NAC Agent Installation "loop"

Hello Guys, me again
I'm seeing an issue when the client tries to install the NAC agent on his PC.
The client reports that an update is available for which I click OK, then it appears to download the new agent (really fast btw) and then it starts installing it. Once that's done it reports again that an update is available and the process starts all over and keeps going on indefinetely.
The only way I managed to get around it was by disabling the "upgrade mandatory" setting on the client provisioning policy. Still I get the "an upgrade is available" message only that with that setting disabled I can hit cancel and continue.
Another thing that I'm seeing is that client that I'm seeing as installed on the client is 4.9.0.36 but the ISE only has 4.9.0.37 so I dont know where the .36 is coming from if nothing has been previously installed on the client.
Has anybody else run into this issue before?
Thanks in advance,
Luis Raga

I'm getting the same issue. I have agents running version 4.7.2.10 and the new version that they are being prompted to install is version 4.9.2.8. The install starts and seems to complete, but when the NAC agent restarts the user is prompted to reinstall the new agent. When you check the version of the NAC installed it is still 4.7.2.10.
Sachin

Similar Messages

Is it possible to run Posture using ISE 1.2 without NAC Agent provisioning?

Is it possible to run Posture using ISE 1.2 without NAC Agent provisioning?
-My customer does not want to push NAC Agent installation on BYOD type of computers (non-managed by the company computers).
-The requirement is to check for posture only company owned wired, wireless, and VPN connected Windows computers. The rest of the endpoints should be considered as posture incompliant, and limited access to the network should be allowed.
-No certificates are used.
-I’ve configured the required posture check, and it all works fine if a PC has NAC Agent manually installed (without ISE Client Provisioning). However, when I use a PC without NAC Agent, it is redirected to Client Provisioning Portal and is stuck there as Client Provisioning is deliberately not configured in ISE.
-If I remove Posture Remediation Authorization Profile that does URL redirect, the posture does not work.
-For now I'm testing it on wired endpoints.
Is there a way to configure ISE to fulfill the listed above requirements?
Any ideas would be appreciated.
Thanks,
Val Rodionov

Everyone who finds reads this article,
I'm answering my own quesiton "Is it possible to run Posture using ISE 1.2 without NAC Agent provisioning?"
The answer is Yes.
After doing research and configuration testing I came up with a solution, and it works fine for wired and VPN connections. I expect it to work on wireless endpoints as well.
ISE configuration:
Posture General Settings - Default Posture Status = NonCompliant
Client Provisioning Policy - no rules defined
Posture Policy - configured per requirements
Client Provisioning (under Administration > Settings) - Enable Provisioning = Enable (it was disabled in my first test)
Authorization Policies configured as regular posture policies
The result:
After successful dot1x authentication posture redirect happens. If the PC does not have NAC Agent preinstalled, the browser is redirected to Client Provisioning Portal and a default ISE message is displayed (ISE is not able to apply and access policy... wait one minute and try to connect again...). At the same time, the endpoint is assigned NonCompliant posture status and proper authorization policy is applied. This is what I wanted to achieve.
If NAC Agent was preinstalled on the PC, after successful dot1x authentication the NAC Agent pops up and performs posture check. If posture is successful, posture compliant authorization policy is applied. If posture check fails, NonCompliant posture status is assigned and posture non-compliant authorization policy is applied. Which is the expected and needed result.
The only part that is not perfect it the message displayed to the end-user when posture is about to fail. I did not find a place to change the text of that message. I might need to open TAC case, so this file can be manually found and edited from CLI (root access).
Best,
Val Rodionov

NAC AGENT - DISCOVERY HOST IP ADDRESS with AD

Hi,
We have deployed a Cisco NAC Agent in our network with GPO update... The deployment model is L3 OOB / Real IP Gateway.
The issue is that, we need to put the IP address in each host manually to start communicating with Cisco NAC Manager.
Is there any way to make it automatic?
Regards,
Mubasher

Hi Mubashir,
I faced the same problem with cisco ISE and Tiago's response actually helped see below.
" You can also distribute the NACAgentCFG.xml file with that value set.
Please find here detailed info regarding this file:
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_agntd.html#wp1348376. "
In that link, read the section: Agent Customization Settings
From a NAC agent that has successfully been deployed with the IP configured , go to the NAC agent installation folder
C:\Program Files (x86)\Cisco\Cisco NAC Agent , and copy the NACAgentCFG.xml , open with wordpad and edit the line
IP of PDP node or ISE standalone server
Then place the edited NACAgent.xml file in the same folder as the one where your GPO will pick the agent from. When the Agent is installed , it automatically picks the configs from the .xml file.
Regards,
Henry

Run NAC agent before user login - Win7?

Greetings all and thx in advance for any advice! Environment details - ISE 1.2. Patch 5 and cisco NAC agent 4.9.3.
I have all of the authen/authz policies working and functioning properly, however, I have run into an issue with the NAC agent running posture only after user login. This is causing some grief, mainly that users required login scripts can't run successfully until posture is compliant and the more permissive dACL is applied. I was hoping that posture would complete long before windows login was even an option for the user but for some reason I appear to require an interactive login to get the NAC agent to run posturing. Any thoughts or ideas on this? I tried the NAC agent installation with a couple of different user accounts on the windows hosts but without success, it will only posture once I have interactive login. I went pretty deep on the removal of the posture conditions to simply checking a single windows service but it didn't make any difference. Thanks for any advice!!
IA

Thanks for the reply Saurav, I should have clarified a design point. I am not doing any user authentication, only doing a machine authen. As I mentioned I can't seem to posture pre-user authentication even though I am not doing any user authentication.
IA

NAC Agent - Loop in Remediation WSUS

Hello,
I´m implementing WSUS Posture in my ISE environment.
When NAC Agent detect a new Windows Update, the Remediation Action is Automatic. I configured Show UI the Wizard Interface and this is working well.
But, after the windows update instalation, the NAC Agent stay in Remediation Process. Looking for WindowsUpdate.log file, I see repetitive messages like:
Updates Found = 0 OR Found 0 Updates and X categories in search.
If I use the Windows Update from Windows to Search and Install the Updates, work very well too.
The image attached, ilustrate my problem(In this point, The Windows Update instalation was done):

Updating..
Approximately after 30 minutes, NAC Agent finished the process of Remediation. (Only 1 Windows Update package)
apparently the station sends many reports to WSUS and while it does, the NAC Agent continues Remediation on the process, even after installing the update.
I'm sure there are how to optimize it, but if anyone has any tips I'd appreciate it.
Best Regards,
Daniel Stefani

NAC Agent reporting never shows a failure

I seem to only get reports for successful agent logins under Device MGMT>Clean Access>Clean Access Agent>Reports. Am I missing a setting somewhere? Even though I have had many failures (testing, etc) I never see a failed report. Any ideas?

Hello,
Could you please confirm what error message you are getting on the NAC agent (if using the NAC agent for posture validation)? The NAC agent will display the standard stuff such as 'temporary access', etc. The message displayed is based upon which requirement is failing, for example a standard AV installation check/rule.
Also, for this failing client, do you see a passed report or no report at all? Well, for the agents that ultimately pass posture assessment (even if a particular check/rule fails) we see a passed report. If the agent never gains access, IE never gets out of 'Temporary Access' we don't see any report. I am hoping that when a Agent fails posture assessment we will see a failed report. IE, we need a way for the service desk to be able to monitor failed sessions proactively, and with the minimal external alerts available (no email, etc) these failed reports would be key.
If we can't see no report at all, there may be something that breaks before that. I have pages and pages of successful reports, but not a single failed report.
A quick way to verify would be to collect the NAC agent's logs after a failure, under
Start > Program Files > Cisco > Client Utilities > Cisco Log Packager I don't see this installed on any of the machines with an agent? Please adivse where I can download it. Thanks.

Cisco Nac agent "List of Antivirus & Anti-Spyware Products Detected by the Agent "

Hi All,
We have posture assessment working with cisco Nac agent. Checking only symantec Antivirus def update and installation. Since there is windows defender in all the user pcs and turned off not in use. But cisco Nac agent is showing both windows defender and symantec in List of Antivirus & Anti-Spyware Products Detected by the Agent field. We dont want windows defender to show in this list.
Anyone encountered this list before?? Please suggest.. I want to get rid of windows defender from this list in nac agent.

Closest enhancement I could check on this is
CSCts34764 NAC: Request for ANY rule to pass if 1 AS/AV definition is up to date
Currently Windows Defender AnitSpyware comes installed on all Windows 7 machines. Many users disable this and install their own AntiSpyware product. Currently when using the ANY AntiSpyware up to date rule, it will fail if say MSE is up to date but not Windows Defender (since it is disabled).
This is an enhancement request to add the ability to pass the ANY check if 1 AntiSpyware or AntiVirus definition is up to date but another is installed and out of date. Currently if a customer wants to accomplish this they need to create a rule for every AntiVirus or AntiSpyware product and use the "Any Selected Rule Succeeds" option which is very cumbersome to configure.
~BR
Jatin Katyal
**Do rate helpful posts**

ISE - NAC agent profile

Dears
I want to deploy NAC agent via GPO and I need to create agent profile , I know how to create it on ISE but how i get the file in xml format to be distributed ?

You can try installing only one PC (either by manual installation or by captive portal). If you have configured the posture rules in ISE then the NAC Agent automatically contacts the ISE server and downloads the last NACAgentcfg.xml available.
Then you could browse the following directory and find the NACAgentcfg.xml file in your PC.
C:\Program Files (x86)\Cisco\Cisco NAC Agent
After that you can mass deploy the NAC agent along with the xml file. Although is not mandatory to deploy the xml file because as a I said, every time there's a posture rule the NAC agent will download the last NACAgentcfg.xml available from ISE server.
Please rate if it helps.

NAC Agent for Windows 7

Any ideas on when the NAC agent will be support on Windows 7? Version 4.6.2.113 installs but doesn't work properly. Thanks

In the event logs are you seeing any failed authentications? Also can you enable trace on all the logging categories and download a log bundle.
Look for the nac_manager.log file that has the timestamp of the user authentication. See if there are any issues with the OOB communication...along with ldap.
Thanks,
Tarik Admani
*Please rate helpful posts*

NAC Agent Customization Distribution

Looks like the NAC agent customizations can be done only when the client PC pulls
the install from the CAM. Our PCs do not have admin rights and the software will be pushed through a software
distribution tool. Is there any way to distribute the software with the customization file , just like there is an option
to install with the agent configuration file?
Thanks
Shaffeel

Hi Shaffel,
You cannot include the branding files on the MSI installation package of the Agent.
I have not much experience with the centralized client management tools, but you could try a workaround by pushing those files to the client at the appropriate location and then restart the Agent.
The files to be pushed are the ones you prepared on the branding file to be uploaded to the CAM.
The location of the files is documented at this page:
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_agntd.html#wp1606140
Specifically:
In a system that has NAC Agent installed, you can find the "nac_login.xml" file in the "C:\Program Files\Cisco\Cisco NAC Agent\UI\nac_divs\login" directory.
The "nacStrings_xx.xml" file is available in the supported location. The "xx" indicates the locale. In the system that has NAC Agent installed, you can find a complete list of the files in the "C:\Program Files\Cisco\Cisco NAC Agent\UI\cues_utility" directory.
The files are available in the directories mentioned above when the Agent is installed at the default location. If the Agent is installed at a different location, then the files would be available at "\Cisco\Cisco NAC Agent\UI\nac_divs\login" and "\Cisco\Cisco NAC Agent\cues_utility".
I hope this helps.
Regards,
Federico
If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

NAC Agent Deployment

Hi All,
Is there a way to peform an unttended installation for Cisco NAC Agent. We are trying to deploy the NAC Agent using Tivoli but the administrators of this Tool asked us if the installation package of the NAC Agent has an option to perfom a silence installation.
Regards!

Marco,
Hopefully this guide will help, you can execute a script that will install the agent silently.
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cam/m_agntd.html#wp1577111
Thanks,
Tarik

Cisco NAC agent services not running on Windows XP

Hi,
I've problem with Cisco NAC agent services on Windows XP professional SP3.
After first installation using user local administrator, the services of Cisco NAC agent on windows machine running well, but after logout, and login using another user which is registered in domain users, the services of Cisco NAC agent is going to stopped (going to Manual mode not automatic, and the status is stopped).
This situation is not happened on all windows machines, several machines running well.
Cisco NAC agent version 4.9.0.42
Has anyone seen this type of problem?
Below i attached windows machine information from ones running well and not running, Thanks
Regards,
Rian

Hi thanks for your answers, dbconsole is started in services.msc and also Agent, but goes on to say that the agent is not running.
In sysman log shows this,
"03/20/2012 13:38:54,553 [MetricCollector: HOMETAB_THREAD600: 60] ERROR rt.DbMetricCollectorTarget _getAllData.328 - oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
oracle.sysman.emSDK.emd.comm.CommException: Exception in sending Request :: null
at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest_ (EMDClient.java: 1330)
at oracle.sysman.emSDK.emd.comm.EMDClient.getResponseForRequest (EMDClient.java: 1223)
at oracle.sysman.emSDK.emd.comm.EMDClient.getMetrics (EMDClient.java: 640)
at oracle.sysman.emo.perf.metric.rt.DbHomeTab._getAllData (DbHomeTab.java: 324)
at oracle.sysman.emo.perf.metric.rt.DbHomeTab.getData (DbHomeTab.java: 139)
at oracle.sysman.emo.perf.metric.eng.MetricCached.collectCachedData (MetricCached.java: 402)
at
at oracle.sysman.emo.perf.metric.eng.MetricCollectorThread.run (MetricCollectorThread.java: 320)
at java.lang.Thread.run (Thread.java: 595)
20/03/2012 22:00:03,335 [JobWorker 772: Thread-13] ERROR em.jobs executeCommand.161 - UpdateARUTables: Oracle MetaLink credentials are incorrect or missing. Click Patching Setup parameters required to September."
In event viewer shows this,
"Agent process exited abnormally DURING initialization." but this message appears a few hours after having started the service.
I am using the Administrator account

NAC Agent Login Dialog Not Appearing - ISE 1.1.1 issue ?

Agent Fails to Initiate Posture Assessment
The NAC agent is properly installed on a Windoes 7 , IE 9 machine, the certificates from ISE ADM PRI are installed in trustable certificate store in the client machine but is a selfsigned ISE certificate.
The reports / USER / Profiling report says the Provisioning Agent has completed the assessment ok.
The redirected URL is working fine (SEE Evidence)
We are always prompted to install the NAC agent again or looking at the additional prompted information wait for the NAC agent to load and complete.
The operations status remains with postering status pending forever and nothing else happens.
Symptoms or Issue
The agent login dialog box does not appear to the user following client provisioning.
Conditions Cisco Says this issue can generally take place during the posture assessment phase of any user
authentication session.
Cisco Advises as Possible Causes There are multiple possible causes for this type of issue. See the following
Resolution descriptions for details of what was already tested by us and please see the atached files for your switch configuration and evidences. .
CISCO SUGGESTED POSSIBLE CAUSES AND RESOLUTIONS
Resolution • Ensure that the agent is running on the client machine. ALL TESTED OK
• Ensure that the Cisco IOS release on the switch is equal to or more recent than
Cisco IOS Release 12.2.(53)SE. - OK
• Ensure that the discovery host address on the Cisco NAC agent or Mac OS X
agent is pointing to the Cisco ISE FQDN. (Right-click on the NAC agent icon,
choose Properties, and check the discovery host.) - OK (See evidence)
• Ensure that the access switch allows Swiss communication between Cisco ISE
and the end client machine. Limited access ACL applied for the session should
allow Swiss ports: ALL CONFIGURED as CISCO GUIDELINES OK (SEE EVIDENCE)
• If the agent login dialog still does not appear, it could be a certificate issue.
Ensure that the certificate that is used for Swiss communication on the end client
is in the Cisco ISE certificate trusted list. (ALL CHECKED OK SEE EVIDENCE)
• Ensure that the default gateway is reachable from the client machine. (TESTED OK)

Hi.
Can you paste all the ACLs on your switch especially the webauth redirect ACL which should deny traffic towards the PSN.
regards
Zubair

Cisco NAC Agent 4.9.1.682 Problems with Mac Os X 10.7.4

Hi
My Cisco NAC Agent (version 4.9.1.682) doesn't work since I upgraded my Mac OS X 4 months ago, This happens every time with CISCO and MAC when there is a new update and it always seems to take forever to fix.
The NAC agent just keeps asking for my login in details even though there are correct (I can log in with a PC no problem).
Any update on when a new version is going to be released - Its getting really frustrating?

