[c-nsp] Cisco NAC - SSO Issues

Antonio Soares amsoares at netcabo.pt
Tue Sep 15 12:04:01 EDT 2009


Thanks for pointing me to the right place.

In the meanwhile, i can say that the workaround mentioned in the Bug release notes worked as expected. 50 stucked TCP sessions were
cleared what was enough to recover normal behavior. I still have 200+ in CLOSED_WAIT state but the next reboot will take care of
that :)


Regards,

Antonio Soares, CCIE #18473 (R&S)
amsoares at netcabo.pt

-----Original Message-----
From: Luan Nguyen [mailto:luan at netcraftsmen.net] 
Sent: terça-feira, 15 de Setembro de 2009 15:54
To: 'Antonio Soares'; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Cisco NAC - SSO Issues

I would suggest opening a TAC case.
Also, for NAC related problem, the CLEANACCESS at LISTSERV.MUOHIO.EDU would be a better place to ask questions.

Regards,

--------------------------------------
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
[Web] http://www.netcraftsmen.net
------------------------------------


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Antonio Soares
Sent: Tuesday, September 15, 2009 10:20 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco NAC - SSO Issues

I found a matching bug in the meanwhile but the workaround does not work:

+++++++++++++++++++++++++++++++++++++++++
CSCsk46672 Bug Details
CAS stops listening on 8910 after threads in CLOSE_WAIT state

Symptom:
Agent fails to perform ADSSO

Conditions:
CAS no longer listening to tcp port 8910 because 50 threads are already in CLOSE_WAIT state

Workaround:
Under Device Management > Clean Access Servers > CAS > Windows Auth Click UPDATE on SSO service to flush the CLOSE_WAIT states
+++++++++++++++++++++++++++++++++++++++++ 

The box i'm troubleshooting is running release 4.0.5.


Regards,

Antonio Soares, CCIE #18473 (R&S)
amsoares at netcabo.pt

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Antonio Soares
Sent: terça-feira, 15 de Setembro de 2009 13:57
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Cisco NAC - SSO Issues

Hello group,

I'm troubleshooting a NAC issue. I see lot's of CLOSE_WAIT sessions on the CAS and i need to find a way to restart the SSO service
(TCP:8910) without restarting the whole box. Disabling the option "Enable Agent-Based Windows Single Sign-On with Active Directory
(Kerberos)" in the CAM does not do the job. I think that after clearing these TCP stuck sessions, Single Sign-On will work again.


Thanks.

Regards,

Antonio Soares, CCIE #18473 (R&S)
amsoares at netcabo.pt


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4426 (20090915) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


 

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4426 (20090915) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 




More information about the cisco-nsp mailing list