Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2931
Views
5
Helpful
6
Replies

Login scripts not running with AnyConnect NAM and ISE 1.2

bcoco
Level 1
Level 1

‎06-24-2014 05:46 PM - edited ‎03-10-2019 09:49 PM

I am using AnyConnect 3.1 NAM as my 802.1x supplicant for ISE 1.2.  When users log in with EAP Chaining (User and Machine Auth), the login script seems hit or miss on if it runs to map their drives.  If I uninstall the NAM client, they map drives every time.  I would think that running a login script to map drives is a common scenario and I was wondering if anyone else using AnyConnect NAM was having similar issues or how they were dealing with it.

1 person had this problem
Labels:
0 Helpful
6 Replies 6

harry.ramirez
Level 1
Level 1

‎07-29-2014 08:36 AM

I'm having the same issue, but only when wired.  I'm only using AnyConnect NAM for laptops at this time and when it's wireless, the login script runs fine.  When wired, no login script even attempts to run.  I don't know what the problem is.

0 Helpful

jeremyhagan
Level 1
Level 1

‎09-15-2014 08:47 PM

I am having the same issue. The script does not run at all. I will be putting in a TAC case.

0 Helpful

Pablo Roman Reinoso
Level 1
Level 1

‎12-17-2014 09:37 AM

I have the same issue with Cisco AnyConnect Network Access Manager 3.1.05182 and ISE 1.2.1.198,

How do you solve this issue?

 

Thanks,

Pablo

0 Helpful

harry.ramirez
Level 1
Level 1
In response to Pablo Roman Reinoso

‎12-17-2014 10:02 AM

I think I changed Client Policy for wired, Connection Settings, to Before user logon and 5 seconds.

0 Helpful

dllaulen20
Level 1
Level 1

‎02-18-2015 08:05 AM

I have the same issue and I solve the issue with change these parameters.

1.- You must change on configuration profile "before user logon". I have 5 seconds

2.- You must change on configuration profile  "port authentication Exception policy" and you must enable checkbox "enable port exceptions" and select "allow data traffic before authentication"

3.- You must enable in the option of interface Ethernet Intel on PC "Wait for link" this option It's in "configured advanced of Intel. You must select "on" in this option.

4.- (this recommendation it was by Cisco) 

Active Direct GPO has a setting "Computer Configuration\Administrative
Templates\System\Logon\ Always wait for the network at computer startup and logon" that
can be enabled to make the logon scripts wait till 802.1x authentication is completed.

 

With those changes the logon script run fine.

 

Regards

David.

Jeffrey Jones
Level 5
Level 5
In response to dllaulen20

‎02-01-2017 02:59 PM

all thats configured and it still doesnt work.

0 Helpful
Customers Also Viewed These Support Documents