Walt, did this start after upgrading to 4.1.3 or was it happening prior to that as well?
Regards, Jeremy ________________________________ From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Howd, Walt Sent: Wednesday, January 30, 2008 12:50 PM To: [email protected] Subject: Invalid Clean Access Server / Sessions not timing out? We have some users that receive the error message "Invalid Clean Access Server" when they attempt to logon to CCA. The only correlating factor I have seen is that these users always have an active session listed in the online users table. It almost appears that some active sessions are becoming orphaned and failing to be logged out after the heartbeat period. If we manually kick the old session the user can logon without any issue. Also, I've noticed that if the user physically moves their system to another VLAN that is controlled by the same CAS, then they can logon without a problem. Case in point, we have had several users bring their machines physically to our helpdesk when they encountered this problem. They can logon to CCA fine at the helpdesk which is on a different managed subnet and VLAN their residence hall. The time the machines are physically off and moving around campus is far greater then our heartbeat timer. However when they return to their residence hall (and are back in the same VLAN as their orphaned session) they can no longer logon without receiving the message "Invalid Clean Access Server" Has anyone else seen this? Our setup: In Band, HA, Real IP Gateway, CCA 4.1.3, Client 4.1.3.1, No session timer, 20 minute heartbeat timer CAM log from an affected user, the logon time on the "active" session was timestamp of the first logon entry "2008-01-29 20:38:14" Authentication 2008-01-30 10:14:59 [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser - Already logged in, Provider: Truman Authentication 2008-01-30 10:14:59 Invalid Clean Access Server <10.1.128.245>, [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser Authentication 2008-01-30 10:14:26 [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser - Already logged in, Provider: Truman Authentication 2008-01-30 10:14:26 Invalid Clean Access Server <10.1.128.245>, [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser Authentication 2008-01-30 10:14:03 [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser - Already logged in, Provider: Truman Authentication 2008-01-30 10:14:03 Invalid Clean Access Server <10.1.128.245>, [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser Authentication 2008-01-30 10:13:51 [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser - Already logged in, Provider: Truman Authentication 2008-01-30 10:13:51 Invalid Clean Access Server <10.1.128.245>, [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser Client 2008-01-29 23:53:20 [00:13:E8:XX:XX:XX ## 10.1.208.243] studentuser- Logout request Authentication 2008-01-29 23:53:20 [00:13:E8:XX:XX:XX ## 10.1.208.243] studentuser - Logged out successfully Authentication 2008-01-29 23:03:17 [00:13:E8:XX:XX:XX ## 10.1.208.243] studentuser - Successfully logged in, Provider: Cisco VPN, L2 MAC address: 00:13:E8:XX:XX:XX, Role: Student, OS: Windows Vista Home Premium Authentication 2008-01-29 23:03:16 [00:13:E8:XX:XX:XX ## 10.1.208.243] studentuser - Successfully logged in temporary role, Provider: Cisco VPN, L2 MAC address: 00:13:E8:XX:XX:XX, Role: Temporary Role, OS: Windows Vista Home Premium Authentication 2008-01-29 23:03:09 End of remote user session: 10.1.208.243, going to logout user studentuser Administration 2008-01-29 23:03:09 <User:studentuser IP:10.1.208.243> - forcefully logged out by Administrator Authentication 2008-01-29 22:56:13 [00:13:E8:XX:XX:XX ## 10.1.208.243] studentuser - Successfully logged in, Provider: Cisco VPN, L2 MAC address: 00:13:E8:XX:XX:XX, Role: Student, OS: Windows Vista Home Premium Authentication 2008-01-29 22:56:10 [00:13:E8:XX:XX:XX ## 10.1.208.243] studentuser - Successfully logged in temporary role, Provider: Cisco VPN, L2 MAC address: 00:13:E8:XX:XX:XX, Role: Temporary Role, OS: Windows Vista Home Premium Authentication 2008-01-29 22:56:01 End of remote user session: 10.1.208.243, going to logout user studentuser Administration 2008-01-29 22:56:01 <User:studentuser IP:10.1.208.243> - forcefully logged out by Administrator Authentication 2008-01-29 20:38:15 [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser - Successfully logged in, Provider: Truman, L2 MAC address: 00:1C:23:XX:XX:XX, Role: Student, OS: Windows Vista Home Premium Authentication 2008-01-29 20:38:14 [00:1C:23:XX:XX:XX ## 10.1.54.73] studentuser - Successfully logged in temporary role, Provider: Truman, L2 MAC address: 00:1C:23:XX:XX:XX, Role: Temporary Role, OS: Windows Vista Home Premium ________________________________ Walt Howd Network Systems Admin Information Technology Services <http://its.truman.edu> Truman State University <http://www.truman.edu> SunGard Higher Education Managed Services 100 East Normal Street Kirksville, MO 63501 [EMAIL PROTECTED] Office - (660) 785-7394
