Solved: NAC agent failing to popup - Page 3

ZAHI BOU KHALIL · ‎06-25-2012

Dears,

I have two ISE appliances installed in a distributed deployment (primary "ISE1" and secondary "ISE2"), each node has the three personas installed on it. The servers are registered together and the replication is working properly between the nodes.

When we are working on the first node everything is fine, if I try to disconnect ISE1 and do my tests on ISE2, the cisco NAC agent doesn't popup, unless I uninstall it and reinstall it again from the ISE2. Then it will work properly.

Note: the NAC agent version is the following: nacagent-4.9.0.37.

Any idea?

Regards

Zahi

marioderosa2008 · ‎09-09-2014

Hi Tarik, i know this is an old thread but I just wanted to clarify a few things as i am having problems with big delays on some machines with the NAC agent not popping up. (on wireless)

Firstly...

1) I understand that every PSN node should populate the Discovery Host field in the NAC agent. How can I do this if we are not using the ISE for client provisioning? I think we push the NAC agent out via group policy in Active directory, or a 3rd party software management platform. Is it possible to still use the ISE to only push NAC agent settings and NOT the agent software itself?

2) In my pre-posture redirect ACL, do I permit traffic to the ISE IP's on port 80, 8095 & 8096?

In this discussion, some posts suggest that the ISE's can be discovered automatically using a http 80 probe and other posts suggest that you should manually enter the names of the ISE's in the NAC agent settings.

3) should I do both, or should I do one or the other?

Thanks

Mario

pemasirid · ‎04-10-2013

Hi Tarik,

I just want to jump one more point on the simillar issue. Suppose if I'm pushing the NAC agent (downloaded from Cisco.com), what is best way to add the host discovery fqdn on NAC agent. I heard that there's a xml file to be pushed alone with NAC agent via GPO, but I couldnt get any document.

Hope you got my concern and appreciate if you can advise or guide me to a solution.

thanks in advance.

khanazeemo · ‎01-24-2013

Hi Zahi,

I have deployed NAC as OOB REAL IP gateway mode and it is working fine over LAN.

Once I enabled the L3 functionality to connect remote site after that local user is being certified through WEB LOGIN.

But NAC pop up is not reflecting to supply the username and password.

A problem occured when stoping the NAC agent services" Agent has been terminated due to unexpected error. please restart your machine."

Note- No ACL is configured till yet

I have perform following task to fix it;-

1. Restared NAC agent services.

2.Checked proxy settings.

Could you please help me out to resolve this issue?

Thanks & Regards,

Azeem Khan

khanazeemo · ‎01-30-2013

Dear All,

Could you please help me out to rectifiy above issue?

Thanks & Regards,

Azeem Khan

CSCO11233372 · ‎05-07-2013

Dear all,

did anybody get a resolution for this issue?

Thanks,

chris

Tarik Admani · ‎08-04-2013

Hi,

If you take a look at my last reply with the pcap attachments. You should be able to put any ise node in the discovery field.

Make sure in your redirect acls that you are not allowing port 80 to the ise nodes to bypass redirection.

Thanks,

Sent from Cisco Technical Support Android App