NAC ADSSO with NAC Module isn't working for all modules

Hello,
We have a NAC OOB-L2-VG Deployment at the Central Site with VLAN Mapping and ADSSO which works just fine.
As part of the project we have implemented NAC Modules on ISR routers for the branch offices; same topology but as the documentation states no VLAN mapping was configured. The problem is that for some users in one branch office the ADSSO isn't working and in another branch office the ADSSO isn't working at all, all the users are getting authenticated with a local user we defined on the servers.
The configuration in both modules is exactly the same; they are using the same user to access the AD (the one used on the ktpass) the data links to the central site are both 1 Mbps and everything is pretty much the same thing.
I have checked the logs on the CAS-Module and it states that Windows SSO is running:
Nov 27, 2009 10:08:23 AM com.perfigo.wlan.jmx.admin.GSSRetrier$RetrierTask run
INFO: GSSR - Windows SSO is running
The interesting thing is that when the user goes thru the NAC process I see these logs:
Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.SWissServer run
FINE: Sent Response to /172.19.5.11!
Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSServer$GSSThread run
INFO: accepted ADSSO socket ...Socket[addr=/172.19.5.11,port=1431,localport=8910]
Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSServer$GSSThread run
INFO: accepting ADSSO socket ...
Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSHandler run
INFO: processing socket ...Socket[addr=/172.19.5.11,port=1431,localport=8910]
Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSHandler run
INFO: TIMEOUT_SET FOR ADSSO SOCKET ... Socket[addr=/172.19.5.11,port=1431,localport=8910]
Nov 27, 2009 8:55:13 AM com.perfigo.wlan.jmx.admin.GSSHandler run
INFO: reading peer's token_length Socket[addr=/172.19.5.11,port=1431,localport=8910]
Nov 27, 2009 8:55:28 AM com.perfigo.wlan.jmx.admin.GSSHandler run
SEVERE: IO Error: Socket[addr=/172.19.5.11,port=1431,localport=8910]:Read timed out
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissHandler processPacket
FINE: SWissServer: get request from : 1043@/172.19.5.11
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissHandler processPacket
FINE: SWissServer: Client OS is WINDOWS_PRO_XP
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil parseClientAddrList
FINE: IP=/172.19.5.11, MAC=00:1E:4F:53:97:7D
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.Shell writeToClick
FINE: /proc/click/intern_arpq/add_interest-->172.19.5.11
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.Shell writeToClick
FINE: /proc/click/intern_arpq/remove_interest-->172.19.5.11
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
FINE: IP=172.19.5.11, VLAN=19, OS=WINDOWS_PRO_XP
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
FINE: Default Provider=Local DB
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
FINE: Providers=Local DB;
Nov 27, 2009 8:56:18 AM com.perfigo.wlan.jmx.admin.SWissUtil getOpProviderListData
FINE: Number of providers=1
The IP address 172.19.5.11 is the IP of the PC during the unauthenticated role; what the user is finally seeing is the CCA Agent asking for user and password instead of using the ADSSO.
The version of the Agent is 4.1.10, the NAS and NAM are running 4.1.8 and the only ackword thing is that the Active Directory Servers are running Windows 2000 SP4.
Any assistance would be much appreciated.
Thanks,
DL.

