cancel
Showing results for 
Search instead for 
Did you mean: 

SoH & Windows Native Client

Highlighted
Occasional Contributor

SoH & Windows Native Client

Hello,

I'm trying to get my Windows native clients work with SoH Checks...
I already have the SoH License for the IC6500.

I have created a Custom SoH Check and assigned it to a test role.
The configured Authentication Protocols I have (in order) are:
EAP-TTLS
EAP-TLS
EAP-PEAP

for EAP (in order)
EAP-SOH
EAP-JUAC
EAP-MS-CHAP-V2

In my windows 7 client machine I enabled the native supplicant and configured
EAP-MS-CHAPv2
Also, enabled the EAP enforcement client as stated in:
http://technet.microsoft.com/en-us/library/cc730643.aspx

But it all fails when I try to establish a connection.
The user authentication log shows:
"Host checking is not possible with this protocol"
The policy trace shows:
"Host checker restriction check failed for role SSH"

What am I missing?
Is this supposed to work with MS-CHAPv2 or how do I enable a different authentication protocol ?

I'm attaching a .docx file with several screen captures of the log and the trace policy screen

Thanks for your help!!
Angel

4 REPLIES 4
Highlighted
Regular Contributor

Re: SoH & Windows Native Client

Would it be possible for you to enable radius diagnostic logging and provide the logs after capturing the failure event.

Troubleshooting -->  Monitoring  --> RADIUS

Highlighted
Occasional Contributor

Re: SoH & Windows Native Client

Thanks for the reply

 

Here you go

Smiley Happy

Highlighted
Occasional Contributor

Re: SoH & Windows Native Client

I also, spotted this:

 

AUT24804 2013-10-04 19:34:38 - ic - [127.0.0.1CNBYV\userssh123(ActiveDirectory)[] - Host Checker policy 'SoH 1' failed on host '' address '60-eb-69-xx-xx-xx' for user 'CNBYV\userssh123' reason 'La IMV no ha recibido informaciÑn sobre esta conexiÑn.'.

 

"La IMV no ha recibido informaciÑn sobre esta conexiÑn" would be:

"IMV hasnÇt received information about this connection" 

 

Hope that helps 

Highlighted
Occasional Contributor

Re: SoH & Windows Native Client

Solved.

Thanks for Prateek from JTAC.

 

If you are running into the same issue:

 

Make sure you have ESAP updated on your IC. 

Try with different policies (not only antivirus or firewall). An issue could be you Windows communicating the state of a particular product (AVG, Avast, etc) to the IC (so try different products).