Walt, did this start after upgrading to 4.1.3 or was it happening prior
to that as well?

 

Regards, 

 

Jeremy

 

________________________________

From: Cisco Clean Access Users and Administrators
[mailto:[EMAIL PROTECTED] On Behalf Of Howd, Walt
Sent: Wednesday, January 30, 2008 12:50 PM
To: [email protected]
Subject: Invalid Clean Access Server / Sessions not timing out?

 

We have some users that receive the error message "Invalid Clean Access
Server" when they attempt to logon to CCA. 

 

The only correlating factor I have seen is that these users always have
an active session listed in the online users table. It almost appears
that some active sessions are becoming orphaned and failing to be logged
out after the heartbeat period. If we manually kick the old session the
user can logon without any issue. Also, I've noticed that if the user
physically moves their system to another VLAN that is controlled by the
same CAS, then they can logon without a problem.

 

Case in point, we have had several users bring their machines physically
to our helpdesk when they encountered this problem. They can logon to
CCA fine at the helpdesk which is on a different managed subnet and VLAN
their residence hall. The time the machines are physically off and
moving around campus is far greater then our heartbeat timer. However
when they return to their residence hall (and are back in the same VLAN
as their orphaned session) they can no longer logon without receiving
the message "Invalid Clean Access Server"

 

Has anyone else seen this?

 

Our setup:

In Band, HA, Real IP Gateway, CCA 4.1.3, Client 4.1.3.1, No session
timer, 20 minute heartbeat timer

 

CAM log from an affected user, the logon time on the "active" session
was timestamp of the first logon entry "2008-01-29 20:38:14"

 

Authentication   2008-01-30 10:14:59       [00:1C:23:XX:XX:XX ##
10.1.54.73] studentuser - Already logged in, Provider: Truman

 

Authentication   2008-01-30 10:14:59       Invalid Clean Access Server
<10.1.128.245>, [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser

 

Authentication   2008-01-30 10:14:26       [00:1C:23:XX:XX:XX ##
10.1.54.73] studentuser - Already logged in, Provider: Truman

 

Authentication   2008-01-30 10:14:26       Invalid Clean Access Server
<10.1.128.245>, [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser

 

Authentication   2008-01-30 10:14:03       [00:1C:23:XX:XX:XX ##
10.1.54.73] studentuser - Already logged in, Provider: Truman

 

Authentication   2008-01-30 10:14:03       Invalid Clean Access Server
<10.1.128.245>, [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser

 

Authentication   2008-01-30 10:13:51       [00:1C:23:XX:XX:XX ##
10.1.54.73] studentuser - Already logged in, Provider: Truman

 

Authentication   2008-01-30 10:13:51       Invalid Clean Access Server
<10.1.128.245>, [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser

Client    2008-01-29 23:53:20       [00:13:E8:XX:XX:XX ## 10.1.208.243]
studentuser- Logout request

 

Authentication   2008-01-29 23:53:20       [00:13:E8:XX:XX:XX ##
10.1.208.243] studentuser - Logged out successfully

 

Authentication   2008-01-29 23:03:17       [00:13:E8:XX:XX:XX ##
10.1.208.243] studentuser - Successfully logged in, Provider: Cisco VPN,
L2 MAC address: 00:13:E8:XX:XX:XX, Role: Student, OS: Windows Vista Home
Premium

 

Authentication   2008-01-29 23:03:16       [00:13:E8:XX:XX:XX ##
10.1.208.243] studentuser - Successfully logged in temporary role,
Provider: Cisco VPN, L2 MAC address: 00:13:E8:XX:XX:XX, Role: Temporary
Role, OS: Windows Vista Home Premium

 

Authentication   2008-01-29 23:03:09       End of remote user session:
10.1.208.243, going to logout user studentuser

 

Administration   2008-01-29 23:03:09       <User:studentuser
IP:10.1.208.243> - forcefully logged out by Administrator

 

Authentication   2008-01-29 22:56:13       [00:13:E8:XX:XX:XX ##
10.1.208.243] studentuser - Successfully logged in, Provider: Cisco VPN,
L2 MAC address: 00:13:E8:XX:XX:XX, Role: Student, OS: Windows Vista Home
Premium

 

Authentication   2008-01-29 22:56:10       [00:13:E8:XX:XX:XX ##
10.1.208.243] studentuser - Successfully logged in temporary role,
Provider: Cisco VPN, L2 MAC address: 00:13:E8:XX:XX:XX, Role: Temporary
Role, OS: Windows Vista Home Premium

 

Authentication   2008-01-29 22:56:01       End of remote user session:
10.1.208.243, going to logout user studentuser

 

Administration   2008-01-29 22:56:01       <User:studentuser
IP:10.1.208.243> - forcefully logged out by Administrator

 

Authentication   2008-01-29 20:38:15       [00:1C:23:XX:XX:XX ##
10.1.54.73] studentuser - Successfully logged in, Provider: Truman, L2
MAC address: 00:1C:23:XX:XX:XX, Role: Student, OS: Windows Vista Home
Premium

 

Authentication   2008-01-29 20:38:14       [00:1C:23:XX:XX:XX ##
10.1.54.73] studentuser - Successfully logged in temporary role,
Provider: Truman, L2 MAC address: 00:1C:23:XX:XX:XX, Role: Temporary
Role, OS: Windows Vista Home Premium

 

 

________________________________

Walt Howd
Network Systems Admin
Information Technology Services <http://its.truman.edu> 
Truman State University <http://www.truman.edu> 
SunGard Higher Education
Managed Services
100 East Normal Street

Kirksville, MO 63501

[EMAIL PROTECTED]
Office - (660) 785-7394

 

Reply via email to