Hi,
I too have the same error , Any one knows how to resolve this
Socket[addr=/10.80.0.220,port=1583,localport=8910]
2010-09-28 10:57:38.028 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSServer               - accepting ADSSO socket ...
2010-09-28 10:57:38.041 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSHandler              - processing socket ... Socket[addr=/10.80.0.220,port=1583,localport=8910]
2010-09-28 10:57:38.041 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSHandler              - TIMEOUT_SET FOR ADSSO SOCKET ... Socket[addr=/10.80.0.220,port=1583,localport=8910]
2010-09-28 10:57:38.041 +0530 DEBUG com.perfigo.wlan.jmx.adsso.GSSHandler              - reading peer's token_length from Socket[addr=/10.80.0.220,port=1583,localport=8910]
2010-09-28 10:57:38.670 +0530 ERROR com.perfigo.wlan.jmx.adsso.GSSHandler              - IO Error: Socket[addr=/10.80.0.220,port=1583,localport=8910] null
2010-09-28 10:58:40.215 +0530 INFO  com.perfigo.wlan.jmx.adsso.GSSRetrier              - GSSR - Windows SSO is running
2010-09-28 10:59:26.308 +0530 WARN  org.apache.commons.httpclient.HttpMethodBase       - Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.
2010-09-28 10:59:38.478 +0530 INFO  com.perfigo.wlan.jmx.admin.OOBDelayTask            - OOBDelayTask: remove temp user [00:01:80:53:67:75]/[10.80.0.220]
Thanks in advacne

Similar Messages

  • Configure ADSSO with NAC

    Hi Guys,
    I need to configure my Cisco NAC (ADSSO) with Windows Server 2008 R2 Enterprise (64). For now we only can ADSSO with Windows XP. Windows 7 still using normal authentication. We are using KTPass to authenticate with NAC server. We are using Windows 2008 at 2003 functional level.
    Anyone can help me regarding this?
    Best Regards,
    Azfar

    Azfar,
    There are a few things that you need to check/perform when configuring ADSSO. First you must check that proper version of ktpass is installed on the machine you generate the kerberos ticket for the CAS service account (I recommend using a different account for this just so you can roll back, also you can not run ktpass successfully more than once for the same service account, please delete the account first, recreate the account and try again):
    http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp228565
    After this you need to follow the steps to generate the kerberos ticket:
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/49/cas/s_adsso.html#wp1301231
    Here is an example more specific to your environment:
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/49/cas/s_adsso.html#wp1277452
    Since you are running in a mixed environment you must enable additional algorithms:
    http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/49/cas/s_adsso.html#wp1277452
    If it fails, then purchase ISE.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • Hi, I am having trouble using the smooth tool on a logo that I created. I have watched tutorials and something isn't working for me. When trace with the smooth the line just disappears and doesn't smooth anything out. Please help.

    Hi, I am having trouble using the smooth tool on a logo that I created. I have watched tutorials and something isn't working for me. When trace with the smooth the line just disappears and doesn't smooth anything out. Please help.

    Sorry, that's Monika with a k
    On Tue, Nov 18, 2014 at 2:26 PM, Monika Gause <[email protected]>

  • TS3988 i changed my apple id email and when i sign into iCloud on my phone it still comes up with the old email and my password isn't working for it?

    i changed my apple id email and when i sign into iCloud on my phone it still comes up with the old email and my password isn't working for it?

    Try going to https://appleid.apple.com, click Manage my Apple ID and sign in with your current iCloud ID.  Click edit next to the primary email account, change it back to your old email address and save the change.  Then edit the name of the account to change it back to your old email address.  You can now use your current password to turn off Find My iPhone on your device, even though it prompts you for the password for your old account ID. Then save any photo stream photos that you wish to keep to your camera roll.  Then go to Settings>iCloud, tap Delete Account and choose Delete from My iDevice when prompted (your iCloud data will still be in iCloud).  Next, go back to https://appleid.apple.com and change your primary email address and iCloud ID name back to the way it was.  Now you can go to Settings>iCloud and sign in with your current iCloud ID and password.

  • After downloading yosemite the sound isn't working for safari

    I have a 13' Macbook Pro Retina and after downloading yosemite the sound isn't working for safari or google chrome, however, sound works for all other applications such as iTunes and notifications as far as I know. How do I get sound back for safari or chrome?

    Reset PRAM.   http://support.apple.com/kb/PH18761
    Reset SMC.     http://support.apple.com/kb/HT3964
    Choose the method for:
    "Resetting SMC on portables with a battery you should not remove on your own".

