We are having this issue as well. L2 strict mode is not enabled, Vista users are not able to login.
Michael Stanclift Network Analyst Rockhurst University http://help.rockhurst.edu (816) 501-4231 -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Dennis Xu Sent: Tuesday, August 26, 2008 4:38 PM To: [email protected] Subject: Re: Further 4.1.6 agent issues w/ Vista I just saw our first Vista user having exactly the same issue after we upgraded to 4.1.6. We aren't using L2 strict mode either. So this seems to be a critical issue. Hope our Cisco engineers on this list can have a fix for this issue ASAP. Thanks Dennis ----- Original Message ----- From: "Kyle Torkelson" <[EMAIL PROTECTED]> To: [email protected] Sent: Tuesday, August 26, 2008 5:26:30 PM GMT -05:00 US/Canada Eastern Subject: Re: Further 4.1.6 agent issues w/ Vista I just noticed this error as well, the login box on agent 4.1.6 was greyed out on a Vista PC but wasn't greyed out on earlier versions of the agent. Running 4.1.6 on both CAM/CAS. We aren't using L2 strict mode on our CAS either. Thanks -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Rob Crockett Sent: Tuesday, August 26, 2008 2:37 PM To: [email protected] Subject: Re: Further 4.1.6 agent issues w/ Vista I too have seen the same issue with Clean Access Agent 4.1.6.0 running in Vista in which the wireless connection wouldn't prompt to login to CCA but with the wired connection it worked fine. Downgraded to 4.1.3.1 and works fine with wired and wireless. Stopped making the CCA 4.1.6.0 mandatory until I know this has been fixed. We are not using strict blocking on our CAS. We are running 4.1.3.1 on CAM\CAS. Thanks, Rob Crockett Network Administrator IT Services Ouachita Baptist University 410 Ouachita St. OBU Box 3794 Arkadelphia, AR 71998 Office 870.245.5567 Direct 870.245.4553 http://www.obu.edu/ITS -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Robert J. Rutkowski Sent: Tuesday, August 19, 2008 2:14 PM To: [email protected] Subject: Re: Further 4.1.6 agent issues w/ Vista Has anyone gotten anywhere with these issues? I just had a student PC with Vista and 4.1.6 Agent (also 4.1.6 server and manager). The wireless wouldn't even allow the login window to pop up, but once I connected the hard wire connection it popped up and logged in fine... Any help would be appreciated. Rob -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Nathaniel Austin Sent: Friday, August 08, 2008 7:35 AM To: [email protected] Subject: Re: Further 4.1.6 agent issues w/ Vista Cat, I am actually working on a case now with the same issue in Vista (access blocked by administrator). What that error means is that you have L2 strict mode enabled on the CAS and the CAS cannot get the clients Mac address, or it doesn't match what we have in the arp table. You can temporarily disable that option by managing the CAS and going to the network tab - that should allow your clients to get on. I am investigating the root cause now, but it appears that the Agent is not detecting the Mac address of Wireless NICs in Vista correctly, and sending the wired Mac address which doesn't match the arp table entry. I would love to get more examples of this occurring for my research, so if you can open a TAC case that would be awesome. Thanks, Nate Cat Hoffman wrote: > This is likely related to our "string error" one from earlier, but I > just received this further information about our Vista + wireless = no > access on wireless for 4.1.6... read on and please let me know any > advice you have, much appreciated, thanks! > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Cat Hoffman > Network Infrastructure & Security Engineer > Office of Information Technology > Valparaiso University > 1700 Chapel Drive, B13 Kretzmann Hall > Valparaiso, IN, 46383 > Phone: (219) 464-6101 > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > >>> there seems to be a problem with the newest update to CCA (v. > 4.1.6.0). Actually, there might be a couple problems. > > The most significant problem occurs after CCA is updated. When the > user attempts to login, he or she immediately receives an error > message: "Access to network is blocked by administrator." Repeated > login attempts, even after a full computer restart, deliver the same > results. I think it's server side though, because occasionally I've > seen "Unable to parse server response" (which implies a failed > connection to server) instead of the "Access to network..." error. > Furthermore, this seems to be a /Wireless/ problem. I have had at > least one student say that she was unable to login wirelessly because > of the above issue, but she has had no problems with a hardwire > connection. . > > Of probably lesser consequence, there also seems to be an > authentication problem. I have witnessed it at two points in this > process. The first occurs before the program is actually updated. > When tCCA first opens, the typical login window appears for the user > to sign in. If the user clicks the "Login" button without entering a > username, it asks the user to enter his or her username. However, the > program does not actually search for a username. It only cares that > there is an entry in the username box. Nothing is authenticated > because, as long as there is an entry in the username box when "Login" > is clicked, the program will update. The attached picture is my > attempt to login as the user "jibberish". Not only did it fail to > stop this username, CCA was unaware that I did not enter a password. > Maybe this isn't a bug since it has to update regardless of who's > asking it to, but it is something that we should probably be aware of. > > More importantly, the second time the authentication problem appears > is after the update. When the login window appears after the update, > the client can again put anything in the username box and click > "Login." Without checking the username (any value works) or password > (which may be blank), the "Access to network..." error shows up. > Therefore, this seems to show that the glitch is occurring before any > authentication occurs. Perhaps it's a problem when CCA first connects > to the server. > > ------------------------------------------------------------------------ >
