NAC web agent question
Hi,
I need to know when can i use the NAC web agent??? is it used for guests or visitors only????
If i used NAC web agent for guests , can i perform posture assessment for the guest users ( i mean check windows update , AV/AS or certain services)?? or network scanning will be only applied to the guests who are using NAC web agent????
i read the userguide of 4.7.1 of CAM and CAS but i have some conflicts regarding the above topic , so please i need your help.
Mohamed
Mohamed,
You can use it for any kind of users (guest/regular) and can do posture assessment, but no remediation. Remediation requires the full agent. The other limitation is that the web agent is only valid on Windows machines and cannot run on Mac/Linux etc.
HTH,
Faisal
Similar Messages
-
Use NAC Web Agent login with Ipad
Hello Guys,
I'm using NAC 4.8, and I'd like to login using NAC Web Agent on Ipad.
When I'm trying to do that, I'm receiving a message on Ipad that I need to install Java Plug-In, but there is no JavaPlug-in available for Ipad.
Does anyone know if there is any aditional configuration that I have to do on NAC Manager to be able to access the network using NAC Web Login on Ipad ?
Best RegardsHi Luciano,
Unfortunately, the NAC Web Agent and the persistant Agent are not supported for the iPad operating system. (It is called iOS). The following table documents this fact under footnote 3:
http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp125630
Only normal Web Login with Safari browser is enabled.
Hope this helps.
-Shrikant
P.S.: Please mark this question as answered if it has been resolved. Do rate helpful posts. Thanks. -
Cisco NAC Web Agent + Windows 8
Hello,
I´m implementing a Cisco ISE 1.2 and I am having troubles with NAC Web Agent and Windows 8 compatibility.
All time that I try install NAC Web Agent in Windows 8, I get the message "Agent User Operating System is Not Supported".
Follow are some informations about my Environment:
ISE 1.2 Patch 3
OS: Windows 8 Enterprise
IE: 10 (In Desktop Mode w and w/o Compatibility View)
NAC Web Agent: 4.9.0.1007
Could you help me ?
Best Regards,
Daniel StefaniHi Charles,
I can download all this files, but I can’t import it in ISE Resourses.
NAC Agent MST files
nacagentsetup-mst-4.9.3.9.zip
NAC Agent MSI Installation file
nacagentsetup-win-4.9.3.9.msi
NAC Agent Installation Package
nacagentsetup-win-4.9.3.9.tar.gz
Mac Agent Installation Package for MacOSX
CCAAgentMacOSX-4.9.3.803.tar.gz
NAC Agent MST files
nacagentsetup-mst-4.9.3.5.zip
NAC Agent MSI Installation file
nacagentsetup-win-4.9.3.5.msi
NAC Agent Installation Package
nacagentsetup-win-4.9.3.5.tar.gz
In this link that you sent me doesn’t have options to Cisco NAC Web Agent.
But in the follow yes…
http://software.cisco.com/download/release.html?mdfid=283801620&flowid=26081&softwareid=283802505&release=1.2&relind=AVAILABLE&rellifecycle=&reltype=latest
Best Regards,
Daniel Stefani -
Is there a list somewhere that shows what the status's mean? I have a few users getting this error, while others are working fine -
Failed to download Cisco NAC Web Agent ( status = -2 ) !
Thanks!For the web agent, there are three error states
-1 means that it was unable to launch the control at all,
-2 means it failed to download the agent executable,
-3 means there was an error running the web agent
Are you using the Java or ActiveX version of the web agent? Definitely check the browser settings for both and make sure that it's either allowing or prompting the user for the applets. If you're using the ActiveX version, you could try forcing the Java version, as most users seem to have more lenient browser settings by default for it. -
Cisco NAC web agent Network Security Policy
I have a computer with an installed McAfee Antivirus that us up to date. However, each time try to access one of my client's server via VPN, I successfully connect to VPN using Cisco Anyconnnect but whenever I try to download the web agent and the device security check is being run, I get the feedback "Host is not compliant with network security policy". It also tells me a Remediation description of "please update your antivirus". (see attached screenshot)
Please note that I already have my McAfee antivirus updated and I have done everything to keep my computer in good shape in terms of security.
What is the possible cause for this?That means the CAM hasn't received an SNMP trap for that MAC address. Double-check that the WLC is set up to send traps to the CAM: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cam/m_woob.html#wp1290626
You can see if the CAM's received a trap for a specific MAC by looking under OOB Management > Devices > Discovered Clients. -
ISE 1.3 NAC Web Agent for Posture
Hi,
We have two categories of wireless users (Vendors and Guests) and we need only Vendors to do posture (AV update check).We need to have two different portals to be redirected once each category of user hit as Vendor portal should also do device compliance checked and Guest portal should not do. We made a policy matching SSID (Called-Satation-ID=ssid) however when we tried it does not hits the particular rule. When we use single portal it can either do device complaint or not compliant..?
Appreciate if any one has tried this out or has better idea how to accompany this requirement.
Thanks in advance.Hello,
Perhaps re-order the rules so the guests are first and use a rule that calls Guest Flow or Guest Identity and then vendors come next.
Chris -
Dear guys,
I have problem in my lab case like sequence below:
A guest access into internal network, then will be redirect to Guest Portal.
A guest log in successfully using credential (was created by sponsor account)
Then, "Client Provisioning" process starts. Base on Client Provisioning policy with OS: Windows 8, guest session will be apply on Web Agent.
Then Web Agent install and check status process starts. But, in this phase. I got a error like this:
In Chrome & FF browser: "You will not be allowed to access the network due to internal error. please contact your administrator"
In IE browser:
"You will not be allowed to access the network due to internal error. please contact your administrator"
"Your login session failed! (status = 36) You will have limited network connectivity. Please try disconnecting and reconnecting to the network to start a new connection (or) contact your system administrator if the problem persists"
In addition:
I imported certificated (was signed by AD Root CA) into Local Certificates.
I imported AD Root certificated into Certificate Store.
I will be grateful for any help you can provide.
Have a nice day !Web agent should handle cert. revocation dialog box similar to Win agent
CSCsl40626
Description
Symptom:
Revocation failed dialog box keeps popping up on client machine despite of clicking "Yes" button
Conditions:
This issue is seen on the client machine performing login either using Windows agent or NAC web agent. The issue happens when the Clean Access Server (CAS) certificate root CA is not listed in the trusted store on the client machine. The issue is known to be reproducible on all flavors of Win XP & Win Vista using Windows or NAC web agent
Workaround:
Try selecting Yes. If this does not work you can turn off the security certificates revocation check by changing the options in Internet Explorer IE.
Use the following procedure to change the option in IE:
1. Launch IE
2. From the tool bar, select Tools then Internet Options
3. Select the Advanced tab
4. In the Security section, un-check the option "Check for server certificate revocation"
5. Click on the Apply button
6. Click on the OK button
7. Close IE
8. Try the web login again
Product:
Cisco NAC Appliance (Clean Access)
Known Affected Releases:
(1)
4.1(3.6) -
NAC 4.8 web agent with WSUS checking
Hi,
In some cases we would like to use the NAC 4.8 Web agent to check the WindowsUpdate related things.
We have a managed WSUS server, the ckeck working well with native win32 clients, but when we try connect with web agent,
the report show the following:
Information:
Failed to find Windows updates
Description:
Missing windows updates: 0
At the Windowsupdate.log file there is NOTHING about it, nor connecting, or any related.
Tried with the activex and Java client, the result is same. Also tried to catch some ip packets with Wireshark going to wsus server, but there is active connection.
Is this a bug, or the web agent is not WIndowsUpdate check compatible?
Thanks
AttilaHi Eduardo,
We can check all the requirement rules, but notes,
this check is works well with native win agents, so I assume the CAM Requirements and Rules side is ok.
Pls. confirm, there is no matter how I'd like to check win patches (via web or with client) at Checks/Rules/Roles/Requirements config.
Attila -
NAC - Using ActiveX web agent with low level user
Hi:
I have NAC installed in-band and running. We have a group of test taker with user rights to the PC. The ActiveX web agent will not load and the Java agent does not start.
Any suggestion o dealing with some low secuirty issue and the browser.
Thanks
DanHi Eduardo,
We can check all the requirement rules, but notes,
this check is works well with native win agents, so I assume the CAM Requirements and Rules side is ok.
Pls. confirm, there is no matter how I'd like to check win patches (via web or with client) at Checks/Rules/Roles/Requirements config.
Attila -
Hey there,
I'm new to intermedia, but I have managed to get it installed, uploaded some images using the clipboard and I'm even able to view them...my question is when I create the web agent, does that user have to have DBA priviledges?? When I use a user that has DBA granted to it, I don't have problems...when I try to change to a user w/ lesser permissions...it doesn't work. Is there a reason for this?
nullHi,
What error are you seeing, and what operation are you trying to perform when things do go wrong? (In all the work I've done on the Web Agent, I don't think I've ever specified a user that DID have DBA privs!!) Just for interest, have you tried firing up the Clipboard against a simple table created in scott/tiger [eg, create table images(id number, image ordsys.ordimage);]?
Simon -
Integrating WebLogic Server with CA SiteMinder Web Agent R6
Hi I have searched on the topic of integrating WebLogic Server with the CA SiteMinder Web Agent R6 to provide single sign on services, and have been unable to find anything. Does anyone have any experience with this that could provide some tips, or could direct me to some documentation?
