cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1057
Views
0
Helpful
8
Replies

Cannot access CAS page (cas management IP), IP add for web agent displays HTTP 400 Bad Request

rc.castillo
Level 1
Level 1

Hi All,

     Can you help me on this?  Web Agent is needed to download the CCA isn't it?  I cannot access my CAS Web Agent through my CAS's management IP.  The webpage cannot be found displays on the screen and shows HTTP 400 Bad Request error.

     All user roles' traffic are enabled.  Please help.

Regards,

Dan

8 Replies 8

Faisal Sehbai
Level 7
Level 7

Dan,

Web agent isn't needed for downloading the CCA Agent.

Give more details about your setup.

L2 adjacent or L3 hops away?

Virtual Gateway or Real-IP?

OOB or IB?

Any SSO configured?

Faisal

My network is L2 adjacent, operating in Virtual Gateway, OOB mode, running on ADSSO on multiple servers.

I already accessed CAS page, I configured ports on unauthenticated role.  My problem still is in the ADSSO on multiple servers.  When the CCA shows that it is performing Windows automatic login, the CCA then pops up with the windows that asks for username and password and authentication provider.  Than when I use my local account, my Login Fails and detail shows: Clean Access Server internal error: 400

Faisal, I need your help badly...

Dan

Dan,

Please post a list of the ports you have open in your unauthenticated/temporary roles. Are they open to all your DC's?

Secondly, please confirm that you have defined at least one login page for your users.

Thanks,

Faisal

Here is the list of ports

TCP - 88,135,139,389,636,1025,1026


UDP - 88,123,137,389,636

I removed the all trafic on unauthorized role.  I don't use any login pages yet.  My problem is still with the SSO, but when I enter a local account on the CCA, i can log successfuly.  It happened when I removed the All trafic on the unauthenticated role.

Dan

Dan,

Define at least one login page on your CAS. Even the default is fine, but you need at least one login page!

As for your list of ports, they look fine, but add IP FRAGMENTS and ICMP to all your DCs in the list.

Give that a shot and let me know how it flies.

Faisal

Dan,

Also add TCP 445 in the list. All these ports should be open to ALL your DCs!

Faisal

I added all icmp, ip fragments and port 445.  still the SSO doesn't work.. Also, the kerbtray doesn't show the needed kerb tickets

Dan

SSO is not working.  Both on Single AD and Domain...