I am doing a rollout of ISE 1.1.1. I am using NAC agent 188.8.131.52 for posture checking win7 x86 machines. Occassionly users are getting 'NAC server is not availble.... try disconecting and connecting to the network to start a new connection' When I try to reproduce the issue it is not happening. It happens randomly here and there. What are the possible reasons fro this issue. Since ISE is not getting posture result, and the machine remain in in posture check 'unknown' stage. I am in half way of rollout and it is stoping me to further rollout. IIf anybody knows, please advise.........
I had the same issue and upgrading to 1.1.2 made the issue quiet down a bit. I have a few reported issues but havent seen any in the past 2 weeks. Also which supplicant is the client running and do they see these on the laptops or machines that have both wired and wireless connections?
The reason I ask is that the native windows supplicant tends to connect to both networks (wired and wireless), this can can cause some problems with the NAC agent if the link for the wired or "the lower metric route" flaps.
the bug cisco provided me is related to "CSCuc70607".
Hope this helps,
*Please rate helpful posts*
I am suffering the same behaviour with ISE 1.1.3 and after updating a NAC agent from 184.108.40.206 to 220.127.116.11. The details of the Bug ID CSCuc70607 seems not to be public right now, but the symptons are equals to sudheere.
Are there any news on the case?
I'm having the exact same issue. i'm running ISE v1.1.2 with NAC Agent v18.104.22.168. Has anybody found a solution ?
Response to Tarik: I'm only using Wireless and PEAP as supplicant.
in my environment I am using EAP FAST with Chaining and Wired, so no coincidences.
what I meant is I have configured my particular wired deployment with EAP Fast - Chaining, no wireless at all. But the issue is not resolved sudheere. Unfortunately I did not run the Cisco Log Packager when the error happened, but I will next time for sure.
I am facing a simar issue also. The NAC agent doesnt popup occassionaly. So the machine remain in unknown state until user reset IP phone or I do reset switch port or 'clear auth sess inter' to wake up the nac agent. This issue more frequent than 'NAC server not availble' issue. Any one face same issue in your deployment? Here I am having Avaya IP phone and not Cisco phone.
So far, in the PEAP parameter, I changed from User or computer Authentication to User Auth only.
it seemed to have yield good results. I'm still testing, but so far so good.
I opened a TAC case. I provided requested log files to him. TAC engineer advised me to upgrade to atleast v1.1.2 patch2. The issue is do to a bug in v1.1.1 (CSCuc51338) accroding to him . I upgraded to v1.1.3 patch1 last week. It looks better to me. I am still monitoring to make sure.
Since 2 weeks I have applied a Patch 8 on version 1.1.2 and the problem has gone. The patch was released specially to solve this problem.
Sent from Cisco Technical Support iPad App