Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide, Release 4.1(2)
Error and Event Log Messages
Download this chapter
Error and Event Log MessagesError and Event Log Messages
Download the complete book
Book-length PDFBook-length PDF (PDF - 12 MB)
give_us_feedback

Table Of Contents

Error and Event Log Messages

Client Error Messages

Login Failed

Network Error

Agent Unable to Upgrade Using MSI

CAM Event Log Messages


Error and Event Log Messages

Client Error Messages

Login Failed 

Clean Access Server is not properly configured, please report to your administrator.

A login page must be added and present in the system in order for both web login and Clean Access Agent users to authenticate. If a default login page is not present, Clean Access Agent users will see this error dialog when attempting login. See also Add Default Login Page, page 5-3. 

Clean Access Server could not establish a secure connection to the Clean Access Manager at 
<IP_address>

This error message to clients attempting login (Figure A-1) commonly indicates one of the following issues:

The time difference between the CAM and CAS is greater than 5 minutes.

Invalid IP address

Invalid domain name

CAM is unreachable

See also Troubleshooting Certificate Issues, page 14-15.

Figure A-1 "CAS Cannot Establish Secure Connection to CAM"

Network Error 

The request has timed out. [12002]

This error (Figure A-2) indicates a communication issue between the Agent and the CAS. The Agent pops up initially indicating that the Agent is able to reach the CAS and vice versa. However, at some point the communication is lost resulting in the error message. This error can reflect a timing issue after the VLAN has been changed for the user machine in OOB deployments. Increasing the VLAN Change Delay (under Switch Management > Profiles > SNMP Receiver > Advanced Settings) from the 2 second default to 3 or 4 seconds may resolve the issue.

Figure A-2 "Request Has Timed Out 912002]"

Agent Unable to Upgrade Using MSI 

Error 1316. A network error occurred while attempting to read from the file

This error (Figure A-3) appears when the user attempts to upgrade the Clean Access Agent using an MSI installer filename that does not match the InstallShield Wizard syntax.

To address this issue, make sure the .msi file is named "CCAAgent.msi" before installing it, particularly if downloading the file from Cisco Secure Software (where the version may be specified in the download filename). Renaming the file "CCAAgent.msi" ensures that the install package can remove the previous version then install the latest version when upgrading the Agent on clients.

Figure A-3 Agent Unable to Upgrade Using MSI

CAM Event Log Messages

Table A-1 describes Clean Access Manager event log messages. You can view the even log in the Clean Access Manager admin console from Monitoring > Event Logs.

Table A-1 Event Log Messages (Sheet 1 of 4)

Message
Explanation
Severity

<MAC address> added to AP MAC list

The access point is successfully added to the access point list.

Normal configuration log

<MAC address> could not be added to the AP MAC list

Adding access point to a passthrough list failed; the Clean Access Server might not be connected.

Error occurred when trying to automatically add to passthrough list

<MAC address> removed from the MAC list

Access point removed from the list.

Normal configuration log

<MAC address> could not be removed from the AP MAC list

Removing the access point from the passthrough list failed; the Clean Access Server might not be connected.

Error occurred when trying to remove from a passthrough list

<Authentication Server Name> added to authentication server list

Authentication server is added to the list.

Normal configuration log

<Authentication Server Name> is already configured in authentication server list

Authentication server being added is already on the list.

Normal configuration log

Provider name <Authentication Server Name> is already been used by different authentication server

Authentication server name already in use; updating authentication server failed.

Error on authentication server update

<Authentication Server Name> updated to authentication server list

Authentication server updated successfully.

Normal configuration log

<Authentication Server Name> is not a valid authentication server

Authentication server update failed; not a valid authentication server.

Error on authentication server update

<Authentication Server Name> removed from the authentication server list

Authentication server removed successfully.

Normal configuration log

<User name, MAC, IP> - Logout request

IPSec Client user logout request.

Normal configuration log

<User name, MAC, IP> - Logout attempt failed;

User logout failed; Clean Access Server is not connected.

Error

Invalid user credentials, <User name, MAC, IP>

Username and password invalid.

Error

Invalid authentication provider, <Provider Name> <User name, MAC, IP>

User authentication server invalid.

Error

<Clean Access Server IP> is inaccessible!

Heartbeat between Clean Access Manager and Clean Access Server failed; the Clean Access Server is offline.

Critical error; Clean Access Server should be brought up immediately

Dhcp properties are added

DHCP properties are published to DHCP server in Clean Access Server.

Normal configuration log

Dhcp properties are not added

DHCP properties publishing to Clean Access Server failed.

Error while publishing DHCP properties to the Clean Access Server

Cleared the event log

The entire event log has been cleared.

Normal configuration log

Domain authentication server information not available

User login failed; authentication server information not available.

Error on user login

Domain authentication server information not set

User login failed; authentication server information not completely configured.

Error on user login

<MAC address> added to MAC list

Device MAC address is added to the list.

Normal configuration log

<MAC address> could not be added to the MAC list

Device MAC address is not added to the list.

Error

<MAC address> is already in the MAC list

Device MAC address already added to the list.

Normal configuration log

<MAC address> removed from the MAC list

Device MAC address is removed from the list.

Normal configuration log

Updated policy to <Clean Access Server IP>

Policy is updated successfully.

Normal configuration log

Could not update policy to <Clean Access Server IP>

Policy update to Clean Access Server failed.

Error

Could not update policy to all Clean Access Servers, policies will be published whenever connected

A global policy is not updated to all Clean Access Servers; some of the servers might be disconnected.

Normal configuration log. Not an error, as the policies will be updated when they are connected.

Unable to ping <User IP>, going to logout user <Username>

Ping manager is logging off user, as the user is not online. Automatic user log off feature.

Normal user log

<Role name> role already exists

A role by this name has already been created.

Normal configuration log

<Role Name> role is created successfully

The role has been created successfully.

Normal configuration log

Deleting role <Role Name> failed, Clean Access Server <Clean Access Server IP> is not connected

Deleting role failed; Clean Access Server is not connected.

Error

Could not connect to <Clean Access Server IP>

Clean Access Server could not be added to the Clean Access Manager administration domain; the Clean Access Server is offline or not reachable by the Clean Access Manager.

Error

<Clean Access Server IP> added to Clean Access Manager

Clean Access Server is added successfully to the Clean Access Manager administration domain.

Normal configuration log

<Clean Access Server IP> updated in Clean Access Manager

Clean Access Server is updated successfully.

Normal configuration log

<Clean Access Server IP> is not configured in Clean Access Manager

Updating Clean Access Server failed; Clean Access Server information not found in the Clean Access Manager.

Error

<Subnet/Netmask> is already in the SUBNET list

Subnet has already been added to the subnet list.

Normal configuration log

<Subnet/Netmask> removed from the SUBNET list

Subnet is removed from the list successfully.

Normal configuration log

<IP Number> System Stats

Runtime statistics for the identified Clean Access Server. The information is:

load factor - Current number of packets in the queue that the server is processing (i.e., the current load being handled by the Clean Access Server).

max since reboot - The maximum number of packets in the queue at any one time (i.e., the maximum load handled by the Clean Access Server).

mem - The memory usage statistics. This lists the used memory, shared memory, buffered memory, and unused memory.

cpu - The processor load on the hardware.

N/A

Unable to process out-of-band login request from [<MAC address> <IP address>] <username>.
Cause: connected device [<MAC address>] not found.

This error message appears when the CAM does not receive appropriate MAC Notification about the client machine. Two common causes for this error condition are:

The SNMP trap syntax from the managed switch is not compatible with the SNMP trap syntax on the CAM. (Ensure the syntax/configuration between the switch and the CAM is consistent.)

The client machine is already connected to a switch port on the Authentication VLAN before the CAM is configured to manage the switch, thus the CAM cannot authenticate the OOB user login request because the CAM is not aware of the client machine connected to the switch port. (Try disconnecting the client machine from the switch port and reconnecting.)

Error