Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Clean Access V4 Single Sign On

Has anybody upgraded to Cisco Clean Access version 4.0 and managed to implement AD SSO.

I have configured as per the documentation. However when I try to enable Agent based Windows SSO with AD Kerberos, I receive an error could not start the sso service.

The KTPass command ran successfully on the AD Server.

An Authentication Server Type of AD SSO has been configured on the CAM.



Community Member

Re: Clean Access V4 Single Sign On

Hi Ian,

Make sure that the time on the CCA Server and the domain controller where you ran ktpass are within 20 seconds on time.

If they skew much more than that kerberos doesn't like it.

Community Member

Re: Clean Access V4 Single Sign On

I have run into a problem getting the SSO service to start. In researching the problem I found this link which looks very suspicious as to the nature of the problem. I am actively working with Cisco to narrow down the problem.

Re: Clean Access V4 Single Sign On

In my experience of AD SSO joshgrant was spot on: if the CAM and DC get out of sync the SSO fails. Best to try to sync them off same time source.

CreatePlease to create content