Network Error: Clean Access Server could not establish a secure connection to Clean Access Manager
Hello everyone
I am implementing a failover solution of NAC in OOB VG version 4.8, I have 2 CAS and 2 CAM.
The Error I am getting is when I connect to both IP address and the FQDN of the CAS.
===========
Network Error:
Clean Access Server could not establish a secure connection to Clean Access Manager at camsrv3.cadivi.gob.ve.
This could be due to one or more of the following reasons: 1) Clean Access Manager certificate has expired 2) Clean Access Manager certificate cannot be trusted or 3) Clean Access Manager cannot be reached.
Please report this to your network administrator.
==========
For the CAM's I use this names camsrv1 and camsrv2. then generate a CSR in the camsrv1 with the name camsrv3.mycompany.com corresponding to virtual ip and it exported to camsrv2, Install the CA certificate of the company and everything works perfect.
This is the failover configuration
CAM:
Primary: 10.1.206.248 camsrv1.mycompany.com
Secondary: 10.1.206.249 camsrv2.mycompany.com
Virtual: 10.1.206.250 camsrv3.mycompany.com
Then I do exactly the same steps for the CAS's and this is the failover configuration:
Primary: 10.1.216.248 cassrv1.mycompany.com
Secondary: 10.1.216.249 cassrv2.mycompany.com
Virtual: 10.1.216.250 cassrv3.mycompany.com
Then I add the certificate of CAM in the CAS on the tab "Trusted Certificate Authorities" and vice versa.
The communication between all the CAM´s and CAS´s is correct (Primary, Secondary and Virtual). I can ping the IP and the FQDN and I can also manage the CAS through the CAM.
I verify that the time was right in the CAM and the CAS and all good up there.
Appreciate your help
Eduardo Navas
Eduardo,
Bump up the CAS/CAS communications logging on both the CAS and CAMs, and then look in the log files for clues.
On CAM they live in /perfigo/control/tomcat/logs and on CAS in /perfigo/access/tomcat/logs
HTH,
Faisal
If you find this post helpful, please rate so others can find the answer easily
Similar Messages
-
Clean Access Server could not establish a secure connection
I have a OOB Real IP GW setup on v4.1.2
I seem to have a problem with the CAS connecting to the CAM although I have added the CAS to the CAM and can manage the CAS from the CAM.
I noticed while troubleshooting client authentication that the client was not being redirected to the logon web page and it had full access to the trusted network from the untrusted authentication vlan. I eventually figured out that if I change the CAS Filter Fallback method from Allow to ignore then it tries to authenticate the client. However the fact that the fallback is activated tells you that something is not right.
I have 2 problems:
A) The clients web page is redirected for authentication but it only lists the domain name in the URL and not the hostname or host IP. In the lab I do not have a DNS server and it would not help as it does not include the hostname in the URL anyway. How do I fix this or perhaps it's related to the 2nd problem.
B) When I manually change the URL by replacing the domain name with the IP of the CAS (untrusted OOB Real IP GW) then I get the following error message when logging on:
Network Error:
Clean Access Server could not establish a secure connection to Clean Access Manager at mydomain.com.
This could be due to one or more of the following reasons: 1) Clean Access Manager certificate has expired 2) Clean Access Manager certificate cannot be trusted or 3) Clean Access Manager cannot be reached.
Please report this to your network administrator.
I would guess the culprit is No 2 but surely the system can run on self signed certificates? I have an NTP server so time is in sync. I have even tried regenerating the cetificates on the CAM
& CAS.
Any ideas?To overcome problem B, I regenerated the SSL Certificates using the host IP address instead of the name for all the CAM & CAS appliances. This seems to have resolved this problem.
I also SSH'd from each of the CAS's to each of the CAM's from the CLI and it then prompts to permanently store the certificates. I'm not sure it this was necessary though. -
Hello Apple Experts!!
I Am Surendra and very new to this forum.. I just came across a problem with my Iphone while connecting to my company WIFI.. we are using Web authentication.. meaning..
The user will try to connect to the wireless network, the client will get the IP address and they are forced to open up the browser to provide the USERNAME and the PASSWORD on the webpage, once they pass the auth they will be able to access to the internet.
The WEB PAGE that asks for the USERNAME and the PASSWORD is HTTPS and for some reason that page is not at all opening and i am getting the below error.. If i disable HTTPS on the cisco Device the IPHONE works great..
Cannot open page Safari cannot open the page because it could not establish a secure connection to the server
This is happening only on the OS 5 and on the OS 4 everything works just great!!
I have a feeling that this has to do something to do with HTTPS / SSL connection with the IPHONE SAFARI or OS 5
Am connecting to Cisco Wireless LAN COntroller and the access point acting as the WIFI devices..
Any help on the same will be much appreciated!!
Regards
SurendraI'm having a similar issue. Connecting on my iPad FROM ANYWHERE to my work's domain results in the message by the OP.
