Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4672
Views
15
Helpful
25
Replies

NAC server is not available on the network

sudheere
Level 1
Level 1

‎03-13-2013 06:41 AM - edited ‎03-10-2019 08:11 PM

I am doing a rollout of ISE 1.1.1. I am using NAC agent 4.9.0.47 for posture checking win7 x86 machines. Occassionly users are getting 'NAC server is not availble.... try disconecting and connecting to the network to start a new connection' When I  try to reproduce the issue it is not happening. It happens randomly here and there. What are the possible reasons fro this issue. Since ISE is not getting posture result, and the machine remain in in posture check 'unknown' stage. I am in half way of rollout and it is stoping me to further rollout. IIf anybody knows, please advise.........

4 people had this problem
Labels:
Preview file
684 KB
0 Helpful
25 Replies 25

Tarik Admani
VIP Alumni
VIP Alumni

‎03-14-2013 11:25 PM

Hi,

I had the same issue and upgrading to 1.1.2 made the issue quiet down a bit. I have a few reported issues but havent seen any in the past 2 weeks. Also which supplicant is the client running and do they see these on the laptops or machines that have both wired and wireless connections?

The reason I ask is that the native windows supplicant tends to connect to both networks (wired and wireless), this can can cause some problems with the NAC agent if the link for the wired or "the lower metric route" flaps.

the bug cisco provided me is related to "CSCuc70607".

Hope this helps,

Tarik Admani
*Please rate helpful posts*

Francisco de Asis Gomez Marin
Level 1
Level 1
In response to Tarik Admani

‎03-26-2013 08:54 AM

Hi Tarik,

  I am suffering the same behaviour with ISE 1.1.3 and after updating a NAC agent from 4.9.0.47 to 4.9.0.49. The details of the Bug ID CSCuc70607 seems not to be public right now, but the symptons are equals to sudheere.

  Are there any news on the case?

Francisco

0 Helpful

tonyp8581
Level 1
Level 1
In response to Francisco de Asis Gomez Marin

‎03-28-2013 02:44 PM

Hi everyone,

I'm having the exact same issue.  i'm running ISE v1.1.2 with NAC Agent v4.9.0.47.  Has anybody found a solution ?

Response to Tarik: I'm only using Wireless and PEAP as supplicant.

Thanks !!

Tony

0 Helpful

Francisco de Asis Gomez Marin
Level 1
Level 1
In response to Francisco de Asis Gomez Marin

‎04-01-2013 01:54 AM

Hi people,

  in my environment I am using EAP FAST with Chaining and Wired, so no coincidences.

Regards,

  Francisco

0 Helpful

sudheere
Level 1
Level 1
In response to Francisco de Asis Gomez Marin

‎04-08-2013 10:50 PM

Francisco...

So you fixed the issue? Could you explain further how you have done "EAP FAST with Chaining and Wired" ?

0 Helpful

Francisco de Asis Gomez Marin
Level 1
Level 1
In response to sudheere

‎04-09-2013 03:07 AM

Hi,

  what I meant is I have configured my particular wired deployment with EAP Fast - Chaining[1], no wireless at all. But the issue is not resolved sudheere. Unfortunately I did not run the Cisco Log Packager when the error happened, but I will next time for sure.

[1] http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_80_eapchaining_deployment.pdf

0 Helpful

sudheere
Level 1
Level 1
In response to Francisco de Asis Gomez Marin

‎04-09-2013 03:19 AM

I am facing a simar issue also. The NAC agent doesnt popup occassionaly. So the machine remain in unknown state until user reset IP phone or I do reset switch port or 'clear auth sess inter' to wake up the nac agent. This issue more frequent than 'NAC server not availble' issue. Any one face same issue in your deployment? Here I am having Avaya IP phone and not Cisco phone.

0 Helpful

nrafia
Level 1
Level 1
In response to sudheere

‎04-09-2013 03:23 AM

end to end cisco devices. no wireless and getting Same Issue.

0 Helpful

tonyp8581
Level 1
Level 1
In response to nrafia

‎04-10-2013 07:08 AM

Hi everyone,

So far, in the PEAP parameter, I changed from User or computer Authentication to User Auth only.

it seemed to have yield good results.  I'm still testing, but so far so good.

0 Helpful

Arafat Bique
Level 1
Level 1

‎04-23-2013 01:06 PM

I'm facing the same problem. It runs randomly.

Is there any fix?

0 Helpful

sudheere
Level 1
Level 1
In response to Arafat Bique

‎05-05-2013 02:47 AM

I opened a TAC case. I provided requested log files to him. TAC engineer advised me to upgrade to atleast v1.1.2 patch2. The issue is do to a bug in v1.1.1 (CSCuc51338) accroding to him . I upgraded to v1.1.3 patch1 last week. It looks better to me. I am still monitoring to make sure.

0 Helpful

marioderosa2008
Level 1
Level 1
In response to sudheere

‎05-31-2013 03:22 AM

Hi Sudheer,

have you noticed any more occurances since upgrading to v1.1.3 patch1 ?

thanks

Mario De Rosa

0 Helpful

Francisco de Asis Gomez Marin
Level 1
Level 1
In response to marioderosa2008

‎06-03-2013 03:57 AM

Hi Mario,

  i am still having this issue in 1.1.3 patch1... is really frustrating.

Regards,

  Francisco

0 Helpful

Arafat Bique
Level 1
Level 1
In response to Francisco de Asis Gomez Marin

‎06-07-2013 01:10 PM

Hi guys,

Since 2 weeks I have applied a Patch 8 on version 1.1.2 and the problem has gone. The patch was released specially to solve this problem.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents