John's reply is worth investigating assuming you did the domain wide (multi-DC) ktpass command. Also verify your ktpass version meets the recommended version. About a year ago I had an issue where single domain setup would work but multi-domain setup would fail. It was found to be the ktpass version was old.
Regards, /Daniel On Fri, Aug 26, 2011 at 11:40 AM, Kyle Torkelson <[email protected]> wrote: > Is there a group policy something like "Wait for Network on Computer Start > up" or something that you could try? Just curious... > > Kyle Torkelson > University of Sioux Falls > > > > -----Original Message----- > From: Cisco Clean Access Users and Administrators > [mailto:[email protected]] On Behalf Of Allen, Richard D CW2 NG > NG NGB > Sent: Friday, August 26, 2011 12:43 PM > To: [email protected] > Subject: Re: One step closer... (UNCLASSIFIED) > > Classification: UNCLASSIFIED > Caveats: NONE > > Yes - when doing the auth test it comes back correct. The strange part is > that it is only from a cold boot. When I boot up it will not do SSO but if I > simply log out and back in SSO performs correctly. > > -----Original Message----- > From: Cisco Clean Access Users and Administrators > [mailto:[email protected]] On Behalf Of Daniel T > Sent: Friday, August 26, 2011 12:08 PM > To: [email protected] > Subject: Re: One step closer... (UNCLASSIFIED) > > Richard, > It sounds like it is only reading cached credentials to me. Do you get > successful replies when you use "Auth Test". > User Management -> Auth Servers -> Auth Test > > Then enter username with ADSSO as the provider. If that is not getting > proper replies, you might need to use some LDAP tool to see what you are > getting. > > Regards, > /Daniel > > On Fri, Aug 26, 2011 at 9:39 AM, Allen, Richard D CW2 NG NG NGB > <[email protected]> wrote: >> Classification: UNCLASSIFIED >> Caveats: NONE >> >> After enabling NAT to allow certificate CRL validation I am able to >> complete SSO with smart card. Except.. >> >> >> >> From a complete cold boot SSO does not execute and instead I get the >> agent login screen. If I don't log in to the agent and simply log out >> and back into windows SSO processes me as expected. Any suggestions on >> what may be happening? >> >> >> >> Richard Allen >> >> CW2, SC, TNARNG >> >> J6 JFHQ >> >> 3041 Sidco Drive >> >> Nashville, TN 37204 >> >> Comm: 615-313-7522 >> >> DSN 683-7522 >> >> >> >> Classification: UNCLASSIFIED >> Caveats: NONE >> >> > > Classification: UNCLASSIFIED > Caveats: NONE >
