Cannot access CAS page (cas management IP), IP add for web agent displays HTTP 400 Bad Request

Unanswered Question
Nov 23rd, 2009
User Badges:

Hi All,


     Can you help me on this?  Web Agent is needed to download the CCA isn't it?  I cannot access my CAS Web Agent through my CAS's management IP.  The webpage cannot be found displays on the screen and shows HTTP 400 Bad Request error.

     All user roles' traffic are enabled.  Please help.


Regards,


Dan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Faisal Sehbai Mon, 11/23/2009 - 20:21
User Badges:
  • Gold, 750 points or more

Dan,


Web agent isn't needed for downloading the CCA Agent.


Give more details about your setup.


L2 adjacent or L3 hops away?

Virtual Gateway or Real-IP?

OOB or IB?

Any SSO configured?


Faisal

rc.castillo Mon, 11/23/2009 - 21:09
User Badges:

My network is L2 adjacent, operating in Virtual Gateway, OOB mode, running on ADSSO on multiple servers.

I already accessed CAS page, I configured ports on unauthenticated role.  My problem still is in the ADSSO on multiple servers.  When the CCA shows that it is performing Windows automatic login, the CCA then pops up with the windows that asks for username and password and authentication provider.  Than when I use my local account, my Login Fails and detail shows: Clean Access Server internal error: 400


Faisal, I need your help badly...


Dan

Faisal Sehbai Mon, 11/23/2009 - 21:11
User Badges:
  • Gold, 750 points or more

Dan,


Please post a list of the ports you have open in your unauthenticated/temporary roles. Are they open to all your DC's?


Secondly, please confirm that you have defined at least one login page for your users.


Thanks,

Faisal

rc.castillo Mon, 11/23/2009 - 21:34
User Badges:

Here is the list of ports


TCP - 88,135,139,389,636,1025,1026


UDP - 88,123,137,389,636


I removed the all trafic on unauthorized role.  I don't use any login pages yet.  My problem is still with the SSO, but when I enter a local account on the CCA, i can log successfuly.  It happened when I removed the All trafic on the unauthenticated role.


Dan

Faisal Sehbai Mon, 11/23/2009 - 21:37
User Badges:
  • Gold, 750 points or more

Dan,


Define at least one login page on your CAS. Even the default is fine, but you need at least one login page!


As for your list of ports, they look fine, but add IP FRAGMENTS and ICMP to all your DCs in the list.


Give that a shot and let me know how it flies.


Faisal

Faisal Sehbai Mon, 11/23/2009 - 21:38
User Badges:
  • Gold, 750 points or more

Dan,


Also add TCP 445 in the list. All these ports should be open to ALL your DCs!


Faisal

rc.castillo Mon, 11/23/2009 - 22:09
User Badges:

I added all icmp, ip fragments and port 445.  still the SSO doesn't work.. Also, the kerbtray doesn't show the needed kerb tickets


Dan

Actions

This Discussion