cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
674
Views
0
Helpful
2
Replies

Cisco NAC Agent Posture Assessment is Looping

Hello,

We have a Cisco Clean Access Standard Manager running version 4.9.1 with the Windows NAC Agent version 4.9.1.6 running on the server for posture assessment of our clients connecting via SSL AnyConnect VPN. The CAS is running in an in-band Layer 2 Virtual Gateway deployment. After a user connects to the VPN and attempts to browse to a network resource via a web browser they are redirected (as expected) to the CAS server to download and install the NAC Agent. Once the NAC agent is installed it attempts to begin the posture assessment. The assessment window sits for a few seconds, closes and then starts the assessment again. This cycle continues in an endless loop. Does anyone know what could be causing this?

2 Replies 2

Darrell, what about the NAC agent and the CAM logs?

Have you checked that information?

I checked the logs from the NAC agent. It's generating the following logs over and over:

02/11/2014 14:12:52 NETLOGON (ID=0x0c8a): This computer could not authenticate with \\server.domain.com, a Windows domain controller  for domain DOMAIN-DOM, and therefore this computer might deny logon requests.  This inability to authenticate might be caused by another computer on the  same network using the same name or the password for this computer account  is not recognized. If this message appears again, contact your system  administrator.

02/11/2014 14:12:37 Microsoft-Windows-GroupPolicy (ID=0x0469): The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

02/11/2014 14:12:04 Microsoft-Windows-GroupPolicy (ID=0x05dd): The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy.

Looks like it is unable to authenticate to my domain controller although there is a "success" log right before the errors.