I checked the ciphers enabled by their page, and this was returned:
High Strength Ciphers (>= 112-bit key)
SSLv3
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
TLSv1
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
n/a Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
n/a Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
n/a Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
n/a Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
This appeared to be a more than sufficient cipher list, yet my iPad won't load any page. I highly doubt it's a problem with SSL2 not being enabled because SSL2 has been deprecated for awhile now.
Any ideas? -
I am trying to connect to a public wifi network. My iPad connects marvoulesly. My iPhone not so much. I have an iPhone 4 and everytime I go to connect, it goes to a pop up page where I'm supposed to click a link to adhere to their TOS. When I get the pop up page I get "Hotspot login cannot open the page because it could not establish a secure connection to the server"
I've reset the network settings and nothing changed. Same error message. Any tips or tricks to fix this? I'm laid up on bed rest in the hospital and would really rather that I not use all my data minutes...
Thanks!Updated to iOS6 on an iPhone 4 this morning, and now when I attempt to connect to my work wireless, it connects for a moment then attempts to popup some login page (I sometimes get the hotspot login error you've mentioned) and because the page doesn't exist I can't get connected to the wireless netowrk.
What the heck have apple broken in this update?
Why when joining a normal wireless network is my phone even going near a Login page? What is this and how do I disable it?
Oh, and I'm posting here because your suggestions of disabling the Wi-Fi and Cellular data netowkrs doesn't solve the problem.
[Edit: seems while typing this leaving the cellular data disabled, it's now letting my join wireless - seems to be some timeout on it fixing the issue - I'd still like to know what this login page is it's attempting to locate is for.]
-A -
Hi all,
I've been trying to update my Jailbroken iPhone 4 to ios6 but, unfortunately, I keep getting the "could not establish a secure connection to the device" when connecting it to iTunes. I've tried updating "over the air" but this flags up an error too. Finally, I can't restore to a previous backup because, the backups I previously had, were stored on my old (broken) computer.
CAn anyone help? Any suggestions would be greatly appreciated!
Thanks,
Rakesh.You jailbroke your phone.
Only google may help now.
You'll find no help here.
If Haiku you don't like,
Then to Google you should hike,
You jailbroke your phone,
Now on these forums you are alone,
'Tis a day of no cheer,
For we cannot help here.
In non-poem; You jailbroke your phone, which is not support by Apple, meaning updates will not work on it as they would if you were running official software.
As per the ToC for the device, and for these Discussion Boards (both you agreed too), you will not get support either from the discussion board, or from Apple directly.
Your best bet is to Google for help and learn a valuable lesson; Jailbreaking can definitely brick your phone. -
TS1424 itunes could connect to this iphone could not establish a secure connection to this device
itunes could not connect to this iphone could not establish a secure connection to this device
Same problem with my iPhone 4S on iMac and MacBook Pro with OSX Mountain Lion
iPod work fine...
USB is connectet directly to computer not HUB.
Battery is on 88%
No updates available on App Store...
God back Steve for few more years please -
But the way, im using ipad with ios 5.1.1
No I can't open that site with Safari, but with Puffin Web Browser on my iPad I can open that site!
http://itunes.apple.com/app/puffin-web-browser/id406239138?alreadyRedirected=1&m t=8 -
When attempting to log in to the web site the following message is received. This web site works
on other systems using Firefox.
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Additionally, a 401 Authorization Required error was encountered while trying to use an ErrorDocument to handle the request.
== URL of affected sites ==
http://www.mdyc.org/members_onlyYou may have saved a bad password so Firefox is entering that rather than giving you the option to try again. Go to Tools > Options > Security > Saved Passwords and delete the saved passwords for that site and then try logging in again.
-
i have updated my ios 5 to 6 but when the updating aur dowloading has comleted and i turned on the phone it showed a sign to connect to the itunes and then i connecte to itunes but i.tunes showed error that the server could not be contacted....now what i can do to resolve the problem????
has your phone been jailbroken?
-
trying to update my iphone but it ends up giving me an error saying , the server could not be contacted or is unavailabe ????
Restore the iPhone when connected to iTunes by cable.
Still the same TS1275?
Is your iPhone jailbroken?
Or
Has your computer ever been used to jailbrake or downgrade (Tinyumbrella) any iPhone? -
Hi,
I am getting error while enabling the WCF-Custom receive location:
MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system
I found solution over internet for regarding the above issue which was suggested that NETWORK SERVICE is not having required permission. Used subinacl with the following command (on Command prompt with elevated mode)
subinacl /service msdtc /grant="Network Service"=QSETIL
But the same resulted in error: Last Failed: msdtc - OpenService Error : 5 Access is denied.
Getting nowhere regarding this now. Please helpHi Harkirat,
Have you tried
these steps to Enable Network Access Securely for MS DTC?
If this answers your question please mark as answer. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply. -
Hi
Had to un-install and then re-install MS SQL Server 2012 with SSRS.
After we re-installed we are able to get to the Web Services page but not the Report Server page and get the above error message. We need to use SSL and when we bind the cert in RS Configuration Manager it says it does this successfully on the WebServices
tab. We also do a similar exercise on the ReportServer page.
