11-24-2009 12:30 AM - edited 02-21-2020 03:48 AM
Hi,
I am running a NAC 4.5 platform on a network with 2 AD servers. I have followed all the needed configuration and troubleshooting based on cisco documents, but ADSSO still doesn't work. What am I possibly missing? Time is synchronized running on a ntp server, have a valid ktpass, correct kerberos ticket shows on the kerbtray. Still when my test pc logs on to the network, it is not performing SSO but asks for a local user account through the CCA. Please help. Thanks
Regards,
Dan
11-26-2009 12:13 PM
Dan,
Please post your unauthenticated traffic policies.
Faisal
11-29-2009 09:08 AM
Make sure that it is not Windows Server 2008 64Bit (not supported) also Windows Server 2008 32 or 64 bit require a patch.
If you login into the CAS with the /admin and turn the logging up to 'Trace' on 'Active Directory Communication Logging". Look for an error:
Unable to start server ... Client not found in Kerberos database (6)
This means you need to install Hotfix KB951191
Also: if you run the ktpass on the same user multiple times, you will have issues as well (per TAC) you will need to create a new user and use that one.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide