Subject: | |
From: | |
Reply To: | |
Date: | Wed, 22 Apr 2009 11:50:47 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
If you are using high availability, check the certificate on both
primary and secondary to make sure they are identical and the
certificate chains are correct.
Then again, I could be the only one who's had high availability or SSL
certs give me fits....
Christopher DeSmit wrote:
>
> Please keep in mind that the Manager has a certificate that is used
> when you assess the manager.. it appears the Clean Access Server
> certificate is expired…
>
> Must browse to the server directly to see. Have you done this?
>
> Example https://publicipaddress/Admin
>
>
>
> Where the public ip address is of the Clean Access Server.. once there
> check the status of the certificate
>
> Hope this helps
>
>
>
> Thanks,
>
>
>
> Christopher DeSmit
>
> *University of North Carolina Pembroke- *
>
> *Division of Information Technology *
>
> *Network Security Specialist *
>
> *910-521-6260 *
>
> *[log in to unmask] *
>
>
>
> *From:* Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] *On Behalf Of *Brian Beausoleil
> *Sent:* Wednesday, April 22, 2009 10:49 AM
> *To:* [log in to unmask]
> *Subject:* Clean Access connection issue
>
>
>
> Hi all,
>
>
>
> I could use some assistance in resolving an issue. I have tried to
> find a possible source of the problem but have fallen short. The
> following is the error message Clean Access displays when trying to
> connect…
>
>
>
> "Clean access server could not establish a secure connection to clean
> access manager
> at cam1.scsu.southernct.edu. This could be due to one or more of the
> following reasons:
>
> 1. clean access manager certificate has expired
> 2. clean access manager can not be trusted
> 3. clean access manager can not be reached.
>
> Please report this to your network administrator."
>
>
>
> Some of our Help Desk student workers get the message as well, and
> they say the Agent will pop up to log in, but when they log in they
> receive this error message. Things we have discovered so far (While
> the student is unable to log in)…
>
> · Nslookup resolves the Manager
>
> · Ip, dns, default gateway, dhcp server are all correct
>
> · The certificate has NOT expired
>
> · Manager can be reached because the Agent popped up, and I
> can log into the admin UI
>
> · Scanned with AV, Malwarebytes, etc… and found no infected
> objects
>
> · User is able to access our homepage via IP but not by name
>
>
>
> At this point I am at a loss. After some time the issue goes away and
> the end user is able to log back in. Each time that we have gone out
> we plugged own machine into the jack and was able to log in with no
> problems. This is not affecting every user and is impossible to
> replicate.
>
>
>
> Any feedback or solutions would be appreciated.
>
>
>
> Thanks in advance…
>
>
>
> Brian
>
--
James Simpson
Security Engineer
IT Services
Miami University
Oxford, OH
Office 513-529-1595
Mobile 513-839-0083
|
|
|