Nac Agent do not execute remediation

Hi to all,
in a lab enviroment i have configured a CAM/CAS solution on 3310 server and I have installed 2 pc (one windows Vista and one XP) with nac client 4.6.2.133 version.
My problem is auto-remediation and manual-remediation, client get me a temporaney access but do not start a live update programa (i use symantec endpoint protection 11).
I have admin right on both pc.
Why I can solve the problem?
Thanks for help

There is not automatic remediation for all products. You must launch the endpoint protection, click live-update, then re-scan on the NAC agent and you will pass.
Quote from Cisco Doc (http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/45/cam/m_agent.html):
"•Not all product versions of a particular vendor may support the Clean Access Agent launching the automatic update of the product. In this case, you can provide instructions (via the Description field of the AV or AS Definition Update requirement) to have users update their AV or AS definition files from the interface of their installed AV or AS product."
If you have verified that your requirement-rule is specifically for Symantec Endpoint Protection 11, and the rule has automatic remediation configured, then it may fall into this scenario. You may also have it configured where the endpoint protection is not accessible to the end-user and requires admin rights to launch. Please put the client in debug and send the results to TAC for analysis, as it would be the best bet for you to get a clear answer.
Hope that helps, rate if it does.
Cheers,
Tim

Similar Messages

  • Problems with the Cisco NAC agent, does not perform remediation??

    Good Morning
    I'm doing an implementation of NAC, but when the user is authenticated, the agent informs you that does not comply with defined security policies, to start the repair and re-scan the machine error appears "NAC Server is not available on the net" . The policy I am doing is to check a file on local disk C
    Deputy error screen
    I appreciate your responses as soon as possible

    the problem i have is when it moves into remediation....phase 2. If no remediation is being done (ie no checks, rules scans etc) then it moves directly from phase 1 (authentication) to phase 3 (authenticated user and assign role) and all works fine.
    I've looked under all the traffic rules and can see nothing that would mean it could not contact the CAS. There are some differences in 4.7, like the ethernet traffic filter. It seems to me when put in the temp role, the vlan should still be the auth vlan. There is a role based vlan option under edit roles, but it states that is only for normal login, not tem agent, so it should not apply.
    Im starting to think something has gone wrong with the upgrade code somewhere....TAC looked at my config  and could see nothing on a quick check, im working with them to resolve the issue

  • NAC Agent is not responding to ISE

    Hi All,
    Cisco NAC Agent got downloaded to the client during client provisioning. After that also Posture status is showing as 'Not applicable'.
    Also Redirection is only happening if i type any ip address ex.1.1.1.1 on the browser. if i type google.com, its not redirecting.
    ISE is in Cluster mode 1 Admin, 1 Monitor, 1 PSN. Version 1.2.1.198.
    Note: Before the upgrade it was showing 'Posture Pending' status. 

    what is the NAC version?
    could be a bug CSCuq52821

  • Cisco NAC agent services not running on Windows XP

    Hi,
    I've problem with Cisco NAC agent services on Windows XP professional SP3.
    After first installation using user local administrator, the services of Cisco NAC agent on windows machine running well, but after logout, and login using another user which is registered in domain users, the services of Cisco NAC agent is going to stopped (going to Manual mode not automatic, and the status is stopped).
    This situation is not happened on all windows machines, several machines running well.
    Cisco NAC agent version 4.9.0.42
    Has anyone seen this type of problem?
    Below i attached windows machine information from ones running well and not running, Thanks
    Regards,
    Rian

    Hi thanks for your answers, dbconsole is started in services.msc and also Agent, but goes on to say that the agent is not running.
    In sysman log shows this,
    "03/20/2012 13:38:54,553 [MetricCollector: HOMETAB_THREAD600: 60] ERROR rt.DbMetricCollectorTarget _getAllData.328 - oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
    oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
    at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest_ (EMDClient.java: 1330)
    at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest (EMDClient.java: 1223)
    at oracle.sysman.emSDK.emd.comm.EMDClient.getMetrics (EMDClient.java: 640)
    at oracle.sysman.emo.perf.metric.rt.DbHomeTab._getAllData (DbHomeTab.java: 324)
    at oracle.sysman.emo.perf.metric.rt.DbHomeTab.getData (DbHomeTab.java: 139)
    at oracle.sysman.emo.perf.metric.eng.MetricCached.collectCachedData (MetricCached.java: 402)
    at
    at oracle.sysman.emo.perf.metric.eng.MetricCollectorThread.run (MetricCollectorThread.java: 320)
    at java.lang.Thread.run (Thread.java: 595)
    20/03/2012 22:00:03,335 [JobWorker 772: Thread-13] ERROR em.jobs executeCommand.161 - UpdateARUTables: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup parameters required to September."
    In event viewer shows this,
    "Agent process exited abnormally DURING initialization." but this message appears a few hours after having started the service.
    I am using the Administrator account

  • NAC Agent does not pop up after psn fails.

    So I'm in the middle of a deployment where I have 4 ISE appliances, two in one location and two in another location.
    The first location has 2 with all personas installed, whereas the other two are only PSN. In each area, NAC agent pops up normally after connecting/swapping to wired or wireless networks. During HA tests I have encountered that when the two ISE from the remote area fail (shutdown switch port for testing of course) the client does get authenticated but it stays in the POSTURE_REQ state on wireless and the Agent fails to pop up.
    - I have tried forcing the servers on the profile on ISE (provisioning) and I can see how it is somehow updated on the xml configuration file in the remote endpoint but still the nac agent wont pop up.
    - Increased timeout timers also, no luck.
    - Reinstalled NAC agent manually and by ise auto provisioning, no luck.
    - Ran a wireshark capture and saw requests sent to the default GW with the positron thing but never get an answer, but then I try connecting to the ISE manually https://(ADMIN_NODE_FAR_FROM_ENDPOINT)/guestportal/gateway?sessionId=(gibberish)&action=cpp and it works, so it is reachable from the endpoint
    I believe there is some kind of sync problem, my ISE are in UTC time and NADs have local timezone, but then why does it work locally??
    Any thoughts on this?
    Thank you for all your kind help

    You have done a reset. What does that mean? Did you reset all settings?
    Settings>General>Reset>Reset all Settings. You will have to enter all device settings again.

  • NAC agent don't popup on some computer

    Hi
    I use
    ISE version : 1.1.1.2 and NAC agent version : 4.9.0.42
    NAC agent  does not run on some computers and run on other(windows 7).
    What can be these problems?
    Please help
    Regards

    Please look in to this , it might help you
    Agent Login Dialog Not Appearing
    Symptoms or Issue
    The agent login dialog box does not appear to the user following client provisioning.
    Conditions
    This issue can generally take place during the posture assessment phase of any user authentication session.
    Possible Causes
    There are multiple possible causes for this type of issue. See the following Resolution descriptions for details.
    Resolution
    •Ensure that the agent is running on the client machine.
    •Ensure that the Cisco IOS release on the switch is equal to or more recent than Cisco IOS Release 12.2.(53)SE.
    •Ensure  that the discovery host address on the Cisco NAC agent or Mac OS X  agent is pointing to the Cisco ISE FQDN. (Right-click the NAC agent icon, choose Properties, and check the discovery host.)
    •Ensure  that the access switch allows Swiss communication between Cisco ISE and  the end client machine. Limited access ACL applied for the session  should allow Swiss ports:
    remark Allow DHCP
    permit udp any eq bootpc any eq bootps
    remark Allow DNS
    permit udp any any eq domain
    remark ping
    permit icmp any any
    permit tcp any host 80.0.80.2 eq 443 --> This is for URL redirect
    permit tcp any host 80.0.80.2 eq www --> Provides access to internet
    permit tcp any host 80.0.80.2 eq 8443 --> This is for guest portal
    port
    permit tcp any host 80.0.80.2 eq 8905 --> This is for posture
    communication between NAC agent and ISE (Swiss ports)
    permit udp any host 80.0.80.2 eq 8905 --> This is for posture
    communication between NAC agent and ISE (Swiss ports)
    deny ip any any
    •If  the agent login dialog still does not appear, it could be a certificate  issue. Ensure that the certificate that is used for Swiss communication  on the end client is in the Cisco ISE certificate trusted list.
    •Ensure that the default gateway is reachable from the client machine.

  • ISe with NAC agent pop up and Posture waiting

    Hi,
    I have ISE running ver 1.1.1.268. We limited access certain services before authuenticate with ACL-DEFAULT(given below) as per the Trustsec desgin guide.
    Now the issue is that when you have ACL-DEFAULT on the port NAC agent doest not pop-up and doest not start the posture part and saying waiting for Posture validation. When the ACL-DEFAULT removed from the access port NAC agent popup and do the posture validation.
    However we do not want user to get access to network before the authorization and that is the reason we use the ACL-DEFAULT.
    Please can someone advise me how to achieve the above both task. Why the NAC agent does not popup and do the posture when ACL-DEFAULT there in the switch.
    Here is what I have configured on ACL-DEFAULT.
    ip access-list extended ACL-DEFAULT
    remark DHCP
    permit udp any eq bootpc any eq bootps
    remark DNS
    permit udp any any eq domain
    permit tcp any any eq domain
    permit udp any any eq 389
    permit tcp any any eq 135
    permit tcp any any eq 445
    permit udp any any eq 445
    permit tcp any any range 135 139
    permit tcp any any eq 389
    permit tcp any any eq 3268
    permit icmp any any
    remark PXE / TFTP
    permit udp any any eq tftp
    permit tcp any host 172.xx.xx.xx eq 8443 (ISE-Pri)
    permit tcp any host 172.xx.xx.xx eq 8443 (ISE-Sec)
    remark Drop all the rest
    deny   ip any any log
    Appreciate if someone can give a solid resolution and explanation to this.

    Hi Saurav,
    We have already allowed those ports with another acl (ACL-POSTURE-REDIRECT). Our issue is not with the web nac agent.
    The issue is with NAC agent installed on corperate PCs connecting via wired port. With the ACL-DEFAULT it does not pop-up and does not do the posturing, however once we removed the ACL-DEFAULT from the access port, everything works fine.
    Since we do not want any user to access unwanted services before authorization we add this ACL on the access-port and as per the trustsec desgin this has to be there if you want to have ISE with closed mode.
    thanks

  • SSIS Script task not executing macro through SQL Agent (but it does through bids)

    <p>Hello everyone,</p><p>I am having an issue with SQL Agent when executing a macro contained in a script task component. The script task actually opens an excel file, runs the macro, save and closes the file. </p><p>When
    I execute the package via BIDS/Visual studio, it works like a charm. However, when i execute the package with SQL agent, the package runs successfully but it seems that the macro is not executed as the excel file has not been modified as it should have. Also,
    the history log does not show any error messages. </p><p>Could </p>

    Thanks!I did create a credential and a proxy too but still the macro is not executed.I have searched online for solutions but no one has experimented this kind of issue before it seems. Please have a look at the script task code:
    Imports
    Excel = Microsoft.Office.Interop.Excel
    Imports
    System
    Imports
    System.Data
    Imports
    System.Math
    Imports
    Microsoft.SqlServer.Dts.Runtime
    <System.AddIn.AddIn(
    "ScriptMain", Version:="1.0",
    Publisher:="", Description:="")>
    <System.CLSCompliantAttribute(
    False)> _
    Partial
    Public
    Class ScriptMain
    Inherits Microsoft.SqlServer.Dts.Tasks.ScriptTask.VSTARTScriptObjectModelBase
    Enum ScriptResults
    Success = Microsoft.SqlServer.Dts.Runtime.DTSExecResult.Success
    Failure = Microsoft.SqlServer.Dts.Runtime.DTSExecResult.Failure
    End
    Enum
    Public
    Sub Main()
    Dim Macro_name
    As
    String
    Dim ExcelObject
    As
    New Microsoft.Office.Interop.Excel.Application
    Dim oBook
    As Microsoft.Office.Interop.Excel.Workbook
    Dim oBooks
    As Microsoft.Office.Interop.Excel.Workbooks
    Try
    Macro_name =
    "Macro001"
    ExcelObject =
    CType(CreateObject("Excel.Application"),
    Excel.Application)
    ExcelObject.Visible =
    True
    ExcelObject.UserControl =
    False
    ExcelObject.DisplayAlerts =
    False
    oBooks = ExcelObject.Workbooks
    oBook =
    CType(oBooks.Open("C\Book1.xls"),
    Excel.WorkbookClass)
    ExcelObject.Run(Macro_name)
    Catch ex
    As Exception
    ExcelObject.Application.Quit()
    ExcelObject.DisplayAlerts =
    True
    ExcelObject =
    Nothing
    End
    Try
    Dts.TaskResult = ScriptResults.Success
    End
    Sub
    End
    Class

  • The process could not execute 'sp_repldone/sp_replcounters' error for Log Reader Agent and SQL Server Assertion 17066 & 3624 errors in SQL Logs

    One of our SQL Server started creating SQLDUMP file and and on investigation I found the error longs are filled with Errors 3624 & 17066. There is transnational replication configured on one of the databases is the LogReader Agent is failing error "The
    process could not execute 'sp_repldone/sp_replcounters' on XXXXX". 
    Not sure if both these Assertion & Logreader Agent errors are related. Before I remove and put the replication, I wanted to check if anyone has experienced the same issues or aware of what the cause. 
    ***********Error messages from SQL Logs******
    **Dump thread - spid = 0, EC = 0x0000000111534460
    Message
    A system assertion check has failed. Check the SQL Server error log for details. Typically, an assertion failure is caused by a software bug or data corruption. To check for database corruption, consider running DBCC CHECKDB. If you agreed to send dumps to
    Microsoft during setup, a mini dump will be sent to Microsoft. An update might be available from Microsoft in the latest Service Pack or in a QFE from Technical Support.
    Error: 3624, Severity: 20, State: 1.
    SQL Server Assertion: File: <logscan.cpp>, line=2123 Failed Assertion = 'UtilDbccIsInsideDbcc () || (m_ProxyLogMgr->GetPru ()->GetStartupState () < RecoveryUnit::Recovered)'. This error may be timing-related. If the error persists after rerunning
    the statement, use DBCC CHECKDB to check the database for structural integrity, or restart the server to ensure in-memory data structures are not corrupted.
    Error: 17066, Severity: 16, State: 1.
    External dump process return code 0x20000001.
    External dump process returned no errors.
    Thank you in advance.

    You need to determine if this error is a transient one or a show stopper one.
    It sounds like your log reader agent has crashed and can't continue.
    If so your best bet is to call Microsoft CSS and open a support incident.
    It also sounds like DBCC CHECKDB was running while the log reader agent crashed.
    If you need to get up and running again run sp_replrestart, but then you might find that replicated commands are not picked up. You will need to run a validation to determine if you need to reinitialize the entire publication or a single article.
    I have run into errors like this, but they tend to be transient, ie the log reader agent crashes, and on restart it works fine.
    looking for a book on SQL Server 2008 Administration?
    http://www.amazon.com/Microsoft-Server-2008-Management-Administration/dp/067233044X looking for a book on SQL Server 2008 Full-Text Search?
    http://www.amazon.com/Pro-Full-Text-Search-Server-2008/dp/1430215941

  • NAC Agent Login Dialog Not Appearing - ISE 1.1.1 issue ?

    Agent Fails to Initiate Posture Assessment
    The NAC agent is properly installed on a Windoes 7 , IE 9 machine, the certificates from ISE ADM PRI are installed in trustable certificate store in the client machine but is a selfsigned ISE certificate.
    The reports / USER / Profiling report says the Provisioning Agent has completed the assessment ok.
    The redirected URL is working fine (SEE Evidence)
    We are always prompted to install the NAC agent again or looking at the additional prompted information wait for the NAC agent to load and complete.
    The operations status remains with postering status pending forever and nothing else happens.
    Symptoms or Issue
    The agent login dialog box does not appear to the user following client provisioning.
    Conditions Cisco Says this issue can generally take place during the posture assessment phase of any user
    authentication session.
    Cisco Advises as Possible Causes There are multiple possible causes for this type of issue. See the following
    Resolution descriptions for details of what was already tested by us and please see the atached files for your switch configuration and evidences. .
    CISCO SUGGESTED POSSIBLE CAUSES AND RESOLUTIONS
    Resolution • Ensure that the agent is running on the client machine. ALL TESTED OK
    • Ensure that the Cisco IOS release on the switch is equal to or more recent than
    Cisco IOS Release 12.2.(53)SE. - OK
    • Ensure that the discovery host address on the Cisco NAC agent or Mac OS X
    agent is pointing to the Cisco ISE FQDN. (Right-click on the NAC agent icon,
    choose Properties, and check the discovery host.) - OK (See evidence)
    • Ensure that the access switch allows Swiss communication between Cisco ISE
    and the end client machine. Limited access ACL applied for the session should
    allow Swiss ports: ALL CONFIGURED as CISCO GUIDELINES OK (SEE EVIDENCE)
    • If the agent login dialog still does not appear, it could be a certificate issue.
    Ensure that the certificate that is used for Swiss communication on the end client
    is in the Cisco ISE certificate trusted list. (ALL CHECKED OK SEE EVIDENCE)
    • Ensure that the default gateway is reachable from the client machine. (TESTED OK)

    Hi.
    Can you paste all the ACLs on your switch especially the webauth redirect ACL which should deny traffic towards the PSN.
    regards
    Zubair

  • Log Reader Agent error "could not execute sp_replcmds' and causes stack dump

    Publisher/Subscriber db:  SQL 2008 R2, 2000 compatability mode
    Distributor database is on separate server.
    (note:  There is another database on this instance that is running replication without error, it is not in compatibility mode)
    After snapshot agent finishes, the log reader agent starts and fails immediately with this error in the Agent Job.
    Then I get a SEV20 error and stack dump in the error logs.
    Date  6/12/2014 3:12:26 PM
    Log  Job History (SERVER\INSTANCE-DBNAME-43)
    Step ID  2
    Server  ######RT02
    Job Name  SERVER\INSTANCE-DBNAME-43
    Step Name  Run agent.
    Duration  00:00:01
    Sql Severity  0
    Sql Message ID  0
    Operator Emailed  
    Operator Net sent  
    Operator Paged  
    Retries Attempted  0
    Message
    2014-06-12 20:12:26.302 Copyright (c) 2008 Microsoft Corporation
    2014-06-12 20:12:26.302 Microsoft SQL Server Replication Agent: logread
    2014-06-12 20:12:26.302
    2014-06-12 20:12:26.302 The timestamps prepended to the output lines are expressed in terms of UTC time.
    2014-06-12 20:12:26.302 User-specified agent parameter values:
       -Publisher SERVER\INSTANCE
       -PublisherDB DBNAME
       -Distributor ######RT02
       -DistributorSecurityMode 1
       -Continuous
       -XJOBID 0x8958DF32810C6849B28A037A8FF8DD92
       -XJOBNAME SERVER\INSTANCE-DBNAME-43
       -XSTEPID 2
       -XSUBSYSTEM LogReader
       -XSERVER SERVER\INSTANCE
       -XCMDLINE 0
       -XCancelEventHandle 0000000000000F98
       -XParentProcessHandle 0000000000000F34
    2014-06-12 20:12:26.459 Parameter values obtained from agent profile:
       -pollinginterval 5000
       -historyverboselevel 1
       -logintimeout 15
       -querytimeout 1800
       -readbatchsize 500
       -readbatchsize 500000
    2014-06-12 20:12:26.493 Status: 4096, code: 20024, text: 'Initializing'.
    2014-06-12 20:12:26.493 The agent is running. Use Replication Monitor to view the details of this agent session.
    2014-06-12 20:12:27.885 Status: 0, code: 20011, text: 'The process could not execute 'sp_replcmds' on 'SERVER\INSTANCE'.'.
    2014-06-12 20:12:27.886 The process could not execute 'sp_replcmds' on 'SERVER\INSTANCE'.
    2014-06-12 20:12:27.886 Status: 0, code: 21, text: 'Warning: Fatal error 3624 occurred at Jun 12 2014  3:12PM. Note the error and time, and contact your system administrator.'.
    2014-06-12 20:12:27.886 Status: 0, code: 22037, text: 'The process could not execute 'sp_replcmds' on 'SERVER\INSTANCE'.'.
    I've tried removing replication and setting it back up again, restarting SQL, and restarting the server itself.
    Let me know if you need any more information to help troubleshoot.  Thanks.
    Please help, thanks. 

    Hi,
    Enable Verbose logging and check the results.
    Execute following commands: -Output C:\Temp\OUTPUTFILE.txt –Outputverboselevel 2.
    Please refer following KB article for your reference -
    http://support.microsoft.com/kb/q312292/
    Thanks.
    Tracy Cai
    TechNet Community Support

  • Nac Agent Not Working on Windows 64 Bit

                       Hi All ,
    I have a Cisco ISE 3315 With Version 1.1.4 .
    We have Windows Work Station and we have some issue with Windows 7 64 Bit users !!
    On Some 64 Bit Workstation the nac Agent is getting about 25 Minute to start Checking the Posture Statu !!
    I don't Havec that Proble With 32 Bit Workstation . We are using Nac Agent 4.9.0.37 and Nac agent 4.9.0.42!!
    Here is log that i get From the 64 bit Workstation

    Hi
    Verify that supplicant is configured properly to conduct a full EAP conversation with ISE. Verify that NAS is configured properly to transfer EAP messages to or from supplicant. Verify that supplicant or network access server (NAS) does not have a short timeout for EAP conversations. Check the network that connects the NAS to ISE. If the external ID store is used for the authentication, it may be not responding fast enough for current timeouts.
    Check whether the proper server certificate is installed and configured for EAP by going to the Local Certificates page (Administration > System > Certificates > Local Certificates ). Also ensure that the certificate authority that signed this server certificate is correctly installed in client's supplicant.
    Check the previous steps in the log for this EAP-TLS conversation for a message indicating why the handshake failed. Check OpenSSLErrorMessage and OpenSSLErrorStack for more information

  • NAC Agent 4.9 issue while remediation with in ISE

    We are installed NAC agent 4.9 where we have configured posture policy for Symantec Endpoint Protection version 11x  in ISE 1.1.1. Where when enduser fallen down to remediation and try to remediate to collect the latest anti virus definitions from Local Antivirus, when clicking on the update button we get a message stating
    "The Remediation you are attempting is reporting an access denied error.  This is usually due to a privileg issue.  Please contact your system
    administrator"
    It continuosly asking that prompt and giving that priviligae message.
    Are we need to have administrator rights for remediation ? and  this prompt is appearing again and again till the remediation timer and then it fallen down to Non-compliant (Restricted ) profile.
    Please find attached screen shots for the same

    I figured out a solution that works you must disable Online Certificate Status Protocol (OCSP) on the affected system. To do this :
        Open Keychain Access. Keychain Access can be found by selecting Go in the Finder and choosing the Utilities option. Keychain access should be listed in the folder that appears. Double-click the Keychain Access icon to open it.
        Select Keychain Access -> Preferences from the menu at the top of the screen
        Choose the Certificates tab
        Change the OCSP option from Best Effort to Off
        Close the Preferences dialog and quit Keychain Access
        You should be able to NAC now

  • NAC Agent - Loop in Remediation WSUS

    Hello,
    I´m implementing WSUS Posture in my ISE environment.
    When NAC Agent detect a new Windows Update, the Remediation Action is Automatic. I configured Show UI the Wizard Interface and this is working well. 
    But, after the windows update instalation, the NAC Agent stay in Remediation Process. Looking for WindowsUpdate.log file, I see repetitive messages like: 
    Updates Found = 0 OR Found 0 Updates and X categories in search.
    If I use the Windows Update from Windows to Search and Install the Updates, work very well too.
    The image attached, ilustrate my problem(In this point, The Windows Update instalation was done):

    Updating..
    Approximately after 30 minutes, NAC Agent finished the process of Remediation. (Only 1 Windows Update package)
    apparently the station sends many reports to WSUS and while it does, the NAC Agent continues Remediation on the process, even after installing the update. 
    I'm sure there are how to optimize it, but if anyone has any tips I'd appreciate it.
    Best Regards,
    Daniel Stefani

  • Cisco NAC Agent and Windows 8 still not working

    Hello. I recently upgraded the Cisco NAC Agent to the latest version (4.9.1.13) on a Windows 8 VM. The release notes state that Windows 8 support has been added, and that a patch must be downloaded. However, the information about the patch is vague. I'm not sure if it's a client or server-side patch, or perhaps if I already have it as a result of upgrading to the latest version.
    I ask this because I plan to upgrade some computers to Windows 8, and have noticed that Cisco NAC Agent can't handshake with the NAC server on Windows 8 (both native and VM), and despite upgrading to the latest version, the handshake is still unsuccessful.
    Thanks,
    -Collin

    Hi Collin,
    The 4.9.1 Patch for Windows 8 Support can be downloaded from the following link :
    http://www.cisco.com/cisco/software/release.html?mdfid=282910502&flowid=34713&softwareid=282573326&release=4.9.1&relind=AVAILABLE&rellifecycle=&reltype=latest
    The patch should be applied to both 4.9.1 CAM and CAS.
    Please go through the README file for patch provided in the download link provided above. It has detailed information.
    Regards,
    Karthik Chandran

Maybe you are looking for