NAC Server still in "Fallback: Allow All" state

Hi Guys,
i have a strange behaviour under my NAC Server.
Today I saw that my NAC Server is in Fallback: Allow All state and the CAM is in Manager: DEAD but
in the CAM web administration i can access that CAS.
The CAS can ping the CAM too.
there are two things that were changed in the last month.
The CAM was moved to other city and they are using a 2MB link connection between them.
The IP Address of the CAM was changed.
I've checked my link connection between them because my CAM is in a different city  of the CAS but my link is in 50% load.
Does anyone know any possibilitie to solve this?

Hi,
Are you using ip based certs or domain name? Also make sure when you do an nslookup that the CAS is able to resolve the ip address of the CAM. Also check your firewall and make sure that you are allowing all ip traffic between the CAS and the CAM.
Also check yoru certs on the CAM and make sure that they havent expired. Are you using a standalone CAM and CAS setup are are they in failover configuration?
Thanks,
Tarik

Similar Messages

  • Nac Server Errors | Collector Modules in Stalled state

    Hi Everyone,
    I am facing an issue in Nac Profiler. Please help me on this.
    All the Collector Modules are in the stalled state.
    Whenever I restart Collector Modules and also restart Profiler Server through CLI.
    The Collector Modules and Server comes in running state. But after some times it comes into Stalled state.
    Also I have observed these errors in Server Log entries as given below.
    ERROR:[2010-12-22 10:34:14 (statusCallback:1709)] File XFER hash test failed for ./working/nacserver-nm-1293014054.xml/./pending/nacserver-nm-1293014054.xml [No such file or directory]
    4 (statusCallback:1709)] File XFER hash test failed for ./working/nacserver-nm-1293014054.xml/./pending/nacserver-nm-1293014054.xml [No such file or directory]
       ERROR:[2010-12-22 10:34:14 (statusCallback:1687)] Hash failed for ./working/nacserver-nm-1293014054.xml/./pending/nacserver-nm-1293014054.xml [-400] [No such file or directory]
       ERROR:[2010-12-22 10:34:14 (statusCallback:1709)] File XFER hash test failed for ./working/nacserver-nm-1293014054.xml/./pending/nacserver-nm-1293014054.xml [0]
    Please Help me on this its urgent.
    Thanks,
    Abuzar

    Hi Everyone,
    I am facing an issue in Nac Profiler. Please help me on this.
    All the Collector Modules are in the stalled state.
    Whenever I restart Collector Modules and also restart Profiler Server through CLI.
    The Collector Modules and Server comes in running state. But after some times it comes into Stalled state.
    Also I have observed these errors in Server Log entries as given below.
    ERROR:[2010-12-22 10:34:14 (statusCallback:1709)] File XFER hash test failed for ./working/nacserver-nm-1293014054.xml/./pending/nacserver-nm-1293014054.xml [No such file or directory]
    4 (statusCallback:1709)] File XFER hash test failed for ./working/nacserver-nm-1293014054.xml/./pending/nacserver-nm-1293014054.xml [No such file or directory]
       ERROR:[2010-12-22 10:34:14 (statusCallback:1687)] Hash failed for ./working/nacserver-nm-1293014054.xml/./pending/nacserver-nm-1293014054.xml [-400] [No such file or directory]
       ERROR:[2010-12-22 10:34:14 (statusCallback:1709)] File XFER hash test failed for ./working/nacserver-nm-1293014054.xml/./pending/nacserver-nm-1293014054.xml [0]
    Please Help me on this its urgent.
    Thanks,
    Abuzar

  • NAC Server Fallback Feature and OOB Deployment

    Hi,
    I would like to know how the Nac Server fallback feature works in an OOB deployment.
    The documentation says that there three option (ignore, allow all, block all).
    Whe you have the allow all option enable, does the NAC put the user in an access vlan or the user just access to the network through the authentication VLAN?

    Hi,
    Assuming the CAM has failed, the CAS would allow all traffic from the AUTH VLAN to the ACCESS VLAN. Since the CAM has failed, the switchports which are not in the AUTH VLAN would behave per the rules/ACLs on the VLAN they're in and won't get flipped over.
    HTH,
    Faisal

  • New itouch user here, We had a wireless connection with a password all set up but we couldn't remember the password meanwhile there are other connections around us but locked. So i decided to make a new one yet it still will not allow to go on safari HELP

    new itouch user here, We had a wireless connection with a password all set up but we couldn't remember the password meanwhile there are other connections around us but locked. So i decided to make a new one yet it still will not allow to go on safari after i type in the password PLEASE HELP ive turned on and off etc

    My guess is that the security settings on your router and iPod do not match.
    For a test, change your router so there is no security.  See if you can connect and get to the Internet. If that works, set up the router with security and use the same settings for the iPod.

  • IPad iOS 8.2 still won't allow delete of ALL email messages at once?

    iOS 8.2 still won't allow deletion of ALL email messages at once from my iPad? What could be the reason for this? The work-around solutions I see on Internet work erratically for me.
    I'm an Android cellphone user so can delete all emails from my phone with a click or two. Is that a patent issue for Apple? There is no way to delete ALL email messages easily?

    Had the same problem. There is an undocumented way under another thread and it works, but is clunky and very un-Mac-like.
    The Apple thread that I got the undocumented answer from is:
    Delete all email in Inbox iOS7
    https://discussions.apple.com/thread/5421295?start=15&tstart=0
    I've copied the answer below:
    From inbox edit
    MARK ALL AS READ (for me and several others in the thread it only works, when I marked all as read)
    Highlight first email
    Hold move button
    Try to unhighlight first email (probably won't )
    Still holding move button pull down on mails  and then try to unhighlight first email again
    This time it should
    You will notice the inbox seems frozen as move is no longer highlighted and individual emails will not highlight if you touch them
    Wait May take a minute or two depending on how many emails are in your inbox but they will move to the right side
    Then just touch trash
    The YouTube link that demonstrates this is:
    http://www.youtube.com/watch?v=fKa-KFjUIGE
    Hope this helps!
    Cheers!
    Anika

  • I have an imap account and deleted all mail from server. Once doing this all emails from my iPad -which was on a wi-fi- where automatically deleted. Fortunately these emails are still visible on my iPhone that was without connection. If I send all these e

    I have an imap account and deleted all mail from server. Once doing this all emails from my iPad -which was on a wi-fi- where automatically deleted. Fortunately these emails are still visible on my iPhone that was without connection. If I send all these emails to my iCloud account - they will remain into my outgoing folder until I open my wi-fi- …BUT will they be sent when I open my wi-fi connection, or since they are no longer on my server… be deleted for ever!?

    This is how IMAP works, if you delete from one device it will also be deleted in the other devices.
    iCloud do not backup e-mails.

  • Windows Server 2012 Essentials (not R2) - all client computers offline

    The server is Windows Server 2012 Essentials (not R2). I have had this problem ever since I first installed the Windows Server 2012 Essentials server in the summer of 2013 (before R2 was released). The Windows Server 2012 Essentials server shows offline
    for all Devices under Dashboard. (Allow me to add that I just installed another site with Windows Server 2012 Essentials R2, and it was a breeze - all of the computers at the second install site are online.) I have one Windows 8.1 Pro client and the rest
    are Windows 7 Pro clients. The problem occurs on ALL client computers.
    I have removed computers from Devices in Dashboard on the server, rebooted the server, changed the client computer to a workgroup, rebooted the client computer, and reinstalled the connector software on the client computer. Same result. I
    have tried this on a Windows 7 Pro client and a Windows 8.1 Pro client with the same results.
    After running the connector on a client computer and waiting for the server to update its Devices status, if I look under Devices on the server Dashboard, the Windows 8.1 client computer will say online but within 24 hours it goes offline again. The
    Windows 7 client computers never show online. Both computers stay offline - they NEVER show an online status (referring to the status under Devices in Dashboard).
    I should make it clear that the clients can access the server shares with no problem. File synchronization works great. The clients can ping the server and the server can ping the clients. But client backups on the server fail.
    One of the most troublesome things about this problem is that it prevents the client computers from being accessed remotely using the website setup by Anywhere Access. I can login to get remote access to the shared files on the server, but
    the only computer that says "online" is the server. All of the other computers are "offline".
    The server and clients are only using Windows firewall. The clients all use Microsoft Security Essentials for their anti-virus.
    I used a troubleshooting tool that tells me that there are problems with port 6602 on the server, but the clients are all fine with port 6602. I know port 6602 is important for using Anywhere Access but I am still trying to find out more details on that.
    I have checked all of the firewall settings related to port 6602 on the server, and the firewall settings look like the standard Windows settings for this port. I used netstat to find the PID associated with the port, and I looked up the PID to find the service.
    That all looked standard, too.
    I have been working on this problem since the summer of 2013!! Does anyone have ANY suggestions?!!
    HELP!

    Hi,
    Just addition, please check if all necessary Windows updates are installed on those
    “Offline” client computer.
    When connect client computers to the Windows Server 2012 Essentials server by using the Connector software, there
    will be LAUNCHPAD on the client computer. Was this LAUNCHPAD grayed out? Please check if can access Shared Folders via this LAUNCHPAD. Meanwhile, please ping the Windows Server 2012 Essentials via IP address and server name when client computers show as
    Offline. Any find?
    Get Connected in Windows Server Essentials
    In addition, please follow the path on Server and client computer:
    %programdata%\Microsoft\Windows Server\Logs. Did you check any relevant Server-side logs and
    Client-side Logs if find more clues?
    Windows
    Server Essentials 2012/2012 R2 Log Files
    If any update, please feel free to let us know.
    Hope this helps.
    Best regards,
    Justin Gu
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • After restoring SharePoint farm backup ( The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connection)

    Hi,
    I have taken farm back and restore it in new UAT environment, while access to the main site getting the below error: 
    Error  
    An unexpected error has occurred. 
    Troubleshoot issues with Microsoft SharePoint Foundation. 
    Correlation ID: 866476f3-23dd-4e1e-97af-bffc62cc2d57 
    Date and Time: 7/15/2014 11:26:35 AM 
    When i checked in log i got below error
    System.Data.SqlClient.SqlException: A network-related or instance-specific
    error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40
    - Could not open a connection to SQL Server)    at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)     at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
    stateObj)     at System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecu... 
    Thanks in advance
    Said Al Balushi

    Hi Wendy,
    i have checked all below points, every thing is fine but still i am getting the same error.
    Check SQL services are runing
    Check remote conenctions are enabled
    Check SQL Browser service is runing
    Check TCP/IP protocal enabled at SQL server
    Check out windows firewall setting
    Thanks,
    Said
     

  • Cisco NAC server hang issue

    Hi All Cisco NAC Experts,  I am currently experiencing a Cisco NAC NAC3315-SVR hang issue.
    The issue was already happened for few time on the same server and the symptom when NAC server hung includes no response to ICMP ping, no response to SSH request, no response for access request to CAS management page via https, HA pair was detected down from its HA neighbor and triggered failover to secondary CAS.
    The CAS server was recovered after manually power cycle the hardware. 
    After went through the attachment CAS logs, I found all the services and logging service were stopped when the issue happening but unfortunately there is no any suspicious activity was logged down before or during the issue happening.
    I have also tried to search on Cisco Bug Toolkit but no similar case was found, I believe it was not caused by software bug due to the software version 4.8.1 is running in my company for years and only one CAS server having the issue.
    That will be great if any one can help me out for the same.
    Thanks,
    Eric

    Hi Bro
    This could be a problem with the certificate in that Cisco NAC appliance itself. My suggestion is to redo the certificate generation between the CAS CAM and CA Server. If this still doesn’t work, it could also be due to overload/broadcast storm on the LAN portion. This can be verified via Wireshark.
    If all else fail, then a hardware swap would seem like the next best thing.

  • MacBook Pro (OS X 10.9.1) calendar continues to "connect to server" and will not allow shut down or restart. Force quit worked. How can I make this calendar "behave"?

