cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
673
Views
10
Helpful
3
Replies

NAC Manager and Server communication issue

kschuerman
Level 1
Level 1

I have a Clean Access 4.1.8 RealIP Gateway deployment. I recently went through a domain name change and applied new SSL certificates and now I am having severe communication issues.

When I click the manage button for the CAS I often get an error: "Could not connect to the Clean Access Server. This could be due to your network, ssl/authorization or shared secret settings."

Other times when it brings up the CAS management pages I click the DHCP link and get: "DHCP server not started. Invalid DHCP or network settings."

When it works I can navigate around the management pages a little, attempt to make a change and then I get a message that the server is not connected.

There is a FWSM and PIX515E between the manager and the server, but until the rename I didn't have any communication issues and the FW configs in regards to those devices haven't changed.

Any thoughts? Thanks.

3 Replies 3

srue
Level 7
Level 7

sounds like broken SSL certs caused by the name changes. The NAC appliances are very sensitive to these things. I found it best when I have to issue new certs on either the CAM or CAS to break the connection between the two and then importing any certs or root certs, and then re-establish the connection between them.

otherwise you're asking for trouble.

I just broke the connection and attempted to reapply the SSL certificates. The manager completed successfully, but the server responded with "unable to connect to manager.HTTP/1.1 409 reconnect.jsp:no clean access server with 00_18_71_E3_E1_AE_00_18_71_E3_E1_AF"

kschuerman
Level 1
Level 1

This ended up being a conflict between the dhcpd.conf and the dchp.leases files. Removing those two files resolved the issue.

Strange, but true.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: