otherwise. I can browse and open tabs and windows, and websites can create new windows, but then I can not close ANY of the windows. I can close tabs but not windows. When I click the Close button, nothing happens, and when I use ⌘+W, nothing happens.
    So, after a while of surfin' the 'net, I end up with a bunch of open windows of various sizes. When I re-open Safari, I get one new window with the Home tab.
    I just recently began using Safari again, because it's 3x faster than Firefox on my iBook, but now I've got this problem.
    Any ideas?
    I will likely be calling Apple Support today, although I hate to, as I've found them to be very unknowledgeable and unhelpful in the past.

    Hi,
    Go to these 2 locations to see if you have any 3rd party extensions and move anything present in them onto your Desktop to deactivate them:
    /Users/YourUsername/Library/InputManagers/
    /Library/InputManagers/
    Restart Safari to pick up the change. If it works now, you can try moving the items back one by one until you find the culprit.
    If that doesn't help, or you don't have those folders, one quick test you can do to help narrow down things is to try Safari in another user account. This will help us to know whether your problem is local to your account or system wide. If you don't have another account you can use System Preferences -> Accounts -> \[+\] to create a test one (and \[-\] to remove it if needed)

  • Cisco NAC Agent 4.9.1.682 Problems with Mac Os X 10.7.4

    Hi
    My Cisco NAC Agent  (version 4.9.1.682) doesn't work since I upgraded my Mac OS X  4 months ago, This happens every time with CISCO and MAC when there is a new update and it always seems to take forever to fix.
    The NAC agent just keeps asking for my login in details even though there are correct (I can log in with a PC no problem).
    Any update on when a new version is going to be released - Its getting really frustrating?

    I figured out a solution that works you must disable Online Certificate Status Protocol (OCSP) on the affected system. To do this :
        Open Keychain Access. Keychain Access can be found by selecting Go in the Finder and choosing the Utilities option. Keychain access should be listed in the folder that appears. Double-click the Keychain Access icon to open it.
        Select Keychain Access -> Preferences from the menu at the top of the screen
        Choose the Certificates tab
        Change the OCSP option from Best Effort to Off
        Close the Preferences dialog and quit Keychain Access
        You should be able to NAC now

  • Setting privileges in Cisco Secure ACS Version 5.1.0.44

    I am setting privileges in Cisco Secure ACS Version 5.1.0.44.
    In the command sets from the ACS server, I denied few commands as can be seen in the attached screenshot and selected 'Permit any command that is not in the table below'.
    I am unable to see some commands like "Show running-configuration" from the router I was testing. What changes should I do to see all the commands other than the denied commands. Your help will be rated. Thank you.

    Hi,
    The ACS is able to handle permit or deny commands.
    I created a configuration example that will help you to understand command shell.(see attach doc)
    Instead of using show running-config please use show config.
    also make sure that all the users are using privilege 15.
    Regards,

Maybe you are looking for

  • Printing to older printer - elusive

    We have an established printer set up - LaserJet 5MP connected to an Ethernet switch using a print server. The MacBook Pro (OS 10.7) sees the printer fine and reliably sends print jobs to it. Our 2nd laptop, MacBook Air, also OS 10.7, cannot find thi

  • Canon Printer mx860 not working since upgrade to Yosemite, it is connected to my Mac via usb.  Any suggestions?  Thanks. LL

    My 2009 Canon MX860 Pixma printer not working since an upgrade to Yosemite on my MAC version 10.10. It is connected by USB.  Have had no previous issues with printing, scanning or faxing.  When trying to print my Calendar I only get light vertical do

  • Can't sync photo's from PC

    I have i-cloud set up on ipad and PC and the photo's box is ticked on both. I am trying to get photo's taken from my camera which I have transferred to my PC onto my ipad. I have copied the required photo's from my PC and pasted into the Photo stream

  • Trouble w/ WYSIWYG in Word

    I am having trouble with a word doc that contains clip art. Everything appears to be formatted correctly on the screen, but when I print, the clip art is not where it should be. Any suggestions? The clip art is a jpeg.

  • Oracle Server Utilites User Guide

    Anyone know where I can find a copy of this guide on the internet for version 8i?? Thank you in advance.