Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1244
Views
0
Helpful
6
Replies

Slow logon windows xp with 802.1x enable

bongkiekong
Level 1
Level 1

‎11-25-2007 05:21 AM - edited ‎03-10-2019 03:32 PM

Hi all,

We deployed NAC solution (802.1x) with CS ACS 4.1 and Cisco Trust Agent 2.1 with bundled supplicant.

we got problem (slow respons) while try to login on windows xp (it takes around 4 minute). however the authentication has succesfull and we got the posture message from ACS.

Please help..

Attached log from CTA

regards,

bongkie

Labels:
Preview file
12 KB
0 Helpful
6 Replies 6

Richard Atkin
Level 4
Level 4

‎11-26-2007 09:31 AM

Initial suggestion is to do a port-sniff and see what's causing the hold-up. Not particularly experienced with NAC, but certainly 802.1x on Windows can be a bit hit or miss, most of the time it's fine, but sometimes clients just wait an age before sending credentials off.

Sniff the port and see what's taking so long...

Regards,

Richard.

0 Helpful

bongkiekong
Level 1
Level 1
In response to Richard Atkin

‎11-27-2007 05:35 AM

Hi Richard,

Thanks for your respons.

the slow logon issue has been solved with deployed customize CTA package with reduce retry authentication settings from 4 (default value) to smaller value.

I have new problem with validation to external posture server using LanDesk 8.7.

Followed all documentation from Cisco and Landesk did not solved this issue.

attached log from Radius Server.

please advice

regards,

Dony

Preview file
12 KB
0 Helpful

Richard Atkin
Level 4
Level 4
In response to bongkiekong

‎11-27-2007 06:19 AM

I'd have a stab and say your LandeskPVS Policy is what's causing RADIUS to say no, but it's down to you to take a look at the rule-set and see what's what.

Failing that, create some obscenely simple policies, and get them working first. Once something very simple works, start to build on it bit-by-bit, continuously testing & fixing as required.

Sorry I can't help more...

Richard.

0 Helpful

mugurelgherghe
Level 1
Level 1
In response to Richard Atkin

‎11-27-2007 07:20 AM

Hi,

I solve this. You must create group on AD and add to this group both the user and machine.

It works for me. It should take less than 20 sec.

Mugur

0 Helpful

bongkiekong
Level 1
Level 1
In response to mugurelgherghe

‎11-27-2007 07:47 PM

Hi Mugur,

We did not use AD as user authentication, but using Cisco ACS internal database. The users working environtment is workgroup.

any suggestion ?

thanks

Dony

0 Helpful

bongkiekong
Level 1
Level 1
In response to Richard Atkin

‎11-27-2007 07:54 PM

Richard,

All rules from internal policy (ACS internal posture) always worked for me, but if I pointing to the external posture server, Radius reject the request or failed in authentication. I'm still looking if my ACS or there is wrong configuration at my LanDesk Server. Btw thanks for the advice.

regards,

bongkie

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents