If you are using high availability, check the certificate on both
primary and secondary to make sure they are identical and the
certificate chains are correct.
Then again, I could be the only one who's had high availability or SSL
certs give me fits....
Christopher DeSmit wrote:
Please keep in mind that the Manager has a certificate that is used
when you assess the manager.. it appears the Clean Access Server
certificate is expired…
Must browse to the server directly to see. Have you done this?
Example https://publicipaddress/Admin
Where the public ip address is of the Clean Access Server.. once there
check the status of the certificate
Hope this helps
Thanks,
Christopher DeSmit
*University of North Carolina Pembroke- *
*Division of Information Technology *
*Network Security Specialist *
*910-521-6260 *
*[email protected] *
*From:* Cisco Clean Access Users and Administrators
[mailto:[email protected]] *On Behalf Of *Brian Beausoleil
*Sent:* Wednesday, April 22, 2009 10:49 AM
*To:* [email protected]
*Subject:* Clean Access connection issue
Hi all,
I could use some assistance in resolving an issue. I have tried to
find a possible source of the problem but have fallen short. The
following is the error message Clean Access displays when trying to
connect…
"Clean access server could not establish a secure connection to clean
access manager
at cam1.scsu.southernct.edu. This could be due to one or more of the
following reasons:
1. clean access manager certificate has expired
2. clean access manager can not be trusted
3. clean access manager can not be reached.
Please report this to your network administrator."
Some of our Help Desk student workers get the message as well, and
they say the Agent will pop up to log in, but when they log in they
receive this error message. Things we have discovered so far (While
the student is unable to log in)…
· Nslookup resolves the Manager
· Ip, dns, default gateway, dhcp server are all correct
· The certificate has NOT expired
· Manager can be reached because the Agent popped up, and I
can log into the admin UI
· Scanned with AV, Malwarebytes, etc… and found no infected
objects
· User is able to access our homepage via IP but not by name
At this point I am at a loss. After some time the issue goes away and
the end user is able to log back in. Each time that we have gone out
we plugged own machine into the jack and was able to log in with no
problems. This is not affecting every user and is impossible to
replicate.
Any feedback or solutions would be appreciated.
Thanks in advance…
Brian
--
James Simpson
Security Engineer
IT Services
Miami University
Oxford, OH
Office 513-529-1595
Mobile 513-839-0083