    MacBook Pro (OS X 10.9.1) calendar continues to "connect to server" and will not allow shut down or restart. Force quit worked. How can I make this calendar usable? The problem began after I updated to Maverick.

    babowa, it seems like it is using Fuse & NTFS, so I don't think it's the classic WD + 10.9 mess, but extra WD tools & drivers can still break things MtTran.
    MrTran, if you must use unsupported disk formats on your Mac you must also consider actually paying the developers that made the trial software.
    It's probably a good idea to follow the developers removal instructions, reboot & then install one tool at a time.
    MacFuse, FuseOSX, NTFS-3G are all likley to confict if you run older versions so you need to be sure you are using the latest version. I can't remeber which one depends on the other, so you will need to read the manuals.
    When the disk is readable copy the data to another disk. You could probably do this from a Linux distro or Windows if OS X won't do it.
    If you insist on only using the trial versions you will need to reinstall Mac OS, copy data off this disk & reformat it.
    Is there any good reason for not using the Mac HFS extended format?

  • Wireless Guest with NAC Server

    Hi All,
    Anyone knows why Sponsor can't create a guest account with 1 month duration.
    Its a NAC running on 2.1 version in SNS-3415-K9.
    The current setup is WLC connected to NAC Server.
    Is it related to Account type?
    From the Account Type dropdown menu, you can choose one of the predefined options:
    Start End—Allows sponsors to define start and end times for account durations.
    From First Login—Allows sponsors to define a length of time for guest access from their first login.
    From Creation - Allows sponsors to define a length of time for guest access from the moment of account creation.

    When you say, "One MAC user" you mean every other client works except for this one MAC device?  If other MAC devices work, then it must be something on the client device that is having issues.  The only issue that I have ran into, is html code that might not be supported in certain browsers if you are runing a custom webauth page.

  • Adobe captivate data not sending at the end of webinar. Is the adobe server still down?

    Adobe captivate data not sending at the end of webinar. Reads "unknown error." Is the adobe server still down? This has been ongoing all of july 2014.

    So the engineer came and, of course, everything was working ok. He did fit some kind of RF filter on my main socket, and 'changed the pair' on one of the outside cables. Since then, I've only had a noisy line once, and seem to have been connected for 3 days solid, which is a record!
    I've switched back to my BT Home hub 3, which guavas me more stats. The line has previously given me up to 6mb/s, now only getting 1.6.
    Do you think, now the line seems more stable, with the stats below I should be able to maintain a higher speed now?
    Thanks
    Line state: Connected
    Connection time: 3 days, 02:19:39
    Downstream: 1.601 Mbps
    Upstream: 444.9 Kbps
    ADSL Settings
    VPI/VCI: 0/38
    Type: PPPoA
    Modulation: G.992.3 Annex A
    Latency type: Interleaved
    Noise margin (Down/Up): 17.7 dB / 22.6 dB
    Line attenuation (Down/Up): 44.8 dB / 27.0 dB
    Output power (Down/Up): 18.6 dBm / 12.6 dBm
    FEC Events (Down/Up): 3144673 / 0
    CRC Events (Down/Up): 14434 / 38
    Loss of Framing (Local/Remote): 0 / 0
    Loss of Signal (Local/Remote): 0 / 0
    Loss of Power (Local/Remote): 0 / 0
    HEC Events (Down/Up): 111873 / 10
    Error Seconds (Local/Remote): 1011 / 4

  • Firewall Allow all traffic on lan

    Is there a way to make a firewall rule to allow all traffic on en1? I have my ip ranges set to allow all traffic, but I still have to turn the firewall off for DHCP to give IP addresses to new devices on the network.

    dtich wrote:
    thx dean, yes, i had certainly looked at the log, which shows these entries:
    Nov 11 21:49:25 north-knoll-server ipfw[8789]: 65534 Deny UDP 169.254.14.242:138 169.254.255.255:138 in via en0
    but i have no idea where 169xxx is, nothing on my lan... if the port is 65534, that's an ftp passive port, tried opening that, doesn't solve the problem. if the port is 138, that's netbios, which would be odd, but i tried opening that too. nothing doing. can't figure it out. and the log really isn't helping too much.
    traceroute gives me:
    traceroute to 169.254.14.242 (169.254.14.242), 64 hops max, 40 byte packets
    1 169.254.14.242 (169.254.14.242) 0.593 ms 0.504 ms 0.195 ms
    so, i guess that's some internal address that my router uses or something..?? wacky. i'm out of my depth here.
    if i allow 169.254.x.x, i still get no joy.
    mean anything else to you?
    yeah, 169.254.x.x is part of the zeroconf net address range. (See http://en.wikipedia.org/wiki/Zeroconf for more details)
    Not sure why the device in particular is trying port 138 unless it's Windows box maybe? Is en0 on your local network or external?

  • Three NAC server deployment

    Hello guys,
    Could you suggest a workaround to bypass the HA limitation of only two NAC servers. 
    The problem is we already had two NAC guest servers in active/active mode but now we have a third one at a new branch, which would need to share the same user DB.
    Is there a way to replicate the data from the cluster to this remote NAC server?
    The idea is achieving a scenario like working with multiple ACS servers distribuited worldwide and sharing the same user data.
    Thanks,
    Lucas

    Hi,
    Assuming the CAM has failed, the CAS would allow all traffic from the AUTH VLAN to the ACCESS VLAN. Since the CAM has failed, the switchports which are not in the AUTH VLAN would behave per the rules/ACLs on the VLAN they're in and won't get flipped over.
    HTH,
    Faisal

  • Flash media server enterprise  4.0 allowing no one but my site to use flash player

    so i was  getting people embedding my player to there site and stealing my thunder.. so i changed allow all to my domain and well i cant connected with fme how to correct this thanks

    i tried still no go but here is a screen shot of fmse
    Date: Tue, 4 Oct 2011 08:36:36 -0600
    From: [email protected]
    To: [email protected]
    Subject: Flash media server enterprise  4.0 allowing no one but my site to use flash player
        Re: Flash media server enterprise  4.0 allowing no one but my site to use flash player
        created by SE_0208 in Flash Media Server - View the full discussion
    Wait a minute - your URI should be rtmp://ip/vod.mp4:sample1_1500kbps.f4v and i think your code should be as below (made "live" to false as its VOD file) <!start_raw>     flowplayer("player", "flowplayer-3.2.7.swf", ,         // streaming plugins are configured under the plugins node        plugins:         }    });</script><!end_raw>  try and let me know
         Replies to this message go to everyone subscribed to this thread, not directly to the person who posted the message. To post a reply, either reply to this email or visit the message page: http://forums.adobe.com/message/3953024#3953024
         To unsubscribe from this thread, please visit the message page at http://forums.adobe.com/message/3953024#3953024. In the Actions box on the right, click the Stop Email Notifications link.
         Start a new discussion in Flash Media Server by email or at Adobe Forums
      For more information about maintaining your forum email notifications please go to http://forums.adobe.com/message/2936746#2936746.

Maybe you are looking for

  • Suddenly New York Times website not working in Safari

    I often leave the NYT website up on a tab in Safari, where it auto-refreshes every five minutes or so.  Worked fine earlier today.  Now I get "Page Not Found" posted by NYT with some suggestions and a short list of content.  This is on my iMac, see i

  • Problem with Navigation Attributes when upgrading from BI 3.1 to BI 7.0

    Hello, I have the following problem that occured regarding queries during the upgrade from BI 3.1 to BI 7.0: As far as the queries are concerned it is not possible in the 7.0 system to completely rebuild them according to the queries in 3.1. More spe

  • Submiting Report Request via DB Proc.

    Hello, Is there a way to submit a report request to the report server via a database procedure? I have a situation where depending on the report name, userid, email addr, report-parameters, frequency etc. stored in a table, the database procedure SHO

  • Check that backup files are not corrupted

    Hi all. I am wondering if there is a possibility to check that the files obtained after backing up Oracle XE, NO ARCHIVELOG, are not corrupt. Can you help me? Thanks a lot.

  • How to set keepalive check for regular expression

    Hi We are using css110501 CSS. Right now the keepalives on services are set using hash values. But i want to change this keepalives to implement keepalives with regular expression checking. Any Ideas?