Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

511

512

513

514

515

516

517

518

519

520

11-38

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 11 Monitoring and Troubleshooting Agent Sessions

Agent Troubleshooting

Step 2 Highlight and right-click the CCAAgent.app icon to bring up the selection menu.

Step 3 Choose Show Package Contents > Resources.

Step 4 Choose setting.plist.

Step 5 If you want to change the current LogLevel setting using Mac Property Editor (for Mac OS 10.5 and

later), find the current LogLevel Key and replace the exiting value with one of the following:

• Info—Include only informational messages in the event log

• Warn—Include informational and warning messages in the event log

• Error—Include informational, warning, and error messages in the event log

• Debug—Include all Agent messages (including informational, warning, and error) in the event log

Note The Info and Warn entry types only feature a few messages pertaining to very specific Agent

events. Therefore, you will probably only need either the Error or Debug Agent event log level

when troubleshooting Agent connection issues.

Note Because Apple, Inc. introduced a binary-format .plist implementation in Mac OS 10.4, the .plist file may

not be editable by using a common text editor such as vi. If the .plist file is not editable (displayed as

binary characters), you either need to use the Mac Property List Editor utility from the Mac OS X

CD-ROM or acquire another similar tool to edit the setting.plist file.

Property List Editor is an application included in the Apple Developer Tools for editing .plist files. You

can find it at <CD-ROM>/Developer/Applications/Utilities/Property List Editor.app.

If the setting.plist file is editable, you can use a standard text editor like vi to edit the LogLevel value

in the file.

You must be the root user to edit the file.

Client Cannot Connect/Login

The following client errors at login can indicate CAM/CAS certificate related issues (i.e. the CAS does

not trust the certificate of the CAM, or vice-versa):

• Users attempting web login continue to see the login page after entering user credentials and are not

redirected.

• Users attempting Agent login see the following error: “Clean Access Server could not establish a

secure connection to the Clean Access Manager at <IPaddress or domain>.

To resolve these issues, refer to Troubleshooting Certificate Issues, page 14-21.

No Agent Pop-Up/Login Disabled

For L2 or L3 deployments, the Agent will pop up on the client if “Popup Login Window” is enabled on

the Agent and the Agent detects it is behind the Clean Access Server. If the Agent does not pop up, this

indicates it cannot reach the CAS.