I had to disabled L2 strict mode and then my Vista users were able to connect successfully again. I am anxiously awaiting a 4.1.6.1 client so that I can put L2 strict back on. The bug with vista has an actual bug # so hopefully it will get fixed in the next release. -Cat
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cat Hoffman Network Infrastructure & Security Engineer Office of Information Technology Valparaiso University 1700 Chapel Drive, B13 Kretzmann Hall Valparaiso, IN, 46383 Phone: (219) 464-6101 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://photos.cathoffman.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> From: "Robert J. Rutkowski" <[EMAIL PROTECTED]> To: <[email protected]> Date: 8/19/2008 3:23 PM Subject: Re: Further 4.1.6 agent issues w/ Vista Has anyone gotten anywhere with these issues? I just had a student PC with Vista and 4.1.6 Agent (also 4.1.6 server and manager). The wireless wouldn't even allow the login window to pop up, but once I connected the hard wire connection it popped up and logged in fine... Any help would be appreciated. Rob -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Nathaniel Austin Sent: Friday, August 08, 2008 7:35 AM To: [email protected] Subject: Re: Further 4.1.6 agent issues w/ Vista Cat, I am actually working on a case now with the same issue in Vista (access blocked by administrator). What that error means is that you have L2 strict mode enabled on the CAS and the CAS cannot get the clients Mac address, or it doesn't match what we have in the arp table. You can temporarily disable that option by managing the CAS and going to the network tab - that should allow your clients to get on. I am investigating the root cause now, but it appears that the Agent is not detecting the Mac address of Wireless NICs in Vista correctly, and sending the wired Mac address which doesn't match the arp table entry. I would love to get more examples of this occurring for my research, so if you can open a TAC case that would be awesome. Thanks, Nate Cat Hoffman wrote: > This is likely related to our "string error" one from earlier, but I > just received this further information about our Vista + wireless = no > access on wireless for 4.1.6... read on and please let me know any > advice you have, much appreciated, thanks! > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Cat Hoffman > Network Infrastructure & Security Engineer > Office of Information Technology > Valparaiso University > 1700 Chapel Drive, B13 Kretzmann Hall > Valparaiso, IN, 46383 > Phone: (219) 464-6101 > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > >>> there seems to be a problem with the newest update to CCA (v. > 4.1.6.0). Actually, there might be a couple problems. > > The most significant problem occurs after CCA is updated. When the > user attempts to login, he or she immediately receives an error > message: "Access to network is blocked by administrator." Repeated > login attempts, even after a full computer restart, deliver the same > results. I think it's server side though, because occasionally I've > seen "Unable to parse server response" (which implies a failed > connection to server) instead of the "Access to network..." error. > Furthermore, this seems to be a /Wireless/ problem. I have had at > least one student say that she was unable to login wirelessly because > of the above issue, but she has had no problems with a hardwire > connection. . > > Of probably lesser consequence, there also seems to be an > authentication problem. I have witnessed it at two points in this > process. The first occurs before the program is actually updated. > When tCCA first opens, the typical login window appears for the user > to sign in. If the user clicks the "Login" button without entering a > username, it asks the user to enter his or her username. However, the > program does not actually search for a username. It only cares that > there is an entry in the username box. Nothing is authenticated > because, as long as there is an entry in the username box when "Login" > is clicked, the program will update. The attached picture is my > attempt to login as the user "jibberish". Not only did it fail to > stop this username, CCA was unaware that I did not enter a password. > Maybe this isn't a bug since it has to update regardless of who's > asking it to, but it is something that we should probably be aware of. > > More importantly, the second time the authentication problem appears > is after the update. When the login window appears after the update, > the client can again put anything in the username box and click > "Login." Without checking the username (any value works) or password > (which may be blank), the "Access to network..." error shows up. > Therefore, this seems to show that the glitch is occurring before any > authentication occurs. Perhaps it's a problem when CCA first connects > to the server. > > ------------------------------------------------------------------------ >
