Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2222
Views
0
Helpful
7
Replies

urgent: NAC AD SSO User Login Problem

pranavam_dileep
Level 1
Level 1

‎02-22-2011 01:56 AM - edited ‎02-21-2020 04:15 AM

hi,

I have two servers in the domain ( d.local ) , one is PDC ( ABC-DC01.d.local ) & other is ADC ( ABC-DC02.d.local )

All my AD servers are running on WIN 2008 R2 64 bit

I configured the Active Directory SSO ( Domain ( All Active Directory Servers ).

I configured AD SSO using "  Configure AD SSO Without KTPass, "

In the " userPrincipalName " I configured the value as nacsso/d.local@D.LOCAL "

In the " service PrinciplaName " I configured the value as nacsso/ABC-DC02.d.local )


Every thing works fine ie ( AD SSO status showing Started )

Currently in the un authenticated role , I allowed every thing to the AD Servers.

But clients are unable to perform the AD SSO.

I trouble shoot the following things,

1. Ports are open in the Unauthenticated role to all  AD server .

2. The client PC time/clock is synchronized with the AD servers

3.The user is logged in using the Windows domain account and not the local account.

4.. I run the command "netstat -a | grep 8910 in the NAC Server ,but it is not showing any thing .

But when I run the command " netstat -a | grep 89 "

it is giving listening on udp port 8902 ,8905 ,8906

How can I allow TCP port 8910 on NAC Server ?

6. How can I check whether client is having kerbores keys ( in win 2008 64 bit environment ) ?

In the NAC documentation it is mentioned using kerbtray tool we can check it. But kerbtray tool is not available for win 2008 64 bit environment .Is any other way to check whether client is having kerbores keys.

Expecting your valuable reply.

Regards

Dileep

0 Helpful
7 Replies 7

pranavam_dileep
Level 1
Level 1

‎02-23-2011 02:04 AM

hi all,

Expecting a valuable reply

Regards

Dileep

0 Helpful

Daniel Stefani
Level 1
Level 1
In response to pranavam_dileep

‎02-23-2011 04:57 AM

Hi dileep,

I had a similar problem, but my environment runs Win2003 R2.

I found the problem by analyzing the packets between the client workstation and the
AD server.

I used Wireshark to make the capture.

I saw some messages related to Kerberos that helped me in solving the
problem.

If you can send me the result of this capture, I can try to analyze.

Kind Regards,

Daniel Stefani

0 Helpful

pranavam_dileep
Level 1
Level 1
In response to Daniel Stefani

‎02-23-2011 06:15 AM

hi stefani,

thanks 4 ur informayion , I will check it & let u knw.

Regards

Dileep

0 Helpful

wkamil123
Level 1
Level 1
In response to pranavam_dileep

‎02-28-2011 01:50 AM

Do you configure a LDAP server and verify that you have responses?

Kamil

0 Helpful

pranavam_dileep
Level 1
Level 1
In response to wkamil123

‎03-01-2011 03:08 AM

hi kamil

I checked using LDAP .Its working.

Regards

Dileep

0 Helpful

wkamil123
Level 1
Level 1
In response to pranavam_dileep

‎03-01-2011 04:55 AM

OK.

Kamil

end

0 Helpful

pranavam_dileep
Level 1
Level 1
In response to wkamil123

‎03-01-2011 08:06 AM

hi all,

I found the error, & got the solution .Its working now.

Please go through the case I had posted initially,

Problem is in the creation of servicePrincpal Name

In the " service PrinciplaName " I configured the value as nacsso/ABC-DC02.d.local )

In the servicePrincipalName you have to configure like this

nacsso/D.LOCAL only

Regards

Dileep

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card