Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1441
Views
0
Helpful
3
Replies

Cannot restart AD SSO service after NAC server ip change and reboot

adrian_teo
Level 1
Level 1

‎04-03-2010 11:28 PM - edited ‎02-21-2020 03:55 AM

Hi all,

       My NAC server was configured with AD SSO and was working till, we decide to change the untrusted interface ip address. When we eventually change the ip address to the orginal and restart the AD SSO service the SSO service refused to start saying that SSO could not start because there is a configuration error. Anyone have any experience on this??

0 Helpful
3 Replies 3

netjustin
Level 1
Level 1

‎04-08-2010 09:37 AM

Have you checked to make sure DNS Host record reflects the server's new IP address?

0 Helpful

Nevin Absher
Cisco Employee
Cisco Employee

‎04-08-2010 01:10 PM

Hey Adrian,

You may want to look at the logs to see why it is giving an error when you try to start it.  Normally it's something easy like time skew.  Changing the untrusted IP shouldn't cause any problems with the SSO service.

On 4.1.x check /perfigo/logs/perfigo-redirect.log0.log.0

On 4.5.x and later check /perfigo/access/tomcat/logs/nac_server.log

Thanks,

Nevin

0 Helpful

joachim_chan
Level 1
Level 1

‎04-10-2010 06:36 AM

This is the error we are seeing.. sorry need to mask out the domain names and account. Any idea?

- GSSServer - SPN : [xxx]
2010-04-10 21:22:20.708 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - building kdc list for domain xxx
2010-04-10 21:22:20.708 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - done building kdc list for domain xxx
2010-04-10 21:22:20.708 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - KDC(s) :[xxx]
2010-04-10 21:22:20.708 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - writeKrbFile: writing to file ../conf/krb.txt
2010-04-10 21:22:20.709 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - writeKrbFile: wrote to file ../conf/krb.txt
2010-04-10 21:22:20.709 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - creating login context ...
2010-04-10 21:22:20.709 +0800 INFO  com.perfigo.wlan.jmx.adsso.GSSServer               - GSSServer - created login context ...javax.security.auth.login.LoginContext@4ed2d2
2010-04-10 21:22:20.724 +0800 ERROR com.perfigo.wlan.jmx.adsso.GSSServer               - Unable to start server ... Integrity check on decrypted field failed (31)
2010-04-10 21:22:24.574 +0800 WARN  com.perfigo.wlan.jmx.adsso.GSSServer               - Server was not running ...
2010-04-10 21:22:25.824 +0800 WARN  com.perfigo.wlan.jmx.adsso.GSSServer               - Server was not running ...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card