Nate,
I appreciate Cisco confirming this information.
I would also mention that this has happened on two ACER laptops here.
If a third ACER walks in the door with the same problem then could there
be a pattern?
Thanks,
Rob Crockett
Network Administrator
IT Services
Ouachita Baptist University
410 Ouachita St.
OBU Box 3794
Arkadelphia, AR 71998
Office 870.245.5567
Direct 870.245.4553
http://www.obu.edu/ITS
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[EMAIL PROTECTED] On Behalf Of Nathaniel Austin
Sent: Tuesday, August 26, 2008 4:36 PM
To: [email protected]
Subject: Re: Further 4.1.6 agent issues w/ Vista
All,
There have been multiple reports of this now - it is related to the
issue with L2 strict mode but it is a different manifestation of the
bug. Basically the Vista agent cannot detect the Wireless Mac
address. If the wired NIC is enabled, then the agent will send the
wired NIC mac address for the wireless NIC as well. If the agent
cannot get the wired mac address (like if the wired NIC is disabled -
some supplicants do this automatically) then it will detect no mac
addresses and thus send out no SWISS packets to the CAS.
Unfortunately the only workaround is to fall back to the 4.1.3.x
agent at this point (or leave the wired NIC enabled).
The bug ID is CSCsr87134 and we are trying to push to get it fixed as
soon as possible.
Nate
Kyle Torkelson wrote:
I just noticed this error as well, the login box on agent 4.1.6 was
greyed out on a Vista PC but wasn't greyed out on earlier versions of
the agent. Running 4.1.6 on both CAM/CAS.
We aren't using L2 strict mode on our CAS either.
Thanks
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[EMAIL PROTECTED] On Behalf Of Rob Crockett
Sent: Tuesday, August 26, 2008 2:37 PM
To: [email protected]
Subject: Re: Further 4.1.6 agent issues w/ Vista
I too have seen the same issue with Clean Access Agent 4.1.6.0 running
in Vista in which the wireless connection wouldn't prompt to login to
CCA but with the wired connection it worked fine. Downgraded to
4.1.3.1
and works fine with wired and wireless. Stopped making the CCA
4.1.6.0
mandatory until I know this has been fixed. We are not using strict
blocking on our CAS.
We are running 4.1.3.1 on CAM\CAS.
Thanks,
Rob Crockett
Network Administrator
IT Services
Ouachita Baptist University
410 Ouachita St.
OBU Box 3794
Arkadelphia, AR 71998
Office 870.245.5567
Direct 870.245.4553
http://www.obu.edu/ITS
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[EMAIL PROTECTED] On Behalf Of Robert J.
Rutkowski
Sent: Tuesday, August 19, 2008 2:14 PM
To: [email protected]
Subject: Re: Further 4.1.6 agent issues w/ Vista
Has anyone gotten anywhere with these issues? I just had a student PC
with Vista and 4.1.6 Agent (also 4.1.6 server and manager). The
wireless
wouldn't even allow the login window to pop up, but once I connected
the
hard wire connection it popped up and logged in fine...
Any help would be appreciated.
Rob
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[EMAIL PROTECTED] On Behalf Of Nathaniel Austin
Sent: Friday, August 08, 2008 7:35 AM
To: [email protected]
Subject: Re: Further 4.1.6 agent issues w/ Vista
Cat,
I am actually working on a case now with the same issue in Vista
(access
blocked by administrator). What that error means is that you have L2
strict mode enabled on the CAS and the CAS cannot get the clients
Mac address, or it doesn't match what we have in the arp table. You
can temporarily disable that option by managing the CAS and going to
the network tab - that should allow your clients to get on.
I am investigating the root cause now, but it appears that the Agent
is
not detecting the Mac address of Wireless NICs in Vista correctly, and
sending the wired Mac address which doesn't match the arp table entry.
I would love to get more examples of this occurring for my research,
so
if you can open a TAC case that would be awesome.
Thanks,
Nate
Cat Hoffman wrote:
This is likely related to our "string error" one from earlier, but
I just received this further information about our Vista + wireless =
no
access on wireless for 4.1.6... read on and please let me know any
advice you have, much appreciated, thanks!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cat Hoffman
Network Infrastructure & Security Engineer
Office of Information Technology
Valparaiso University
1700 Chapel Drive, B13 Kretzmann Hall
Valparaiso, IN, 46383
Phone: (219) 464-6101
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
there seems to be a problem with the newest update to CCA (v.
4.1.6.0). Actually, there might be a couple problems.
The most significant problem occurs after CCA is updated. When the
user attempts to login, he or she immediately receives an error
message: "Access to network is blocked by administrator." Repeated
login attempts, even after a full computer restart, deliver the
same results. I think it's server side though, because
occasionally I've seen "Unable to parse server response" (which
implies a failed connection to server) instead of the "Access to
network..." error. Furthermore, this seems to be a /Wireless/
problem. I have had at least one student say that she was unable
to login wirelessly because
of the above issue, but she has had no problems with a hardwire
connection. .
Of probably lesser consequence, there also seems to be an
authentication problem. I have witnessed it at two points in this
process. The first occurs before the program is actually updated.
When tCCA first opens, the typical login window appears for the
user to sign in. If the user clicks the "Login" button without
entering a
username, it asks the user to enter his or her username. However,
the
program does not actually search for a username. It only cares
that there is an entry in the username box. Nothing is
authenticated because, as long as there is an entry in the username
box when
"Login"
is clicked, the program will update. The attached picture is my
attempt to login as the user "jibberish". Not only did it fail to
stop this username, CCA was unaware that I did not enter a password.
Maybe this isn't a bug since it has to update regardless of who's
asking it to, but it is something that we should probably be aware
of.
More importantly, the second time the authentication problem
appears is after the update. When the login window appears after
the update,
the client can again put anything in the username box and click
"Login." Without checking the username (any value works) or password
(which may be blank), the "Access to network..." error shows up.
Therefore, this seems to show that the glitch is occurring before any
authentication occurs. Perhaps it's a problem when CCA first
connects
to the server.
------------------------------------------------------------------------
