NAC Manager and Server communication issue

Unanswered Question
May 27th, 2009
User Badges:

I have a Clean Access 4.1.8 RealIP Gateway deployment. I recently went through a domain name change and applied new SSL certificates and now I am having severe communication issues.

When I click the manage button for the CAS I often get an error: "Could not connect to the Clean Access Server. This could be due to your network, ssl/authorization or shared secret settings."

Other times when it brings up the CAS management pages I click the DHCP link and get: "DHCP server not started. Invalid DHCP or network settings."

When it works I can navigate around the management pages a little, attempt to make a change and then I get a message that the server is not connected.

There is a FWSM and PIX515E between the manager and the server, but until the rename I didn't have any communication issues and the FW configs in regards to those devices haven't changed.

Any thoughts? Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
srue Wed, 05/27/2009 - 08:23
User Badges:
  • Blue, 1500 points or more

sounds like broken SSL certs caused by the name changes. The NAC appliances are very sensitive to these things. I found it best when I have to issue new certs on either the CAM or CAS to break the connection between the two and then importing any certs or root certs, and then re-establish the connection between them.

otherwise you're asking for trouble.

kschuerman Wed, 05/27/2009 - 08:32
User Badges:

I just broke the connection and attempted to reapply the SSL certificates. The manager completed successfully, but the server responded with "unable to connect to manager.HTTP/1.1 409 reconnect.jsp:no clean access server with 00_18_71_E3_E1_AE_00_18_71_E3_E1_AF"

kschuerman Wed, 05/27/2009 - 12:43
User Badges:

This ended up being a conflict between the dhcpd.conf and the dchp.leases files. Removing those two files resolved the issue.

Strange, but true.


This Discussion