I found this Bug in the meanwhile:

+++++++++++++++++++++++++++++++++++++++++
CSCsk46672 Bug Details
CAS stops listening on 8910 after threads in CLOSE_WAIT state

Symptom:
Agent fails to perform ADSSO

Conditions:
CAS no longer listening to tcp port 8910 because 50 threads are already in CLOSE_WAIT state

Workaround:
Under Device Management > Clean Access Servers > CAS > Windows Auth
Click UPDATE on SSO service to flush the CLOSE_WAIT states
+++++++++++++++++++++++++++++++++++++++++

After applying this workaround, the number of TCP sessions in CLOSE_WAIT state went from 310 to 260. This resolved the issue but i
still would like to clear them all without rebooting the box.

Any ideas ?


Thanks.

Regards,

Antonio Soares, CCIE #18473 (R&S)
[log in to unmask]

-----Original Message-----
From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Pete Boynton
Sent: terça-feira, 15 de Setembro de 2009 17:29
To: [log in to unmask]
Subject: Re: SSO Issue

How about disconnecting the CAS and connecting again:

CCA Servers -> List of Servers-> Disconnect

And then CCA Servers -> List of Servers-> Manage

But I am not too sure. 

-----Original Message-----
From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Antonio Soares
Sent: Tuesday, September 15, 2009 11:39 AM
To: [log in to unmask]
Subject: SSO Issue

Hello group,

This is my first on this list so forgive me to start with a problem :)

I'm troubleshooting a NAC issue. I see lot's of CLOSE_WAIT sessions on the CAS and i need to find a way to restart the SSO service
(TCP:8910) without restarting the whole box. Disabling the option "Enable Agent-Based Windows Single Sign-On with Active Directory
(Kerberos)" in the CAM does not do the job. I think that after clearing these TCP stuck sessions, Single Sign-On will work again.


Thanks.

Regards,

Antonio Soares, CCIE #18473 (R&S)
[log in to unmask]