Sorry our e-mail scanner did not like the cmd file. Here it is. The
password is cca to access it.
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Hernandez, Phillip
Andrew
Sent: Tuesday, October 16, 2007 10:03 AM
To: [log in to unmask]
Subject: [Bad Attachment] Re: New Agent
Warning: This message has had one or more attachments removed
Warning: (Fix.zip, Fix.cmd).
Warning: Please read the
"/opt/Fortress/engine/etc/reports/LIBERTY-EDU-Attachment-Warning.txt"
attachment(s) for more information.
Hello,
I have seen the "Unexpected error.Quitting" problem with 4.1.2.1.
Apparently the problem is caused by Windows Resource Protection
(http://msdn2.microsoft.com/en-us/library/aa372868.aspx). There are 2
ways that I know of for solving this problem.
Solution 1:
1. Uninstall Cisco Clean Access
2. Install Cisco Clean Access 3.5.4.
3. Attempt to log into Cisco Clean Access.
4. Allow Cisco Clean Access to update itself after login in
Solution 2:
This solution was actually found by one of our students on campus (I
have not tested it but this is what he sent us). I have attached the
fix.cmd
The problem arises when the Administrators group doesn't have
permissions for the files or registry keys that the installer is trying
to write to; only the TrustedInstaller group has these permissions. But
the administrator can still set permissions- just download the subinacl
tool from here
(https://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe
-4a91-93cf-ed6985e3927b&DisplayLang=en) and use it to give
administrators full access to all registry keys and all files. I
Recommend the attached script that I used (requires subinacl.exe) to
change permissions on all files. It solved the problem completely. Make
sure that you remember to include the last line of that fix.cmd script-
otherwise the massive group policy change will take forever to propagate
(ie, it won't). If you have a noncommited (not sure what this is really
called) security policy vista goes insane- all sorts of crucial system
services refuse to start and it's a nightmare. I went for 2 days or so
before I figured out how to force a policy propogation, and when I
finally did, explorer died and I had to restart.. so I'm not sure
whether you would have to restart if secedit is run immediately. Once
this is all done, everything works perfectly and CCAA should install.
Let me know if this works.
Phillip Hernandez
Liberty University
DISC Staff
ResNet Support Specialist
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Chris T. Healey
Sent: Monday, October 15, 2007 8:12 AM
To: [log in to unmask]
Subject: Re: New Agent
Same thing happened to us late Friday.
For us, our student has a Sony Vaio running Windows Vista, and all was
fine with Agent 4.1.2.1. Once he upgraded the agent now the agent will
not start - we just get a pop up that says: "Unexpected error.
Quitting"
We tried to back rev him but then that agent also says the same message.
We uninstalled, rebooted, and then installed 4.1.2.1 but nothing gets
him back to normal. We are new to the NAC - do the agent updates always
cause grief like this?
Anyone have a case # with Cisco on this? I am planning on calling one in
today and the student should be coming by my office around 1:00 pm today
so that I can have his laptop as I talk to TAC. It would be nice if I
can also ask my TAC to look at the other issues.
Thanks
Chris
___________________________________
Chris Healey
Capital University
Office of Information Technology
1 College and Main
Columbus, OH 43209-2394
614-236-6964
Email: [log in to unmask]
___________________________________
All that is valuable in human society depends upon the opportunity for
development accorded the individual.
- Albert Einstein
___________________________________
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Bradley W. Kramer
Sent: Friday, October 12, 2007 2:01 PM
To: [log in to unmask]
Subject: Re: New Agent
We are having similar problems with 4.1.2.2 here, users are getting
about 10 minutes of connectivity followed by 10 minutes of non-
connectivity... We are forcing a back-rev on all of our agents... we
have a significant amount of students having this problem and the only
thing that has changed in ResNet this week is our CCA version.
Please keep us posted, i am convinced it could be spyware or something
conflicting with the agent, however firewall is not the issue, i could
reproduce the problem with no av/firewall installed on a freshly
installed system....
-Brad Kramer
On Oct 12, 2007, at 10:06 AM, Simon Kissler wrote:
> Any chance there's a host firewall that keys in on the application
> binary (incl. version) and isn't letting the new version talk/ receive
> network traffic ? I've seen that before where the firewall needed to
> be configured again to allow traffic when the agent updated (although
> haven't seen it for some time).
>
> -S
>
>
> >>> On 10/12/2007 at 8:54 AM, Jeff Stewart <[log in to unmask]>
> wrote:
> Nope, with the old agent it logs in, with the new agent I don't have
> that option.
>
> Osborne, Bruce W. (NS) wrote:
> > Since it is a Sony Vaio, is CCA forcing it into your game console
> role?
> >
> > Check the MAC address in your filters.
> >
> > Bruce Osborne
> > Liberty University
> >
> > -----Original Message-----
> > From: Cisco Clean Access Users and Administrators
> > [mailto:[log in to unmask]] On Behalf Of Jeff Stewart
> > Sent: Friday, October 12, 2007 9:23 AM
> > To: [log in to unmask]
> > Subject: [CLEANACCESS] New Agent
> >
> > Has anyone had any trouble with the latest agent release? I have a
> > machine where agent 4.1.2.1 works fine but as soon as I upgrade to
> > 4.1.2.2 the agent stops working. Looks like the agent is running
> but
> > the login is grayed out. It's a Sony Vaio running Vista.
> >
> > Jeff
> >
> >
>
> --
> Jeff Stewart
>
> Network Engineer
> Network Computing & Support
> Western Kentucky University
|
