×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco NAC Agent Posture Assessment is Looping

Unanswered Question
Feb 11th, 2014
User Badges:

Hello,


We have a Cisco Clean Access Standard Manager running version 4.9.1 with the Windows NAC Agent version 4.9.1.6 running on the server for posture assessment of our clients connecting via SSL AnyConnect VPN. The CAS is running in an in-band Layer 2 Virtual Gateway deployment. After a user connects to the VPN and attempts to browse to a network resource via a web browser they are redirected (as expected) to the CAS server to download and install the NAC Agent. Once the NAC agent is installed it attempts to begin the posture assessment. The assessment window sits for a few seconds, closes and then starts the assessment again. This cycle continues in an endless loop. Does anyone know what could be causing this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Javier Portuguez Tue, 02/11/2014 - 12:21
User Badges:
  • Red, 2250 points or more

Darrell, what about the NAC agent and the CAM logs?


Have you checked that information?

Darrell Lawson Jr Tue, 02/11/2014 - 12:47
User Badges:

I checked the logs from the NAC agent. It's generating the following logs over and over:



02/11/2014 14:12:52 NETLOGON (ID=0x0c8a): This computer could not authenticate with \\server.domain.com, a Windows domain controller  for domain DOMAIN-DOM, and therefore this computer might deny logon requests.  This inability to authenticate might be caused by another computer on the  same network using the same name or the password for this computer account  is not recognized. If this message appears again, contact your system  administrator.


02/11/2014 14:12:37 Microsoft-Windows-GroupPolicy (ID=0x0469): The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.


02/11/2014 14:12:04 Microsoft-Windows-GroupPolicy (ID=0x05dd): The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy.


Looks like it is unable to authenticate to my domain controller although there is a "success" log right before the errors.

Actions

This Discussion