  • Push isn't working for email on iPhone or iPad using aol

    Push isn't working for my email on iPhone and iPad for aol carrier

    I have the paid AOL accounts, and they were supposed to get back to me today and have not, thus far. It has to be an issue with AOL's email server.  The tech that I spoke to over the weekend said that he thought that it may be an issue with their server.  Almost 3 weeks ago, AOL's email server was hacked.  They said that 2% of their accounts were affected, and one of my AOL accounts was in that 2%.  They didn't admit for over a week that it was their server that had been hacked, and instead made everyone affected think that it had been their own computers that had been hacked.  I have to believe that this is an AOL issue again.  Everything was working fine with my iPhone and my iPad, and suddenly my email was nolonger being pushed on Thurs night/early Friday.  If I get an answer from AOL, I will certainly post it here.

  • Problem with validateRegExp (problem with IE and chrome but works for firefox)

    Hi everyone,
    I have a simple af:inputText with an af:validateRegExp in it with pattern "([^$%# ]+([ ]*[^$%# ]+)*)$".
    Now when I enter a very big value in this inputText and finally add a space to it, it gives a proper validation exception in Mozilla FireFox.
    But when I run the same thing in IE/ Chrome the screen hangs and after some time page not responding exception comes. What it is observed in chrome is that after a very long time it gives the proper validation exception even if page not responding error has come earlier. Has anyone faced such kind of problem earlier? Is there any solution for this?
    {code}
    <af:inputText label="Label 1"
                          binding="#{backingBeanScope.backing_datePOC.it1}"
                          id="it1" maximumLength="120">
              <af:validateRegExp pattern="([^$%# ]+([ ]*[^$%# ]+)*)$"/>
            </af:inputText>
    {code}

    Hi Frank,
    Thanks for your reply. I tried checking this pattern in java as well using an validator, in that case the thread got sucked for a bigger length string. So I guess the problem is with expression only. But I dont get one thing, if the problem would have been with expression it shouldnt have worked for smaller length string. But in this case it is working fine with a smaller length string.
    Regards,
    Vipin V B

  • Hi, I have a problem with getting my apple Id working for me. It's been 2 months since it happened and Apple failed to act. I can tell my story proerly, but am not sure, you guys can help, so I just copy my message to them today, I am trying to get it acr

    Hi, I have a problem with getting my apple Id working for me. It's been 2 months since it happened and Apple failed to act. I can tell my story proerly, but am not sure, you guys can help, so I just copy my message to them today, I am trying to get it across all the places around to pay their attention. This is a desperate move, so if you are not the right people to help me to get my message accross, may be you can advise where can I go.
    Thank you, and sorry for the language.
    Vitas Dijokas
    I am sorry to say that, but your security makes my life miserable – it’s been 2 months since my Apple ID account got stuck, and since then I cannot update 37 applications (to date), i.e. most of my applications. Half of them I bought. I also paid for iCloud, and it is not working. I paid money and I am stuck with old applications and no iCloud. Your security *****. Your service ***** too. It took your service 1 month to finally understand why this happened to me, and it took me tens of emails to you and 3 hours of telephone conversation to find out the reason for my problem. And the problem is still not fixed. NOT FIXED. You just leave your customer – the one who paid you money and spent so much time with you trying to help you help me – and nothing. You tell me:  “Vitas, Stick your stinky iphone in your *** and enjoy life, we do not care!” *************.
    It is ******* outrageous, and you should know that,  guys. Get into the ******* database and correct the bug. Get someone in the partners-telephone carriers company (it is Orange as carreer and Cellcom as seller of the phone)  authorized to Identify me in personal encounter in one of the branches in Israel (where I live) and make sure it is really me, and get the ******* system accept my password and let me use my phone.
    Otherwise **** off. None of my friends will get my advise to buy an iphone or any of apple products. And I think you should be very attentive to cases like this, guys. Do your work for the money we pay, or disappear. There are many others eager to take your place, and if the problem is not fixed I will eventually go to the others. My patience is lost, and as soon as I can afford another phone I will change it. AND I WILL TRY TO GIVE BAAAAAD PUBLICITY TO APPLE – I am threatening here, so ACT NOW.
    Vitas Dijokas

    Well, it seems waiting is not my strong suit..! I renamed a javascript file called recovery to sessionstore. This file was in the folder sessionstore-backups I had copied from mozilla 3 days ago, when my tabs were still in place. I replaced the sessionstore in mozilla's default folder with the renamed file and then started mozilla. And the tabs reappeared as they were 3 days ago!
    So there goes the tab problem. But again when I started mozilla the window saying "a script has stopped responding" appeared, this time the script being: chrome//browser/contenttabbrowser.xml2542
    If someone knows how to fix this and make firefox launch normally, please reply! Thank you

  • So the left side of my iPhone isn't working at all and I even tried turning it off for 5 minutes about 10 million times but nothing is working. Any suggestions on what to do I need help like ASAP!?

    So the left side of my iPhone isn't working at all and I even tried turning it off for 5 minutes about 10 million times but nothing is working. Any suggestions on what to do I need help like ASAP!?

    Have you performed a reset? Tap and hold the Home button and the On/Off button for approximately 10-15 seconds, until the Apple logo appears. Release both buttons and await restart.

  • My  iphone 3gs with version 4.0 not works for apple  TV should i need to download  any app or any other thng

    my  iphone 3gs with version 4.0 not works for apple  TV  what should  i do?

    Welcome to the Apple community.
    You should update your iPhone software.

  • HELP - Website isn't working for me but working for everybody else

    Hey I'm new to this site so I'm sorry if this is in the wrong section!
    So I've been getting annoyed lately because my website (www.curtiskeay.com) isn't working for me and just redirecting me back to my hosting website saying that the website is 'coming soon' but it works for everyone else that has tried loading it, so it just seems to be me that it's not loading for.
    It works every now and then but very rarely for me, so it makes me feel that the site is down but really and truly it's just not loading for ME. It works perfectly fine at home on my wifi on my phone which is android and I use google chrome. I know this isn't probably a Apple related problem but I was unsure where else to post this.
    If anyone can give me any kind of help it would be greatly appreciated!
    Thanks,
    Curtis

    It's working here.
    Try this..   from your Safari menu bar click Safari > Preferences then select the Privacy tab.
    Click:  Remove All Website Data
    Now empty the Safari cache.
    Back to Safari > Preferences. This time select the Advanced tab.
    Click: Show develop menu in menu bar
    Now go to the menu bar, click Develop > Empty Caches
    Quit and relaunch Safari then try your site.

  • Will Infoset Query work for Function Module

    HI Can someone let me know will a Infoset wuery works for Function module or not. I have 3 tables which i need to extract on, i am building a Infoset Query on 2 tables and using this in my Function Module to join on 3rd table. I have some conditions on 3rd tbale which i need to pull only those records.
    When ever i check the syntax it always gives me a message
    The type "ZUSERLOGINQRY" is unknown. ( This is my Infoset query name).
    Can any one help me on this.
    Thanks,
    Kris.

    HI Pat thanks for responding i havent done this earlier so i am not sure how to declare une code under Infoset Query ---> Extras. I am getting some duplicates in Infoset Query, can you let me know how to clear all those duplicates...
    Appreciate you help.
    Kris.

  • Hi anitha , i am working for mm module can you give detailed procedure

    hi anitha ,
                i am working for mm module can you give detailed procedure to me .
                                                                    thanks
                                                                     praveen

    Hi,
    1. MM Flow.
    > goto T.C MM01.
    > give material Number - some no.
    give MAterial sector - Mechanical
    give Material Type - Raw Material.
    then goto ORg Levels on top.
    then goto plant - 1000 n storage location - 0001
    then select views.
    in that select basic data 1, basic data 2, purchasing, general plant data storage / main..., Accounting 1 n then enter.
    > Then give the materiual descripition
    basic unit of measure KG
    Mat group - 001.
    click on purchasing n give mat no u have created n plant - 1000 n basic unit of measure KG n enter enter n enter.
    then goto valuation class - 3000, P.C - S n moving price -100.
    save then the mat no gets created.
    > now go to TC XK01 ie, vendor master
    give vendor - 126
    comp code - 1000.
    pur org - 1000.
    Acc grp - 0001
    enter
    give title name - company.
    search itenm 1/2 - M
    then Rec ACc - 31000.
    Cash Mang Grp - A1.
    enter n enter.
    order currency - INR
    in control data click on GR- based info verf n click on ACK Req.
    save n enter.
    > goto TC ME 11 ie, purchasing info record.
    Vendor - 126.
    Mat no - the one u have created.
    Pur org - 1000
    plant - 1000
    info rec-
    select standard enter n enter.
    in Period delay time give -10 n In conditions Net price - 100.enter In control Pur grp - 100.
    enter n enter n enter for three times.
    > goto ME01 source list.
    Mat no - mat no u have created.
    Plant - 1000.
    enter fix the line.
    give vlaid from , vend to , vendor as 126 p org as 1000, enter n save.
    > TC code RFQ for request for quotation.
    TC ME41.
    RFQ type - AN
    Lang Key -EN
    RFQ date - any date.
    QUAT Deadline - any date RFQ-
    give purc org grp - 000
    presss enter
    coll no - RFQ1.
    enter then give MAt no RFQ qnt as 100 ,O as KG del dat n netr.
    goto header click on Vendor Add
    vendor - 567
    Title - company
    enter.
    the goto tc ME47
    quotation.
    give net price 100 enter.
    then goto ME49.
    give quotation no tht u have created coll rfq as RFQ1 vendor as 567 mat no u have created. n execute, back n back.
    > goto tC ME51N for purc requisition.
    click on header n give text as.
    item as 10,SR as sur3, quant 100, del date, mat grp, plant n pur as 000
    enter n save.
    we will get purch req no...
    now go to ME21N pur order.
    click on Purchase/req no. click on value ur purh req no will be displayed there select it...
    then goto Org data tab strip.
    pur org - 1000.
    Pur grp - 000
    com code - 1000
    enter
    vendor - the one u have given...
    enter n enter check n save.
    then tc MIGO for goods receipt.
    give pur order no u have created...
    gotot quantity tabstrip n press enter give qty in unit of enrty as 80
    goto pur org tabstrip n give del comp as set automatic.
    click on item ok.
    then continue n then post n continue.
    then two documents will get created mat doc n acc doc.
    then > MIRO invoice.
    give vendor no - comp code invo date pur ord no.then select it n copy.
    enter.
    then we will get acc no n write it in the acc block.
    the >MB1A ie goods issues.
    mov type - 201
    plant - 1000
    stor loc - 0001
    enter
    cost cent - 1000
    vendor - u have created
    then give sc qty enter.
    mat n acc doc r generated.
    >MMBE stock overview.
    give mat no - u have created.
    plant - 1000
    sto loc - 0001 n enter...
    the MM get created...
    Regard,
    Priyanka.

  • HT5595 Parallax feature isn't working for me. Help?

    I have an iPhone 4 that I updated to iOS7. It's supposed to have the parallax feature and it isn't working for me. Games that use motion and tilting the screen still work, so why no parallax effect on my phone?
    It doesn't even have a reduce motion option in my settings-general-accessibility. No option to even turn it on. What's going on?

    The parallax effect is not available on the iPhone 4.

  • HT5037 I have downloaded and installed this tool, but it's still telling me I need to update. Any suggestions why this isn't working for me? I have a Macbook Pro.

    I have downloaded and installed the iPhoto tool to update so my pictures transfer over, but it's still telling me I need to update. Any suggestions why this isn't working for me? I have a Macbook Pro.

    You have to download and RUN the iPhoto library upgrade - then launch iPhoto - If you had iPhoto '08 or earlier (version 7.x.x) - the upgrade is installed in the utilities folder of your Applications folder
    LN

Maybe you are looking for