We saw the same thing and attributed it to bug id CSCsy37405. We disabled the CRL checking function via the agent configuration file.
-- Cal A. Krzywiec Network Engineer The University of Scranton Phone: (570) 941-6748 Email: [email protected] Mike Diggins wrote: > I've seen the same thing happen on both Windows XP and Vista. I'd also > like to know why, as it happens only infrequently. We use Verisign > certificates and I believe have the appropriate Verisign hosts open so > the client can do the CRL check, regardless of what Role it's in. In > my case I have seen it where clicking Yes at the prompt doesn't get > past the message though. > > CAM/CAS 4.1.6 Agent 4.1.10 > > -Mike > > On Tue, 27 Oct 2009, Aaron Abitia wrote: > >> Hello folks, >> >> I have a Windows machine running XP Pro/Home that is getting a message >> intermittently when logging in. The message displays after the Agent >> pops >> up and the user hits "enter" to login. It is, "Revocation >> information for >> the security certificate for this site is not available. Do you want to >> proceed?" If the user hits "yes", then go on as normal with the >> login and >> can get on the network. If the user hits "view certificate", they >> can view >> the certificate information from our CCA server and has the option to >> hit a >> button to "install certificate", which they did only most recently, then >> they can get on the network as well. At no time has the user not >> been able >> to get on the network. We have valid certs installed, and this message >> doesn't happen everytime, only sometimes. Just trying to ascertain >> what the >> message means and why it happens when it does...I know that the Agent >> uses >> cert information from installed browsers on a machine, but why does this >> message come up on this machine and not all the others, is the question. >> Why did the user get asked this one time and not all the other times >> that >> they logged in? It seems to come and go. Cisco has provided me info >> on how >> to make it go away, so that part is fine, but I'm looking for the "why" >> part. Many thanks for any insight. >> >> >> -- >> Aaron Abitia >> Network Analyst >> Network Administration, ITS >> Cal Poly State University >> Tel: 805.756.1295 >>
