NAC: The page you requested cannot be displayed when triying to login

Unanswered Question
May 11th, 2008

Hello,

I'm installing a NAC 4.1.3 L3 inband Real IP intended for guest users. It consists of 2xCAM + 2xCAS in high availability each.

I completed all installation steps, including static routes, login page setup, and a guest user account for test purposes.

Then I setup my laptop like a guest in a managed subnet and I try to access external pages with my browser via CAS. At this point i get the following problem:

First I get the typical redirection message from CAS coming up in my browser: “You will be automatically redirected. If this doesn't occur within xx seconds, please click here”. A few seconds later, the legend “ The page you requested cannot be displayed “ comes up.

I tried configuring the guest user account in different ways, but I guess this symptom is triggered before starting the user account validation. Could be something related with digital certificates?

I would be very grateful to anyone giving me any clue about this behaviour.

Kind regards.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
r-frank Mon, 06/23/2008 - 22:51

Hello Albert,

I had a similar problem. I evetually found my issue was caused by the following:

My self signed cert was created using my CAS computername and the PC trying to get through it could not resolve the name and therefore the URL.

to see if this is happening look at the URL you are being redirected to and see if it contains the name.

if it does change the URL to have the IP address of the CAS and then you should be fine.

Long term, you want to enable DNS and WINS to be allowed through for unauthenticated users so they can resolve names of the CAS's involved.

Hope this helps.

Cheers

Rick

albert_coll Tue, 06/24/2008 - 22:30

Rick,

Thank you for your reply.

In fact, I discovered that my problem was related to an incorrect certificate generation:

I had two CAS servers in high availability mode. The installation process indicates to generate a certificate in the primary CAS and then, to export it to the secondary CAS.

This is what i did. But even tough the import process in the secondary CAS seemed to complete successfully, in the Administration --> SSL Certificates, the button “verify and install uploaded Certificates” returned the error:

Unable to establish certificate chains. Please upload the correct Root/Intermediate CA.

I discovered that the origin of this problem was that my CAS servers had their respective systems clocks very misadjusted, because I did not have a time server in my test lab.

The workaround to generate and import the certificate successfully from the primary CAS to the secondary was to adjust the system clocks of all servers manually with a difference of less that 5 minutes, as stated several times in the CAS documentation.

Another workaround would have been to get a time server available. It can be easily obtained during the installation process with the command "ntp master" in any router if its IOS version supports it.

Actions

This Discussion