Any help warmly welcomed :D
ThanksHi Rich Whight,
According to your description, after you re-installed SQL Server 2012 with SSRS, you are able to access Web Service URL, but when you tried to access Report Manager URL, the error occurred: The underlying connection was closed. Could not establish trust
relationship for the SSL/TLS Secure channel.
The issue may be caused when the certificate isn't installed correctly in the trusted root for the local computer. To verify and install the certificate, Please refer to the steps blow:
In RsReportServer.config file(default location: C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer), change the “SecureConnectionLevel” element value from 0 to 3.
Add correct value to <UrlRoot> element.
Add the same value to the <ReportServerUrl> element as step2.
Go to Microsoft management Console, add the certificate which you use to access the report server under “Trusted Root Certification Authorities”.
For more information about SSL configuration and Managing Trusted Root Certificates, please refer to the following documents:
http://blogs.msdn.com/b/mariae/archive/2007/12/12/ssl-configuration-and-reporting-services.aspx
http://technet.microsoft.com/en-us/library/cc754841.aspx
If you have any more questions, please feel free to ask.
Best Regards,
Wendy Fu -
Get error message that server could not be found when sending email thru iPhoto
I have established a icloud/mobile me account. Trying to use iphoto to send photos with emails and always get error message that server coule not be found.
(1) Download the Windows Installer CleanUp utility installer file (msicuu2.exe) from the following Major Geeks page (use one of the links under the "DOWNLOAD LOCATIONS" thingy on the Major Geeks page):
http://majorgeeks.com/download.php?det=4459
(2) Doubleclick the msicuu2.exe file and follow the prompts to install the Windows Installer CleanUp utility. (If you're on a Windows Vista or Windows 7 system and you get a Code 800A0046 error message when doubleclicking the msicuu2.exe file, try instead right-clicking on the msicuu2.exe file and selecting "Run as administrator".)
(3) In your Start menu click All Programs and then click Windows Install Clean Up. The Windows Installer CleanUp utility window appears, listing software that is currently installed on your computer.
(4) In the list of programs that appears in CleanUp, select any iTunes entries and click "Remove", as per the following screenshot:
(5) Quit out of CleanUp, restart the PC and try another iTunes install. Does it go through properly this time? -
"Error Dialog: The server could not be contacted " when deploying web srvc
I have the J2EE 1.4 and Application Server 8 Q1 installed under windows. I have used all of the defaults on the install. The admin port is 4848. I want to install a web service on the http listener at 3345 (8080 was used and 3345 was substituted at installation time). I am getting the error from the deploytool when deploying the example web service "Hello". I am sure that the server is running and that the userid and password are the correct (I can log into the admin console with them). I've seen this error in other posts, but no solution. Does anyone have a solution to this???
Thanks in advance : )yep, i get d same error on that, in fact, port 8000 is d default web service port, if i deploy the application via invalid port (eg. 4848 or 1234), i will get an error, say "cannot obtain a connected depolyment manager". but if i deploy that via 8000 (or 9191, it is also avaliable, casue i can connect to http://localhost:9191/ as default j2ee home page as well), i will get the error " the server could not be contected", and i m definitely sure that i can connect to console via 8000 and j2ee server is running by typing "j2ee -verbose" in command line.
-
I am having a problem accessing Bupers Online on OS X Mountain Lion. I get an error that says Safari cant establish a secure connection with Bupers Online. Does anyone have any tips to access Bupers?
I don't use CAC certificates, but since updating to 10.9.3, I too am getting the same error, BUT only with some HTTPS sites (e.g., https://webmail.pairlite.com), not all. Meanwhile, Firefox (was 12.0, now 29.0.1) connects with no issue.
I too have verified date/time is set automatically, checked for (and fixed) disk integrity errors and permissions, and rebooted, all to no avail.
Update:
Well...heck. Tried accessing the problematic site via the Guest account, and that WORKED. So...back to the drawing board.
Maybe you are looking for
-
Issue with Temp tables in SSIS 2012 with RetainSameConnection=true
Hello, We have few packages written in 2008 and are being upgraded to 2012. Our package mostly uses temp tables during the process. During initial migration, we faced issue with handling temp table in the OLE Db destination provider and found a solu
-
Failed to convert Catalog (PS Album 2.0 to PSE 7.0)
When attempting to convert My Catalog from Photoshop Album 2 to PSE 7, the following prompt is reported "The conversion operation failed. try repairing the catalog with the software that created it and retry conversion" I have attempted to repair/uni
-
Movies converted from MKV via Handbrake which are played with itunes are missing 2nd line of subtitles therefore apple tv 2 misses these also. Funny is that Quicktime and Ipad 2 handles subtitles correctly on the same moviefile. (please note that the
-
OID connector - Prepopulate organization
Hi, We have OIM 11.1.1.5 and OID 9.0.4.12 connector installed. I am trying to prepopulate the organization from OIM user profile to the Container DN field in OID process form. I have done the mappings for the prepopulate adapter in Form Designer. But
-
How to restore factory settings iphone 4
how to restore factory settings iphone 4