The NAC Agent running application scan

Similar Questions

• Connection disabled for the Nac Agent

  Hello

  After installing the NAC Agent on Windows XP.

  The login window does not appear.

  Please see the attached support cisco report.

  Please suggest to overcome this problem.

  Thank you

  Abuzar

  Well, the default gw is an L3 device you have on your network, and if there is a firewall you will need to open the communication to these ports.

  What is the configuration of VLANS on the switch where the client is connected?

  Do you have an organizational chart?

  See you soon,.

  Tiago

• ISE - profile of the NAC agent

  Dears

  I want to deploy via GPO NAC agent and I need to create the agent profile, I know how to create on ISE, but how to get the file in xml format which will be distributed?

  You can try to install only a single PC (whether by a manual installation or captive portal). If you have set up rules of posture while ISE then the NAC Agent automatically contacts the ISE server and downloads the last NACAgentcfg.xml.

  Then you can browse the following directory and find the NACAgentcfg.xml file in your PC.

  C:\Program Files (x 86) \Cisco\Cisco NAC Agent

  After that, you can deploy mass agent of the NAC as well as the xml file. Well that is not required to deploy the xml file as a I said, every time, there is a rule of posture the NAC agent will download the last available the ISE Server NACAgentcfg.xml.

  Please rate if this can help.

• The NAC Agent autoUpgrade ISE possible?

  Hi all

  I have this:

  802.1 x-window with the NacAgent version (say 1) <---->802. 1 x switch active (RADIUS aaa OK) <------>ISE and AD on the same LAN

  ISE is configured for client provisioning with hardware (NacAgent version 2) downloaded from Cisco's Web site (as described in the documentation)

  I have a basic plan of authentication and authorization that allow me to well but I expect the NACAgent to be upgraded.

  No profiling is configured at the moment.

  Is that someone can help?

  Best regards?

  Hello

  In the ISE settings provisioning client, activate you the option where the NAC upgrade agent is required. However, it is to you to run updates perioidic and map the most recent agent in the configuration of the parameters of the client.

  Thank you

  Tarik Admani
  * Please note the useful messages *.

• Problem of the NAC - Agent is a disconnect

  Hello

  We have a problem with the NAC in mode virtual outofband.

  AD SSO, sanitation, everything is working, but the strange things happening: after awhile, when downloading large files, Agent connects to the formula of network users, and the registration process is restarted.

  I disabled the pulsation clocks and timers, session, but we still have a problem.

  Also, while sniffing traffic on the switch port, I noticed that after have correctly connected you to the own Cisco Agent network always send traffic to UDP Port 8905. Is this a normal behavior?

  I noticed problems with this version of the agent causing connections to give up intermittently. I would upgrade to agent v4.1.3.1.

• Cannot in the foreground a running application

  I have an application of UI configured to Autorun at startup, resulting in a son, do work in the background. It has a screen that displays information about the work that are background threads.

  class AppName extends UiApplication implements SystemListener2 {
      private static AppName app;
  
      public static void main(String[] args) {
          app = new AppName();
  
          if (ApplicationManager.getApplicationManager().inStartup()) {
              app.addSystemListener(app);
          } else {
              app.initializeLater();
          }
          app.enterEventDispatcher();
      }
  
      public AppName() {
          pushScreen(new InfoScreen());
          requestBackground();
      }
  
      private void initialize() {
          // Spawns some threads doing work in the background
      }
  
      private void initializeLater() {
          invokeLater(new Runnable() {
              public void run() {
                  initialize();
              }
          });
      }
  
      public void powerUp() {
          removeSystemListener(this);
          initialize();
      }
  }
  

  When I run the app in the Simulator, it works fine. At startup everything works and then when I click on the screen icon is highlighted and displayed. It is the output of the Simulator:

  3:20:26.612: AM: Starting AppName
  3:20:26.612: AM: AppName already running
  3:20:26.612: AM: Foreground is requested: AppName(304)
  3:20:26.628: AM: Foreground is set: AppName(304)
  

  However, on the device is displayed. It's the device debugger output:

  [0.0] Starting AppName
  [0.0] AppName already running
  

  As you can see that the foreground application is never made. I confirmed this by overriding the UiApplication.activate () method and by putting in a message to System.out to see if it was called, but it is not called.

  Does anyone have an idea why this is happening?

  "Is there any point having the call requestBackground()?

  Good question, I don't know, I did it just for "security".

  "pushScreen() in the constructor of the app or in the initialize() method."

  I could do this in the initialization.

• Although installed firefox 10.0, I recently the updater.exe running application as soon as firefox starts. The problem disappears when closed with force updater.exe, then also firefox subsides. How to avoid this problem?

  It consumes 30% of cpu and takes with him firefox, together consuming more than half of the CPU and was > 1 / 2 h.
  It is a new phenomenon which slows down all other activities on my computer.

  Sorry, updater.exe is not Firefox itself, something else began this process.

  Firefox checks the updates the module as it is launched and checks the availability of an update for Firefox, about 5 minutes after the launch. or use a separate update process, they run the process firefox.exe.

  plugin-container.exe is the only other process Firefox to clear or launch - a single instance of this process for each file from Web sites that use a Firefox plugin.

• NAC agent the wireless runs whenever we have controllers

  Hello everyone, we have a problem in our environment and wanted to inquire about this. We have a Cisco wireless infrastructure in place - 5508 2 controllers and about 200 3502 AP we have split the AP evenly between 2 controllers. We backend system with an own server in the strip of the NAC device for post assesment. What we are seeing, is that when a user "passes" a point of access to the other, and if the AP is connected to 2 separate controllers, the NAC agent will take place once again. Newspapers in cam supports this, as we see the user is disconnected and then reconnected. We have 2 controllers configured in a mobility group which should allow roaming. So what would be the expected behavior? Is the controller always send RADIUS Accounting Stop packets to the CAs when it tends a session wireless to another controller, even if they are in a group of mobility?  Any help or thoughts would be appreciated.

  Thank you

  The f

  Jeff,

  Since you're using dot1x, I found the following note in the configuration guide for mobility:

  http://www.Cisco.com/en/us/docs/wireless/controller/7.2/configuration/guide/cg_mobility.html

  

  All clients configured with 802. full authentication is complete by 1 security X/Wi-Fi Protected Access (WPA) to conform to the IEEE standard.

  Your radius server that you see a second authentication attempt from the second controller? If Yes, then most likely, this is because of the management of accounts radius stop and start messages while roaming.

  Thank you

  Tarik Admani
  * Please note the useful messages *.

• wake the computer to run an antivirus scan

  Is it possible to activate the computer to run an anti-virus scan?  I use The Shield antivirus program, and when I schedule a task to wake the computer and a scanner, it is unclear what part of the computer to scan and so he does nothing.  I don't know if the field "argument" is where I said what file to be reviewed or what, but I couldn't begin to know what to put as the argument anyway.  I can program the computer to run a scan when he's awake.  There is a task called awake auto that wakes the computer; It is a task that I could plan to run before the antivirus scan to allow the scan to run without the Task Scheduler from the analysis?  Do you know if the task of awakening auto has a path?

  Hello

  Please look here for detailed information:

  http://www.Vistax64.com/tutorials/166809-Task-Scheduler-wake-up-computer.html

  Concerning

• The Stub of the NAC for 4.7 Agent options

  Hello

  Does anyone know if Cisco provides an option of replacement for the role of the NAC Agent of the Stub in version 4.7?

  Thank you.

  Dennis,

  The service is installed as part of installing the agent. Now the agent installation requires administrator rights.

  HTH,

  Faisal

• Question commissioning of the ISE NAC agent

  I downloaded the NAC agents and modules of conformity to the ISE and configured the client provisioning rules. The user guide is not really explain very good next steps.

  I guess because the identity of the user groups are used in politics, commissioning is used with webauth, is that correct?

  Jeppe,

  The commissioning customer is done with any authentication method. Whether via dot1x or webauth, it is the authorization policy that starts this process. You redirect your customers customer provisioning portal using the authorization policy. Then, you determine which agent (web agent, agent nac or no agent) through the client provisioning policy.

  Hope that helps,

  Tarik Admani
  * Please note the useful messages *.

• Help the NAC OOB Windows SSO

  We have just upgraded to Windows 2003 AD to Win2k8 R2 and Single Sign it has stopped working. Authentication works very well, but the NAC agent does not use the Windows credentails. Users must enter their user name and password manually.

  The AD server is a new server but has the same IP addresses as the old man. I'm running the CAM/CASE 4.7.2.

  Gregg

  Gregg,

  2 k 8 does not by default, so I suspect that is where it's a failure. Please look at the following sections and rerun ktpass (on a new user preference) as shown in the link:

  http://www.Cisco.com/en/us/docs/security/NAC/appliance/configuration_guide/47/CAs/s_adsso.html#wp1257882

  HTH,

  Faisal

  --

  If you find this article useful, please note so that others can easily find the answer

• NAC agent and configuration of NHPS with ISE 1.1.1

  I try to get all the workstations (OSX and Windows) install the begging native NAC Agent and Assistant during the on-board process.

  I currently use portal default comments to EHT.

  The environment has been implemented using a design of dual SSID.

  For the moment, devices can plug the SSID of provisioning and get the CWA. Recording device works, the portal is running the installer of NHPS that correctly implements the network card.

  The problem is that the portal never tries to install the NAC Agent.

  Has a political client provisioning policies for wired and wireless as well as BONES. Each strategy includes a PSN and Agent NAC configuration. It seems that portal comments only checks the configuration of PSN and not the NAC Agent config.

  Any ideas?

  Just if I understand correctly, you are using both a client provisioning portal and a native Portal begging provisoning related policies separate authz.

  With that road you check to see if the customer is consistent in the political portal provisioning client.

  Let me know if you have following configured (windows OS in the example), this implies that endpoint is statically assigned to RegisteredDevices after native pursueth provisioning.

  Rule 0 (Group of endpoint = RegisteredDevice) AND (AD:Domain user and authentication method: x 509 and posturestatus: COMPATIBLE) = access allowed

  Rule 1 (Group of endpoint = RegisteredDevice) AND (AD:domain user authentication method: x 509 [If you have deployed the certs to the State native supp] AND workstation NOT EQUAL: COMPLIANT) client provisioning RESULT portal.

  Rule 2 (endpoint = Workstation group) AND RESULTS (AD:Domain user AND breed authentication using mschapv2) provisioning windows portal

  Hope that helps,

  Tarik Admani
  * Please note the useful messages *.

• NAC agent constantly authenticate

  I have a problem with NAC 4.9.4.3 where he réauthentifie randomly. There is no newspaper on the switch or within ISE to explain why this happens. The user seems to remain connected. Did somebody encounter this problem?

  Hi Deirra,

  How many times do you see that? You experience this problem with all the endpoints?

  If you don't see the newspaper on the ISE/switch so maybe not pure new authentication. The question may be followed by looking at the NAC agent logs.

  -Jousset

• NAC Agent recognizes bad OS

  I have a laptop windows 7 where the NAC agent think it's windows XP. It fails the NAC checks because he wants to ServicePack 3 must be installed. Has anyone already this issue or know where the NAC agent provides for what operating system it is?

  Just getting worse, I reinstall windows 7 but I was wondering if anyone could provide any idea for me?

  Johnathan,

  We have encountered this problem before. Check the properties for the executables of the NAC Agent and make sure that compatibility mode is not set to Windows XP.

  Doug