Basically it says that I do not have sufficient privileges to install the Agent for all users of the machine. Can anyone shed some light for me?
Thanks in advance. Brian Beausoleil - Network Administrator Office of Information Technology SOUTHERN CT STATE UNIVERSITY I have been working on this for over a month with TAC. It appears, but has not been POSITIVELY established, that there is a bug that may be related to either the cert used or the particular executable. I am conducting some (hopefully) final tests today. Having said that, here are a few gotchas to check. These all apply to Windows, I have no idea how to deal with this on Mac or Linux/BSD. Stub agent ONLY works with executables, no batch files allowed. My TAC guy did not know if an executable called by an executable would work or if a script called by an executable would work. The executable must be signed with a code signing cert with a proper chain of certs. You must use an exact version of code signing executable from Microsoft to keep Cisco happy. I do not know if it REALLY matters, but TAC can give you a link to the "sanctioned" version. Cisco admits that instructions are " a little vague" on this, however TAC has a great PDF that makes it pretty easy and painless. The root cert must be installed on the client machine as well as the code signing cert, and it must be in the Trusted Root Certification Authority on Windows. And here's the one that TOTALLY got me, YOU MUST CREATE A REGISTRY KEY THAT IS PARTICULAR TO THE EXECUTABLE BEING RUN IN ADDITION TO INSTALLING THE CERT! Whoops, I totally missed this one and in case you did too, get the PDF from TAC, it explains (more or less) how to create the registry key that you need. If you do those things, have exactly the right executable, it works great. If the wind is from the southwest however, or Clean Access dislikes your executable (Heaven knows why) your pretty stuck. I am using a compiled scripting language AutoIt3 which is a gift from above for Clean Access in a Windows environment, but the compiled code, which is a self running exe file, fails utterly. The Spybot installer however, for instance, works fine. Go figure. Anyway hope all this helps. Good luck storming the castle. Daniel Sichel, CCNP, MCSE,MCSA,MCTS (Windows 2008) Network Engineer Ponderosa Telephone (559) 868-6367
