02-11-2014 11:50 AM - edited 03-10-2019 09:23 PM
Hello,
We have a Cisco Clean Access Standard Manager running version 4.9.1 with the Windows NAC Agent version 4.9.1.6 running on the server for posture assessment of our clients connecting via SSL AnyConnect VPN. The CAS is running in an in-band Layer 2 Virtual Gateway deployment. After a user connects to the VPN and attempts to browse to a network resource via a web browser they are redirected (as expected) to the CAS server to download and install the NAC Agent. Once the NAC agent is installed it attempts to begin the posture assessment. The assessment window sits for a few seconds, closes and then starts the assessment again. This cycle continues in an endless loop. Does anyone know what could be causing this?
02-11-2014 12:21 PM
Darrell, what about the NAC agent and the CAM logs?
Have you checked that information?
02-11-2014 12:47 PM
I checked the logs from the NAC agent. It's generating the following logs over and over:
02/11/2014 14:12:52 NETLOGON (ID=0x0c8a): This computer could not authenticate with \\server.domain.com, a Windows domain controller for domain DOMAIN-DOM, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
02/11/2014 14:12:37 Microsoft-Windows-GroupPolicy (ID=0x0469): The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
02/11/2014 14:12:04 Microsoft-Windows-GroupPolicy (ID=0x05dd): The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy.
Looks like it is unable to authenticate to my domain controller although there is a "success" log right before the errors.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide