03-29-2005 08:21 AM - edited 03-09-2019 10:46 AM
We wanted all Agent users to be prompted with our Network Policies. So I configured the User Agreement page, allowed access to the Network Policy for the role, and enabled the option in the General setup. However, the Agent never prompts for the link. Also, while the agent considers them logged in, in "online users" they're still in Temporary Access. Yet they have full network access.
I can't pinpoint what I've got configured wrong... any suggestions?
04-04-2005 08:23 AM
Did it give you any error messages?
04-05-2005 04:48 AM
Nope, and looking at the CCA reports, the user didn't fail anything. Yet the agent never prompts
04-04-2005 05:40 PM
Hello Simon,
Assuming you are running 3.4.x on both servers and agent.
a. There was a fixed bug, fixed in 3.4.2 and above
00290
Network User Agreement Page reverts back to old behavior whereby user is shown the page only if they are not on the Certified Devices list (i.e. if they haven't gone through the Clean Access process earlier).
b. You need to ensure that your client/agent is 3.4.0 or 3.4.1
c. Check to make sure your Role/OS in the General Setup matches what you want. And under Clean Access > Role - check your make sure your requirements are checked for the Role/OS
d. What is your policy on Temporary Role? Do you have an Allow all IP?
e. If the online user is Temporary, the user should have seen a popup denoting temporary and time left to remediate. Were you seeing this?
Nick
04-05-2005 05:00 AM
a. Device wasn't previously certified
b. agent is 3.4.0
c. verified
d. temp has limited access:
Block TCP *:* 141.165.5.199 /255.255.255.255 :* CCA Manager
Block UDP *:* *:135
Block TCP *:* *:135
Block TCP *:* *:445
Block TCP *:* *:139
Block TCP *:* *:137
Block TCP *:* *:138
Block UDP *:* *:593
Block TCP *:* *:593
Block TCP *:* *:69
Block UDP *:* *:445
Block UDP *:* *:139
Block UDP *:* *:137
Block UDP *:* *:138
Allow TCP *:* 141.165.4.98 /255.255.255.255 :443 Userid Lookup
Allow TCP *:* 141.165.4.50 /255.255.255.255 :4567 Userid reset
Allow TCP *:* 141.165.5.204 /255.255.255.255 :81 Help pages
Allow TCP *:* 141.165.4.67 /255.255.255.255 :* Computer use policy
Allow TCP *:* 141.165.4.96 /255.255.255.255 :80 Internal Norton Corp download
Allow TCP *:* 141.165.4.96 /255.255.255.255 :443 Internal Norton corp Download
Allow TCP *:* 199.77.203.0 /255.255.255.0 :80 Trendmicro update
Allow UDP *:* *:53 trusted dns server
Block ALL
e. no, the user see's a successful login. After the time limit they're booted. Also, although CCAM has them in temp mode, they have full network access.
I contacted Doug Ramos about this issue and gave him remote access. He felt there might be a bug, but I haven't heard back yet.
04-18-2005 12:40 PM
upgrading from 3.4.2 to 3.4.4 seems to have fixed the problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide