Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC using WSUS server

Hi,

Does anyone know how to use WSUS Server in NAC Appliance. I can able to authenticate in the network with the clean access agent. But everytime I used the WSUS requirement it pass through from normal login role to temporarily role for remediation. Im using a WSUS server. So it will lookup to WSUS requirement but the problem I cannot able to remediate using it, I got error message. Do I need to allow some ports in the network to make it work? What ports do I have to open? Please see attachment. Thanks.

Regards,

Richard

1 ACCEPTED SOLUTION

Accepted Solutions

Re: NAC using WSUS server

Richard,

When you use WSUS with NAC, all the NAC agent does is to tell the Windows Update agent to go update itself. Now it depends on the WSUS setting on the client where it will go to check for updates. If you have it configured for MS servers, it will go talk to them. If you have your clients configured for internal WSUS server, it will check in with them.

Here are details on how to set the registry keys for both scenarios (AD and non-AD)

Non-AD: http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx

AD: http://technet.microsoft.com/en-us/library/cc720539%28WS.10%29.aspx

HTH,

Faisal

5 REPLIES
New Member

Re: NAC using WSUS server

Are you doing it against the Microsoft servers or an internal server?  If Microsoft, you'll want to allow access to the normal update servers.

The WSUS log is stored under %windir&/WindowsUpdate.log, so you can check that to see what errors WSUS itself is reporting.

New Member

Re: NAC using WSUS server

Hi Lauren,

What do you mean by against the microsoft server? I have setup a microsoft server which I made it as a DC,DNS,DHCP and WSUS Server. I want my client users to authenticate to microsoft server as well as getting updates to the WSUS server. I dont know if my nac sever is communicating to the WSUS server for getting updates, it shows an error message to nac agent. Do you know how can I able to make my WSUS server and nac to work? Thanks a lot for the reply.

Richard

Re: NAC using WSUS server

Richard,

When you use WSUS with NAC, all the NAC agent does is to tell the Windows Update agent to go update itself. Now it depends on the WSUS setting on the client where it will go to check for updates. If you have it configured for MS servers, it will go talk to them. If you have your clients configured for internal WSUS server, it will check in with them.

Here are details on how to set the registry keys for both scenarios (AD and non-AD)

Non-AD: http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx

AD: http://technet.microsoft.com/en-us/library/cc720539%28WS.10%29.aspx

HTH,

Faisal

New Member

Re: NAC using WSUS server and AV

Thanks Faisal, that really helps me to configure my WSUS server properly. Now the client workstation gets updates from the WSUS server.

One more question dude how about the anti-virus, currently I have setup an McAfee server. How will the client gets update to the AV server through NAC. What I saw from the manual of the nac there is no function of pointing  the AV rule to the AV server to gets update. Or just need to setup the requirement for the AV in the nac and the AV itself will be the one to  map to the AV server.. Please let me know about the function of it. Thanks.

Richard

Re: NAC using WSUS server and AV

Richard,

This again is the function of the AV program. The program has to know where to get its updates from. If it's a managed program then you can more than likely make it point to an internal AV server first, and then hit the internet.

Checking out the Mcafee documentation to see if they support such a thing would be a good place to start.

HTH,

Faisal

942
Views
0
Helpful
5
Replies
CreatePlease to create content