Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Cannot restart AD SSO service after NAC server ip change and reboot

Hi all,

       My NAC server was configured with AD SSO and was working till, we decide to change the untrusted interface ip address. When we eventually change the ip address to the orginal and restart the AD SSO service the SSO service refused to start saying that SSO could not start because there is a configuration error. Anyone have any experience on this??

3 REPLIES
New Member

Re: Cannot restart AD SSO service after NAC server ip change and

Have you checked to make sure DNS Host record reflects the server's new IP address?

Cisco Employee

Re: Cannot restart AD SSO service after NAC server ip change and

Hey Adrian,

You may want to look at the logs to see why it is giving an error when you try to start it.  Normally it's something easy like time skew.  Changing the untrusted IP shouldn't cause any problems with the SSO service.

On 4.1.x check /perfigo/logs/perfigo-redirect.log0.log.0

On 4.5.x and later check /perfigo/access/tomcat/logs/nac_server.log

Thanks,

Nevin

New Member

Re: Cannot restart AD SSO service after NAC server ip change and

This is the error we are seeing.. sorry need to mask out the domain names and account. Any idea?

- GSSServer - SPN : [xxx]
2010-04-10 21:22:20.708 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - building kdc list for domain xxx
2010-04-10 21:22:20.708 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - done building kdc list for domain xxx
2010-04-10 21:22:20.708 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - KDC(s) :[xxx]
2010-04-10 21:22:20.708 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - writeKrbFile: writing to file ../conf/krb.txt
2010-04-10 21:22:20.709 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - writeKrbFile: wrote to file ../conf/krb.txt
2010-04-10 21:22:20.709 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - creating login context ...
2010-04-10 21:22:20.709 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - created login context ...javax.security.auth.login.LoginContext@4ed2d2
2010-04-10 21:22:20.724 +0800 ERROR com.perfigo.wlan.jmx.adsso.GSSServer               - Unable to start server ... Integrity check on decrypted field failed (31)
2010-04-10 21:22:24.574 +0800 WARN  com.perfigo.wlan.jmx.adsso.GSSServer               - Server was not running ...
2010-04-10 21:22:25.824 +0800 WARN  com.perfigo.wlan.jmx.adsso.GSSServer               - Server was not running ...

613
Views
0
Helpful
3
Replies
CreatePlease to create content