Have you looked at this?

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/47/47rn.html#wp606982

-Mike


On 27/01/2010 12:28 PM, Kyle Torkelson wrote:
> I agree...All of a sudden a bunch of laptops that were working this month are failing the Certificate Revocation...I have added and enabled ".ipsca.com" and "ends" to the Unauthenticated/Temporary/Quarantine roles per the release notes and config docs for 4.7.1 but it seems like this week I've had to turn off the revocation checking on each client...
>
> Perhaps, IPSCA CRL site is experiencing problems??  Or, is this a Cisco issue??
>
> Kyle
>
>
>
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Mike Diggins
> Sent: Tuesday, January 26, 2010 5:50 PM
> To: [log in to unmask]
> Subject: Re: IPSCA Certificate Revocation
>
>
> I see this periodically with our Verisign certificates on CCA 4.1.10
> (Agent), but there doesn't seem to be any pattern to it. A computer that
> is working fine will suddenly start getting Certificate Revocation Check
> failures. Then it will start working again and all is fine.
>
> In 4.7.1 they allow you to turn off the CRL check, which I plan to do, if
> we ever get there!
>
> -Mike
>
>
> On Tue, 26 Jan 2010, Kyle Torkelson wrote:
>
>>
>> Are any other schools getting the Certificate Revocation error when using IPSCA certificates?  I thought that if I added the CRL distribution point as a host under Traffic
>> Control for all of my User Roles to connect to that that would allow XP, Vista, and Windows 7 to connect to and check.  However, I’ve had to start doing the “uncheck check
>> for server and publisher cert revocation) as a temporary workaround.
>>
>>
>> Any suggestions???
>>
>>