I figured out a solution that works you must disable Online Certificate Status Protocol (OCSP) on the affected system. To do this :
    Open Keychain Access. Keychain Access can be found by selecting Go in the Finder and choosing the Utilities option. Keychain access should be listed in the folder that appears. Double-click the Keychain Access icon to open it.
    Select Keychain Access -> Preferences from the menu at the top of the screen
    Choose the Certificates tab
    Change the OCSP option from Best Effort to Off
    Close the Preferences dialog and quit Keychain Access
    You should be able to NAC now

FAM 8.0, Tomcat J2EE agent installation problem

Hello:
I was able to install FAM 8.0 in Tomcat 6.0.14 on Ubuntu (7.04) Linux. Everything seems fine. In the end, the applications I want to use with OpenSSO also make use of Tomcat 6.0.14. I noticed on the opensso users email list that the Tomcat 3.0 agent won't be available until early next year; but that the 2.2 agents should work with FAM 8.0. So, I got the the J2EE agent for Tomcat - SJS_Tomcat_Server_55_agent_2.2-01.tar.gz. The documentation makes no references to Tomcat 6, and I'm hoping this is due to the fact that Tomcat 6 was not available when the documentation was written.
Does this agent work with Tomcat 6? I have this problem when installing the agent (agentadmin --install):
$CATALINA_HOME environment variable is the root of the tomcat
installation.
[ ? : Help, < : Back, ! : Exit ]
Enter the $CATALINA_HOME environment variable: /Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14
Invalid directory specified for the $CATALINA_HOME environment variable
Invalid CATALINA_HOME directory :
/Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14I can see in debug/agentadmin.log the following:
[05/24/2008 13:06:37:684 PDT] FileSystemValidator : Is directory : /Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14 valid ? true
[05/24/2008 13:06:37:686 PDT] HomeDirValidator : Is $CATALINA_HOME directory /Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14 valid ? false
[05/24/2008 13:06:37:686 PDT] Invalid CATALINA_HOME directory : /Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14This directory does indeed exist, and is accessible by the user I'm logged in as. It appears FileSystemValidator agrees with me, but HomeDirValidator has a problem. I tried this on both Ubuntu 6.04 and Mac OS X 10.5.2. Does this indicate that Tomcat 6 is not supported? Or is it indicative that neither OS on which I've tried to install the agent is officially supported?
Thanks!
Jeff

