NAC Manager and Server communication issue

kschuerman · ‎05-27-2009

I have a Clean Access 4.1.8 RealIP Gateway deployment. I recently went through a domain name change and applied new SSL certificates and now I am having severe communication issues.

When I click the manage button for the CAS I often get an error: "Could not connect to the Clean Access Server. This could be due to your network, ssl/authorization or shared secret settings."

Other times when it brings up the CAS management pages I click the DHCP link and get: "DHCP server not started. Invalid DHCP or network settings."

When it works I can navigate around the management pages a little, attempt to make a change and then I get a message that the server is not connected.

There is a FWSM and PIX515E between the manager and the server, but until the rename I didn't have any communication issues and the FW configs in regards to those devices haven't changed.

Any thoughts? Thanks.

srue · ‎05-27-2009

sounds like broken SSL certs caused by the name changes. The NAC appliances are very sensitive to these things. I found it best when I have to issue new certs on either the CAM or CAS to break the connection between the two and then importing any certs or root certs, and then re-establish the connection between them.

otherwise you're asking for trouble.

kschuerman · ‎05-27-2009

I just broke the connection and attempted to reapply the SSL certificates. The manager completed successfully, but the server responded with "unable to connect to manager.HTTP/1.1 409 reconnect.jsp:no clean access server with 00_18_71_E3_E1_AE_00_18_71_E3_E1_AF"

kschuerman · ‎05-27-2009

This ended up being a conflict between the dhcpd.conf and the dchp.leases files. Removing those two files resolved the issue.

Strange, but true.