Re: nac agent delayed befor popup

Ali mosbah Abdo · ‎11-11-2009

Dear ,

i install nac system and working fine, but when the user loging in , the agent delay about 10 minutes before popup to the user, i don't know why the agent don't appear immedaitly after the pc finish startup.

Faisal Sehbai · ‎11-11-2009

Hi,

Are you doing AD SSO?

Faisal

Ali mosbah Abdo · ‎11-11-2009

dear sir,

i'm using local database.

i'm still not using AD SSO

Faisal Sehbai · ‎11-11-2009

What do you have set for your discovery host?

Faisal

Ali mosbah Abdo · ‎11-11-2009

first i deployed L2 OOB & L2 IN-band,and the problem happen for L2 OOB Users,

and the discovery host is the CAM Manager IP Address.

Ali mosbah Abdo · ‎11-11-2009

sir, the discovery host i added it in the CAM , but i don't add any discovery host ip address in the agent it self.

Faisal Sehbai · ‎11-11-2009

Check your agent properties to see if it has a discovery host listed in there. If so, what is it?

Faisal

Ali mosbah Abdo · ‎11-11-2009

sir, there is no discovery host listed n the agent property.

michael_dean · ‎11-11-2009

I believe what you are encountering is the fact that the agent, installed on the user's PC, is a user program, not a service (assuming you are talking about a windows system here). This being the case, there is no control over when the agent will load other than it happens after the system fully logs the user in and brings up the desktop.

Unfortunately, there isn't a way to change that behavior.

Ali mosbah Abdo · ‎11-11-2009

dear michael

the users behind the L2 IN-band don't have this problem , just users in the brach deployed as L2 OOB.

if this is normal behavior so shuold all users have the same problem.

what you think

Faisal Sehbai · ‎11-11-2009

Put in the CAM as the discovery host in the agent properties and then see how long it takes for it to pop up.

Let us know!

Thanks,

Faisal

Ali mosbah Abdo · ‎11-11-2009

ok, but i have to do this by tommorrow, because the time now in my country 12:00 am at mid night.

i will add the discovery host to the agent and i will reboot the pc and i will see.

i hope this is the problem.

by the way , the cisco document says about the discovery its for L3 deployment. and i have L2 deployment.

but i will test and i will tell you.

thanks

michael_dean · ‎11-11-2009

I only use OOB configurations, so I haven't tested IB configurations. However, you may see some issues in both configurations since the agent needs send user/PC information to the CAM.

In our setup, the fact that the agent doesn't load until after the desktop comes up has produced a delay in total login time that can reach 20 minutes (I've timed it), depending on the situation. I haven't yet been able to determine what MSoft is trying talk to that it can't (the delay is waiting for a bunch of things to time out).

Now, if the desktop is loaded and all user programs are running and it still takes 10 minutes for the popup, then the issue is probably with the discovery host (or lack of one) as you have been discussing with Faisal.

Ali mosbah Abdo · ‎11-12-2009

dear sir,

i add the discovery host to the agent and restart the pc, but its still take the long time to appear the agent login screen.

Faisal Sehbai · ‎11-12-2009

Hi,

Please post a visio/jpeg of your network layout.

Thanks,

Faisal