Dear Sir ,
I used NAC 4.7.1 and config AD SSO with Windows 2k Server . ( LDAP auth is OK)
The service of SSO is running on CAS , but TCP/8910 port can't be listen .
How should I do open TCP/8910 port and how to fix it ?
That should be available when the SSO service is started. Is the SSO service running?
Have you bounced the perfigo service, or the server itself?
If SSO service is running, then the next thing you have to look at (if it's failing at the agent) is the ports that are open in the unauthenticated role.
Can you post a listing of those?
Can you also post the output of the following command from your CAS: nslookup
- One of your DC's being returned when we do a nslookup is a 169.254 address. This means that one of your DCs has DHCP enabled on one of it's interfaces and that is also being registered in your AD as a DC. This will cause problems for you, so best to have your AD cleaned up
- You posted the netstat output. I was looking for the unauthenticated role policies. To get those, go to the CAM gui, and click on User Roles, Traffic policies, choose unauthenticated role and hit select. The resulting page is what I wanted to see.
Please open traffic to ALL your DCs, and not just one, and try again.
If that doesn't work, try opening ALL IP in the unauthenticated role (just for testing) and see if AD SSO succeeds.
thanks for your attention,
We had two problems, first of all our AD Domain was with incorrect number IP add, there were more IP address that is necessary and first we made a clean-up there, second thing was that I saw that machines that couldn't make AD SSO because the kerbero ticket does not appear on machine, I used a Kerbtray program to do this, and i could figure out that there were some UDP ports that does not open.
After this everything works fine.
thanks a lot