Hi Denis:
Before being redirected to another short term task, I did indeed get the Tomcat 6 agent to work. I probably won't be able to look at OpenSSO again seriously for another couple of months. :(
I have the OpenSSO server running on Tomcat 6.0.14 on Ubuntu 6.x Linux running in a virtual machine on my Mac. I was not able to get the server to run directly on the Mac, and I cannot remember the reason at this time.
But, as far as the agent goes, I run it again using Tomcat 6.0.14 on my Mac (Mac OS X 10.5.2), using the 1.5 JRE. I do have the agentapp war deployed as well as the agentsample web application to play with. In my catalina.out file:
Jun 18, 2008 10:07:20 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.14
Jun 18, 2008 10:07:20 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive agentapp.war
Jun 18, 2008 10:07:21 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive agentsample.war
Jun 18, 2008 10:07:22 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8090
Jun 18, 2008 10:07:22 AM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8011
Jun 18, 2008 10:07:22 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/16 config=nullI have no error messages is any Tomcat log file.
I checked out the source code for the Tomcat v6 agent (2.2) on May 27, so I don't know how that compares to yours or what's been checked into CVS since my build. I also don't know what the OpenSSO NamingService is.
I assume you used fully qualified domain names to specify the web application to be protected by agent as well as the OpenSSO server itself. The following is the output of the conversation when I run the agent installer script on my system. It has been redacted a bit (domain name and encryption key) to protect my client, but otherwise this is what I supplied to the installer:
Enter the complete path to the directory which is used by Tomcat Server to
store its configuration Files. This directory uniquely identifies the
Tomcat Server instance that is secured by this Agent.
[ ? : Help, ! : Exit ]
Enter the Tomcat Server Config Directory Path
[/opt/apache-tomcat-6.0.14/conf]: /Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14/conf
Enter the fully qualified host name of the server where Access Manager
Services are installed.
[ ? : Help, < : Back, ! : Exit ]
Access Manager Services Host: login.opensso.example.com
Enter the port number of the Server that runs Access Manager Services.
[ ? : Help, < : Back, ! : Exit ]
Access Manager Services port [80]: 8080
Enter http/https to specify the protocol used by the Server that runs Access
Manager services.
[ ? : Help, < : Back, ! : Exit ]
Access Manager Services Protocol [http]:
Enter the Deployment URI for Access Manager Services.
[ ? : Help, < : Back, ! : Exit ]
Access Manager Services Deployment URI [/amserver]: /opensso
Enter the fully qualified host name on which the Application Server
protected by the agent is installed.
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Host name: analysis.opensso.example.com
$CATALINA_HOME environment variable is the root of the tomcat
installation.
[ ? : Help, < : Back, ! : Exit ]
Enter the $CATALINA_HOME environment variable: /Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14
Choose yes to deploy the policy agent in the global web.xml file.
[ ? : Help, < : Back, ! : Exit ]
Install agent filter in global web.xml ? [true]:
Enter the preferred port number on which the application server provides its
services.
[ ? : Help, < : Back, ! : Exit ]
Enter the port number for Application Server instance [80]: 8090
Select http or https to specify the protocol used by the Application server
instance that will be protected by Access Manager Policy Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the Preferred Protocol for Application Server instance [http]:
Enter the deployment URI for the Agent Application. This Application is used
by the agent for internal housekeeping.
[ ? : Help, < : Back, ! : Exit ]
Enter the Deployment URI for the Agent Application [/agentapp]:
Enter a valid Encryption Key.
[ ? : Help, < : Back, ! : Exit ]
Enter the Encryption Key [XXmyencryptionkeyXX]:
Enter a valid Agent profile name. Before proceeding with the agent
installation, please ensure that a valid Agent profile exists in Access
Manager.
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Profile name: testagent1
Enter the path to a file that contains the password to be used for identifying
the Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the path to the password file: /Users/jas/Development/opensso/tryout/agent_password
SUMMARY OF YOUR RESPONSES
Tomcat Server Config Directory :
/Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14/conf
Access Manager Services Host : login.opensso.example.com
Access Manager Services Port : 8080
Access Manager Services Protocol : http
Access Manager Services Deployment URI : /opensso
Agent Host name : analysis.opensso.example.com
$CATALINA_HOME environment variable :
/Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14
Tomcat global web.xml filter install : true
Application Server Instance Port number : 8090
Protocol for Application Server instance : http
Deployment URI for the Agent Application : /agentapp
Encryption Key : XXmyencryptionkeyXX
Agent Profile name : testagent1
Agent Profile Password file name :
/Users/jas/Development/opensso/tryout/agent_password
Verify your settings above and decide from the choices below.
1. Continue with Installation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]: 1
Updating the
/Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14/bin/setclasspath.sh
script with the Agent classpath ...DONE.
Creating directory layout and configuring Agent file for Agent_001
instance ...DONE.
Reading data from file
/Users/jas/Development/opensso/tryout/agent_password and encrypting
it ...DONE.
Generating audit log file name ...DONE.
Creating tag swapped AMAgent.properties file for instance Agent_001 ...DONE.
Creating a backup for file
/Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14/conf/server.xml
...DONE.
Creating a backup for file
/Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14/conf/web.xml
...DONE.
Adding SJS Tomcat Agent Realm to Server XML file :
/Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14/conf/server.xml
...DONE.
Adding filter to Global deployment descriptor file :
/Users/jas/Development/opensso/tryout/apache-tomcat-6.0.14/conf/web.xml
...DONE.
Adding SJS Tomcat Agent Filter and Form login authentication to selected Web
applications ...DONE.
SUMMARY OF AGENT INSTALLATION
Agent instance name: Agent_001
Agent Configuration file location:
/Users/jas/Development/opensso/tryout/tomcat_v6_agent/Agent_001/config/AMAgent.properties
Agent Audit directory location:
/Users/jas/Development/opensso/tryout/tomcat_v6_agent/Agent_001/logs/audit
Agent Debug directory location:
/Users/jas/Development/opensso/tryout/tomcat_v6_agent/Agent_001/logs/debug
Install log file location:
/Users/jas/Development/opensso/tryout/tomcat_v6_agent/logs/audit/install.log
Thank you for using Access Manager Policy Agent
[jaslap:tryout/tomcat_v6_agent/bin] jas% Can you post the exception details you're getting. That might help someone diagnose the problem.
Take it easy,
Jeff

NAC Agent Installation "loop"

Similar Messages

Maybe you are looking for