It definitely can work. We have done the same thing in several installations. The question is "How secure does it need to be?" You will be using SM to do authentication. You will configure SSO to trust the SM header variable. If you really want to be secure you need to configure your boxes so that the http server on you SUSE box (for Portal) can only be accessed from the Reverse Proxy. If another machine can access it someone could spoof the header variable and log in as anyone they want.
Hope this is helpful.
Anton -
ISE 1.3 and Windows Posture Web Agent
Hello,
I am running ISE 1.3 and have an issue running the Posture Web Agent. The client authenticates and gets redirected to the client provisioning portal but get the following message
Detecting if Web Agent is installed and running gets ticked and then it keeps rolling at scanning your device. Open Web Agent to check the current status of the system scan and update your system as instructed.
See attached screen shotis this issue specific to particular groups of clients/OS type... if using Windows 8, Internet Explorer 10 has two modes: Desktop and Metro. In Metro mode, the ActiveX plugins are restricted. You cannot download the Cisco NAC Agent in Metro mode. You must switch to Desktop mode, ensure ActiveX controls are enabled, and then launch Internet Explorer to download the Cisco NAC Agent. (If users are still not able to download Cisco NAC agent, check and enable “compatibility mode.”)
-
Web Agent and Clip Board set up for multi user environment
Hi
Our environment is
Database: 0racle8.1.5 on Sun Solaris
Currently we are not using OAS but a portal server and Apache
Intermedia Web Agent and Clip Board are working fine.
The questions are
1. if there are multiple users (content managers) who would be adding /modifying content in the database, the how can I go about with Clip board.
2.The requirement is these people should be able to search documents on the basis of keywords. So how do we integrate Intermedia query capabilities on this clip board interface.
3. For production level how do we go about implementing.
Should we continue to have the ctxsys user and use that itself.
Thank you for any solutionsI have NO idea if these "exact problems" pertain to Macs, since I think most of these discussions are about Windows... but, some reading (not all PPro, but I put all the links I have saved, just for general information)
-see #3 http://forums.adobe.com/thread/771151
-you may NOT "map" your My Documents folder to a network drive
-you MUST give all users administrator accounts to use Premiere
-and especially Encore dual layer http://forums.adobe.com/thread/969395
-#5 Server 2008 is UNsupported http://forums.adobe.com/thread/851602
-a work around, of sorts http://forums.adobe.com/thread/957523
-and not on a "domain" http://forums.adobe.com/thread/858977
-also PreEl see #5 http://forums.adobe.com/thread/1017199
-more PreEl problem http://forums.adobe.com/thread/975117
The solution... some day... may be at this link
Adobe Anywhere http://www.adobe.com/products/adobeanywhere.html -
Hi,
I'm running an 8.1.6 db and using WebAgent on Redhat 6.1.
I have a running application to upload files into blob columns that usually works well except that from time to time the following error message appears:
"Oracle interMedia Web Agent
An error occurred processing your MEDIAGET or MEDIAPUT request
Error while trying to retrieve text for error ORA-03113"
I have no idea why I'm getting this error, if I refresh the page then I get the normal MEDIAPUT succeeded message and the document is loaded.
This is a little disconcerting for my end-users. Does anyone know what is causing this error or where to start looking?
Many Thanks.
Niall.
nullHi Niall,
Unfortunately, the fact that you're not seeing any trace files or
anything in the alert log isn't giving us much to go on. I'll answer
your questions first, then list some ideas at the end.
The error message you are seeing, "MWM-00608: error executing a SQL
statement", indicates that the Web Agent really is executing a
statement - its pretty specific about what its doing when it has to
write an error message. For example, if the error were occuring when
it was trying to connect to the server or start a new database
session, then you'd see something like "MWM-00546: OCI error attaching
to database server using service name '%s'" or "MWM-00548: OCI error
beginning database session using service name '%s'".
Are there any delay / timeout parameters that should be examined or
changed ?The Web Agent doesn't use any timers. It simply issues calls to OCI and
waits for the response.
Does the Web Agnet try to keep it's connection alive from the previous
upload ?Yes it does. For database agents defined with a fixed user name and
password, the Web Agent keeps both the server connection and database
session active for use in subsequest requests. For database agents
that do not specify a password, the Web Agent keeps only the server
connection active between requests. It does this to avoid the overhead
of creating a new server connection/database session for every
request, something which would result in a noticeable in servicing
requests.
The fact that the MEDIAPUT request works immediately after the error
(upon page refresh) makes me wonder if the server process is not
coming up fast enough for the Web Agent? A page refresh should result in the browser resending the same request
to the web server. When the web agent gets the request, it will simply
create a new server connection/database session with which to execute
the necessary SQL. That is, assuming the request goes to the same
process. If it goes to a different process, then there may already be
an existing connection that can be used, or a new connection may be
created.
Here are some thoughts as to what might be causing the problem, plus
some suggestions where I can make any:
1. The database is being shutdown and restarted without restarting the
web agent and/or web server. This will cause the error you are
seeing, because the Web Agent doesn't know the database has gone
down and will try to use existing sessions when new requests
arrive.
If you're using Apache, then you'll need to restart Apache in order
to restart the Web Agent. If you're using iPlanet Web Server in
single-process mode, then you can use the Web Agent's on-line admin
interface to reload the configuration, which will cause the Web
Agent to shutdown any existing database sessions and server
connections, then re-read the configuration file. As new requests
are received, new connections will be established.
2. Individual database sessions are being killed by something and/or
someone. Although some documentation I read says that clients
should get an ORA-00028 error message, when I tried it, I got
ORA-03113. I didn't see anything in my alert log when I was trying
it, but there may be settings you can use to enable the logging of
such actions.
3. Individual TCP/IP network connections are being killed by something
and/or someone. I don't know how you're web server and database
server are configured, or what transport they're using, but this
sort of thing will result in the error you are seeing.
4. There's some sort of bug in the 8.1.6 server on Linux which results
in the server consuming virtual memory or some other resource to the
point that when the resource runs out, it doesn't have enough resource
to write a trace dump file.
If this is happening, then its going to be a case for the support
folks to look at. One possible way of proving this would be to
periodically restart the web server or reload the Web Agent
configuration, so re-initializing all the connections.
Some other questions that may or may not have a bearing on the issue.
- How often does this occur? Once a day, once a week, or multiple
times per day to different users?
- Which web server are you using?
- Does it always happen to the empentblobs.empent_doc procedure or
do other procedures experience problems?
- What does the empentblobs.empent_doc procedure do, and can it be
simplified in any way to narrow down the problem?
That's all I can think of for now. Please let us know if any of this
helps, or at least helps to point in the right directory.
Regards,
Simon
null -
9i Web Agent Error when displaying Java Table/Graph
Hi,
I am in the process of upgrading a Express 6.3.4 Web Agent database app to 9i.
I have been able to import the databases correctly, under the OOWAAPP schema.
On my app when ever I go to a page to display a Java Table I get the following error:
oracle.olap.webAgent.express.OWAException: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"><HTML><HEAD><TITLE>Oracle OLAP Web Agent</TITLE></HEAD><BODY bgcolor="#FFFFFF"><P><img src="/oowa-install/sample/wabanner.gif" alt="Oracle OLAP Web Agent"></p><P><STRONG>An error occurred in the Oracle OLAP Web Agent</STRONG></p><STRONG>ORA-33272: (DBERR06) Analytic workspace IADSSDEMO.OOWASEL cannot be opened.
ORA-01950: no privileges on tablespace 'IADSS'
ORA-06512: at "SYS.DBMS_AW", line 18
ORA-06512: at line 1
</STRONG><P><!--<STRONG>Click <A HREF="/oowa-install/help/en/owacauseaction.html#ORA-33272: (DBERR06) Analytic workspace IADSSDEMO.OOWASEL cannot be opened.
ORA-01950: no privileges on tablespace 'IADSS'
ORA-06512: at SYS.DBMS_AW", line 18
ORA-06512: at line 1
">here</A> to display information about potential causes for this error and about potential resolutions for the problem.</STRONG>--></p></BODY></HTML>
The UserID I am logged in as is IADSSDEMO. While the AW are in the OOWA schema, I have forced them to use a tablspace of IADSS.
The Page has some option/selectors followed by a java table.
Any ideas?
Regards,
Imran Shah
Ioppolo & AssociatesThis forum is for Warehouse Builder related issues. Your question is better suited for the OLAP forum:
OLAP
Maybe you are looking for
-
Firefox does not open on-screen - looks like it scrolls off to the side.
When I mouse over the Firefox icon, I can see that the window is open, but when I click on the icon, the window does not open onscreen and it fades in and out of the right side of my screen. Runninf Firefox 7.0.1, Windows 7 64-bit. Thanks
-
I don't know how I did it, but when I am texting, the microphone keeps coming on and tries to say what I am typing. How do I turn this off?
-
"Open Recent" files option not working - Yosemite 10.10, Pages 5.5.2
Ever since I upgraded to Yosemite and Pages 5, "Open Recent" has not been working. Today I set the General System Preferences to open my last 10 documents but it has not made a difference. Please help as this is extremely frustrating when working wit
-
How to create a Service request using Exchange connector in SCSM 2012
HI , I am able to create Incident request using exchange connector.Could you please let me know that how can i create Service request using Exchange connector 3.0. Thanks in advance.
-
Modbus error 1073807194 with FTDI CHIP RS485
Hi, I am using modbus library to control a Lumen temperature controller. The controller is connected trough RS485. I am using a FTDI chip with VCP driver to interface this component. The modbus transfer is in RTU mode. On each step : I am reading