Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1056
Views
0
Helpful
8
Replies

Cannot access CAS page (cas management IP), IP add for web agent displays HTTP 400 Bad Request

rc.castillo
Level 1
Level 1

‎11-23-2009 07:15 PM - edited ‎03-09-2019 10:43 PM

Hi All,

     Can you help me on this?  Web Agent is needed to download the CCA isn't it?  I cannot access my CAS Web Agent through my CAS's management IP.  The webpage cannot be found displays on the screen and shows HTTP 400 Bad Request error.

     All user roles' traffic are enabled.  Please help.

Regards,

Dan

Labels:
0 Helpful
8 Replies 8

Faisal Sehbai
Level 7
Level 7

‎11-23-2009 08:21 PM

Dan,

Web agent isn't needed for downloading the CCA Agent.

Give more details about your setup.

L2 adjacent or L3 hops away?

Virtual Gateway or Real-IP?

OOB or IB?

Any SSO configured?

Faisal

0 Helpful

rc.castillo
Level 1
Level 1
In response to Faisal Sehbai

‎11-23-2009 09:09 PM

My network is L2 adjacent, operating in Virtual Gateway, OOB mode, running on ADSSO on multiple servers.

I already accessed CAS page, I configured ports on unauthenticated role.  My problem still is in the ADSSO on multiple servers.  When the CCA shows that it is performing Windows automatic login, the CCA then pops up with the windows that asks for username and password and authentication provider.  Than when I use my local account, my Login Fails and detail shows: Clean Access Server internal error: 400

Faisal, I need your help badly...

Dan

0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to rc.castillo

‎11-23-2009 09:11 PM

Dan,

Please post a list of the ports you have open in your unauthenticated/temporary roles. Are they open to all your DC's?

Secondly, please confirm that you have defined at least one login page for your users.

Thanks,

Faisal

0 Helpful

rc.castillo
Level 1
Level 1
In response to Faisal Sehbai

‎11-23-2009 09:34 PM

Here is the list of ports

TCP - 88,135,139,389,636,1025,1026


UDP - 88,123,137,389,636

I removed the all trafic on unauthorized role.  I don't use any login pages yet.  My problem is still with the SSO, but when I enter a local account on the CCA, i can log successfuly.  It happened when I removed the All trafic on the unauthenticated role.

Dan

0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to rc.castillo

‎11-23-2009 09:37 PM

Dan,

Define at least one login page on your CAS. Even the default is fine, but you need at least one login page!

As for your list of ports, they look fine, but add IP FRAGMENTS and ICMP to all your DCs in the list.

Give that a shot and let me know how it flies.

Faisal

0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to rc.castillo

‎11-23-2009 09:38 PM

Dan,

Also add TCP 445 in the list. All these ports should be open to ALL your DCs!

Faisal

0 Helpful

rc.castillo
Level 1
Level 1
In response to Faisal Sehbai

‎11-23-2009 10:09 PM

I added all icmp, ip fragments and port 445.  still the SSO doesn't work.. Also, the kerbtray doesn't show the needed kerb tickets

Dan

0 Helpful

rc.castillo
Level 1
Level 1
In response to rc.castillo

‎11-24-2009 12:01 AM

SSO is not working.  Both on Single AD and Domain...

0 Helpful
Customers Also Viewed These Support Documents