clean access agent malfunction

Unanswered Question
Feb 27th, 2008
User Badges:


I'm currently deploying a L2 OOB Virtual Gateway demo for a client. Trouble is, the agent won't prompt for user credentials. Double-clicking on its icon will only show that it has already started. There doesn't seem to be any logs from the CAM regarding this. I've gone through the manuals and every other references, I still don't know what I'm missing. Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gojericho0 Thu, 02/28/2008 - 05:17
User Badges:
  • Bronze, 100 points or more

Can you list the procedure you have done step by step?

Have you created a local authentication server on the CAM? User Management -> Auth Server


faizshazwan Tue, 03/04/2008 - 23:21
User Badges:


I have in fact created the local authentication server on the CAM. It is currently set to Local DB.

As for the procedure used; I've been referring to the reference book from Cisco Press, which also can be accessed online:

I've followed the instructions contained in Chapter 10 to the letter, with the the only difference being the IP addressing.

I'm thinking that I must be missing some step that is needed so that the CCA Agent will refer back to the NAS for the user authentication parameters.

Thanks for taking an interest in my case! Looking forward to resolving this.

gojericho0 Wed, 03/05/2008 - 08:32
User Badges:
  • Bronze, 100 points or more


On your Cisco Clean Access Agent, right click and select properties. Do you have your CAM IP or CAM service IP if in HA as your Discovery Address?

faizshazwan Wed, 03/12/2008 - 01:39
User Badges:


it looks like the Discovery Host column in the CCA Agent properties page doesn't state any IP addresses. What step did I miss?

Even after I manually enter the IP address of the NAS, it is still not popping-up to enquire the authentication of the network user.

gojericho0 Thu, 03/13/2008 - 06:58
User Badges:
  • Bronze, 100 points or more

Ok, thought of a couple of more things. Since you are layer 2 and the CAS is inline with the default gateway a the discovery entry should not be needed.

If you right click on the agent is there a pop-up login or login option that you can select? These may not have been enabled during your install.

Here is a link for MSI instructions. This is what I used during our deployment. We did the auto-login option which will automatically prompt for credentials or use pass through credentials if using AD.


This Discussion