09-05-2011 05:03 AM - edited 03-10-2019 06:22 PM
09-08-2011 11:58 PM
Did you perform the steps during the installation and reboot the box? If so, please issue service perfigo config and verify that everything is configured correctly. What url are you using? Try https://nacserverip/admin.
thanks,
Tarik
09-09-2011 12:09 AM
I am getting the same issue and when i checked the server an error occurs nCipher server not in operational mode. Please change the settings. please suggest me how to do that. Because of this i ma not able to open the https. it was working
fine but after the reboot the issue arised.
please help
thanks
Tarunava
09-09-2011 12:24 AM
Can you paste the exact error that you are receiving and where it is coming from? The webpage or the console. Also what version of clean access are you running?
Thanks,
Tarik
09-09-2011 01:48 AM
While rebooting , i am getting this:
Starting nc_drivers: /dev/nfastpci0
[ OK ]
Starting nc_hardserver: waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
nCipher server did not start; see /opt/nfast/log/hardserver.log
[FAILED]
Starting sshd:WARNING: initlog is deprecated and will be removed in a future release
key_load_private_pem: RSA_blinding_on failed
Could not load host key: /root/.perfigo/sec/tomcat.key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
[FAILED]
Starting xinetd: [ OK ]
Starting console mouse services: [ OK ]
Starting nessusd: Loading the Nessus plugins...
All plugins loaded
[ OK ]
Starting crond: [ OK ]
Starting anacron: [ OK ]
Starting atd: [ OK ]
Starting jexec: Starting jexec services[ OK ]
Starting Ncipher services
-- Running startup script 45drivers
-- Running startup script 46exard
-- Running startup script 50hardserver
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
waiting for nCipher server to become operational ...
nCipher server did not start; see /opt/nfast/log/hardserver.log
Starting perfigo: click: starting router thread pid 2092 (f7b7d340)
Failed execute command : CONNECTFORCE, Error : Connection refused
BaseAgent process reconnecting...
Failed execute command : ACTIVE, Error : Connection refused
BaseAgent executes [ACTIVE] ...
Link Detect Manager only operates when HA is enabled.
NFastApp_Connect failed: ServerNotRunning
And then in the hardserver log I am getting nCipher card not in operational mode. Please change the settings on the card.
How to resolve the issue.
Thanks
Shalvi Yadav
09-09-2011 08:59 AM
Shalvi,
Just want to clarify a few thing:
1. Was this a fresh, new install?
2. Did you use the external card reader to initialize the nCipher card durring the fresh install?
3. is the switch on the nCipher card int the "O" position?
Thanks,
Robert
09-09-2011 09:07 AM
It is a new install. the device is Cisco NAC 3315 appliance. i havent used any external card reader. the device was working fine and i did the configuration and web console was also coming. then the device got rebooted and when the device got up this error came.
How to check the "O" position. I have no idea regarding it. I have no idea how to change the settings.
Please help.
Thanks
Shalvi
09-09-2011 10:38 AM
Shalvi,
If your CAM is a FIPS-compliant platform (which it is) the first prompt should asks if you want to initialize the on-board FiPS card.
Please view the link below and attempt to initialize the FIPS nCipher card. Let me know if you have any additional issues or questions.
Once you have finished initializing the CAM try restarting and accessing again.
Robert
09-09-2011 10:57 AM
the point is it is not asking for the same..see the attached capture during restart. i even used service perfigo config but it is not prompting for FIPS mode.
09-09-2011 11:03 AM
see it directly asks for :
he utility will now ask you a series of configuration questions.
Please answer them carefully.
Cisco Clean Access Server, (C) 2011 Cisco Systems, Inc.
Configuring the network interfaces:
Please enter the IP address for the interface eth0 []: 10.20.70.13 [C [C [C
You entered an incorrect IP address
Please enter the IP address for the interface eth0 []: 10.20.70.140
You entered 10.20.70.140 Is this correct? (y/n)? [y] y
Please enter the netmask for the interface eth0 [255.255.255.0]: 255.255.255.248
You entered 255.255.255.248, is this correct? (y/n)? [y]
Please enter the IP address for the default gateway []: 10.20.70.137
You entered 10.20.70.137 Is this correct? (y/n)? [y]
[Vlan Id Passthrough] for packets from eth0 to eth1 is disabled.
Would you like to enable it? (y/n)? [n]
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide