topic Re: NAC Agent Issue in Network Security

NAC Agent Issue

Terry — Fri, 21 Feb 2020 12:02:11 GMT

I have implemented Cisco NAC for remote VPN users. As part of this they go through 3 checks:

1. Antivirus installation check

2. Antivirus definition check

3. File check

I have configured the definition check to remediate via internal update servers if 30 days or more out of date.

The issue I'm seeing is that the end user recieves the following Cisco Agent error during the remediation process (while in the temporary role):

"The remediation you are attempting is reporting an access denied error. This is usually due to a privilege issue. Please contact your system administrator."

The definition update happens in the background though (I have allowed the required access through the NAC server) and once complete places the user in the correct role. Therefore It's no so much an issue, just a misleading message displayed to the user.

Has anyone seen this before or know where this is configure?

Kind Regards

Terry

Re: NAC Agent Issue

Faisal Sehbai — Mon, 26 Jul 2010 14:29:57 GMT

Terry,

What AV and what version of that AV are you running? Your users are admins on their machines?

Faisal

Re: NAC Agent Issue

Terry — Mon, 26 Jul 2010 14:56:42 GMT

Hi Faisal

Thanks for your reply, Symantec Antivirus 10.X is being used and the users (so far test machines) have admin rights.

Kind Regards

Terry

Re: NAC Agent Issue

Faisal Sehbai — Tue, 27 Jul 2010 11:58:43 GMT

Terry,

Can you please post an agent log file from an affected machine?

If it's 4.7, it would be just running the Cisco Log Packager utility from the Start -> Programs menu.

Thanks,

Faisal

Re: NAC Agent Issue

Terry — Mon, 02 Aug 2010 15:19:03 GMT

Hi Faisal

Sorry about the delay, please find the agent log file attached.

Kind Regards

Terry

Re: NAC Agent Issue

blaxucisco — Mon, 13 Sep 2010 02:48:51 GMT

Hi Faisal,

I also have same problem. we are using symantec endpoint 11. though user has full administrative right on the workstation it doesn't have a privilege to update the virus definition, manual definition update option has been disabled by antivirus server configuration. for the successful remediation, does user needs to have manual update privilege?

Laxman

Re: NAC Agent Issue

Faisal Sehbai — Tue, 14 Sep 2010 02:04:56 GMT

Laxman,

If the AV server has the update options disabled, I don't think NAC can do anything here. You'll have to work with the AV server's admin to ensure that your users can do manual update of their AV, if need be.

HTH,

Faisal

Re: NAC Agent Issue

blaxucisco — Tue, 14 Sep 2010 02:59:21 GMT

Hi Faisal,

my problem is when NAC try to remediate the client it is getting error message (images are attached). That means if user doesn't have a privilege to udpate the antivirus, NAC agent also can not do the remediation process am I right?

Re: NAC Agent Issue

Faisal Sehbai — Wed, 15 Sep 2010 03:58:19 GMT

Laxman,

The screenshots suggest you have a newer version of the agent running. This agent should have been installed as an administrator. If it wasn't then you would see the privilege problems.

Can you please verify whether the agent was installed as an admin? If not, can you install it as one and try your test again?

Thanks,

Faisal

Re: NAC Agent Issue

blaxucisco — Wed, 15 Sep 2010 04:08:51 GMT

Hi Faisal,

this agent has been installed via centrally, pushing from the software deployement server. and we have to install to all computers (aobut 1500) by same way. int this scenario, its not easy to install the agent with administrative privilege on the all pcs. so, which version of nac agent should I use to eliminate this problem?

thank you

Laxman

NAC Agent Issue

marioderosa2008 — Mon, 21 May 2012 13:51:57 GMT

Hi Faisal,

I have the same problem. My users get redirected to a web page with a link to install the NAC agent, this installation used to fail. So I made the user an admin on his own machine.

The installation now succeeds, so the agent is being installed as a Local Admin, however I still get the exact same error above.

Currently my ISE is handing out agent version 4.9.0.37

Any help appreciated.

Mario

NAC Agent Issue

marioderosa2008 — Tue, 19 Jun 2012 12:40:11 GMT

Hi Faisal,

I am still having this problem.

Even though the agent displays that error message, the AV still updates in the background. The problem then is that the agent fails to realise that the definitions are then fully up to date and does not re-check posture automaticly. therefore i am having to disconnect and re-connect the network cable for the agent to realise that I am not fully compliant.

Is there anything that i can do to make this posture / remediation process, automatic and seemless?

Mario