Hello,
I'm trying to get my Windows native clients work with SoH Checks...
I already have the SoH License for the IC6500.
I have created a Custom SoH Check and assigned it to a test role.
The configured Authentication Protocols I have (in order) are:
EAP-TTLS
EAP-TLS
EAP-PEAP
for EAP (in order)
EAP-SOH
EAP-JUAC
EAP-MS-CHAP-V2
In my windows 7 client machine I enabled the native supplicant and configured
EAP-MS-CHAPv2
Also, enabled the EAP enforcement client as stated in:
http://technet.microsoft.com/en-us/library/cc730643.aspx
But it all fails when I try to establish a connection.
The user authentication log shows:
"Host checking is not possible with this protocol"
The policy trace shows:
"Host checker restriction check failed for role SSH"
What am I missing?
Is this supposed to work with MS-CHAPv2 or how do I enable a different authentication protocol ?
I'm attaching a .docx file with several screen captures of the log and the trace policy screen
Thanks for your help!!
Angel
Would it be possible for you to enable radius diagnostic logging and provide the logs after capturing the failure event.
Troubleshooting --> Monitoring --> RADIUS
Thanks for the reply
Here you go
I also, spotted this:
AUT24804 | 2013-10-04 19:34:38 - ic - [127.0.0.1] CNBYV\userssh123(ActiveDirectory)[] - Host Checker policy 'SoH 1' failed on host '' address '60-eb-69-xx-xx-xx' for user 'CNBYV\userssh123' reason 'La IMV no ha recibido informaciÑn sobre esta conexiÑn.'. |
"La IMV no ha recibido informaciÑn sobre esta conexiÑn" would be:
"IMV hasnÇt received information about this connection"
Hope that helps
Solved.
Thanks for Prateek from JTAC.
If you are running into the same issue:
Make sure you have ESAP updated on your IC.
Try with different policies (not only antivirus or firewall). An issue could be you Windows communicating the state of a particular product (AVG, Avast, etc) to the IC (so try different products).