Chris- It is strange that you had to make those changes in order to get things working smoothly. We haven't had to touch any of those settings in the past, and this issue only began arising the last few weeks, and we have had Clean Access since the Perfigo days. I agree it looks like a DNS thing but I cannot prove it to be us or them. The next time I get a call about this issue I will give that a shot.
Brian From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Herron, Chris Sent: Wednesday, April 22, 2009 11:13 AM To: [email protected] Subject: Re: Clean Access connection issue Brian, The fact that you're able to reach resources by IP and not DNS name leads to believe your having a DNS issue. I'm not quite sure what your topology is but we the same exact issues if the TCP/IP stack is not configured properly. On windows workstation in the Advanced TCP/IP Settings the following need to be set (at least in our setup - L2 Inband - 4.1.2.1): 1. Append primary and connection specific DNS suffixes (needs to be selected) 2. Append parent suffixes of the primary DNS suffix (needs to be checked) 3. DNS suffix for this connection: (has to have our domain entered "company.com" 4. Register this connection's addresses in DNS (needs to be checked) 5. Use this connection's DNS suffix in DNS registration (needs to be checked) I did hours of testing and without the exact setup above we would get a lot of crazy errors including the one you've outlined. Hope this helps. Regards, Chris Herron Cogentrix Energy Information Technology Services P: 704.672.2870 C: 518.469.7342 From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Brian Beausoleil Sent: Wednesday, April 22, 2009 10:49 AM To: [email protected] Subject: Clean Access connection issue Hi all, I could use some assistance in resolving an issue. I have tried to find a possible source of the problem but have fallen short. The following is the error message Clean Access displays when trying to connect... "Clean access server could not establish a secure connection to clean access manager at cam1.scsu.southernct.edu. This could be due to one or more of the following reasons: 1. clean access manager certificate has expired 2. clean access manager can not be trusted 3. clean access manager can not be reached. Please report this to your network administrator." Some of our Help Desk student workers get the message as well, and they say the Agent will pop up to log in, but when they log in they receive this error message. Things we have discovered so far (While the student is unable to log in)... * Nslookup resolves the Manager * Ip, dns, default gateway, dhcp server are all correct * The certificate has NOT expired * Manager can be reached because the Agent popped up, and I can log into the admin UI * Scanned with AV, Malwarebytes, etc... and found no infected objects * User is able to access our homepage via IP but not by name At this point I am at a loss. After some time the issue goes away and the end user is able to log back in. Each time that we have gone out we plugged own machine into the jack and was able to log in with no problems. This is not affecting every user and is impossible to replicate. Any feedback or solutions would be appreciated. Thanks in advance... Brian
