Thanks for pointing me to the right place. In the meanwhile, i can say that the workaround mentioned in the Bug release notes worked as expected. 50 stucked TCP sessions were cleared what was enough to recover normal behavior. I still have 200+ in CLOSED_WAIT state but the next reboot will take care of that :)
Regards, Antonio Soares, CCIE #18473 (R&S) amsoa...@netcabo.pt -----Original Message----- From: Luan Nguyen [mailto:l...@netcraftsmen.net] Sent: terça-feira, 15 de Setembro de 2009 15:54 To: 'Antonio Soares'; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Cisco NAC - SSO Issues I would suggest opening a TAC case. Also, for NAC related problem, the cleanacc...@listserv.muohio.edu would be a better place to ask questions. Regards, -------------------------------------- Luan Nguyen Chesapeake NetCraftsmen, LLC. [Web] http://www.netcraftsmen.net ------------------------------------ -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Antonio Soares Sent: Tuesday, September 15, 2009 10:20 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco NAC - SSO Issues I found a matching bug in the meanwhile but the workaround does not work: +++++++++++++++++++++++++++++++++++++++++ CSCsk46672 Bug Details CAS stops listening on 8910 after threads in CLOSE_WAIT state Symptom: Agent fails to perform ADSSO Conditions: CAS no longer listening to tcp port 8910 because 50 threads are already in CLOSE_WAIT state Workaround: Under Device Management > Clean Access Servers > CAS > Windows Auth Click UPDATE on SSO service to flush the CLOSE_WAIT states +++++++++++++++++++++++++++++++++++++++++ The box i'm troubleshooting is running release 4.0.5. Regards, Antonio Soares, CCIE #18473 (R&S) amsoa...@netcabo.pt -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Antonio Soares Sent: terça-feira, 15 de Setembro de 2009 13:57 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco NAC - SSO Issues Hello group, I'm troubleshooting a NAC issue. I see lot's of CLOSE_WAIT sessions on the CAS and i need to find a way to restart the SSO service (TCP:8910) without restarting the whole box. Disabling the option "Enable Agent-Based Windows Single Sign-On with Active Directory (Kerberos)" in the CAM does not do the job. I think that after clearing these TCP stuck sessions, Single Sign-On will work again. Thanks. Regards, Antonio Soares, CCIE #18473 (R&S) amsoa...@netcabo.pt _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ __________ Information from ESET NOD32 Antivirus, version of virus signature database 4426 (20090915) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4426 (20090915) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/