Cisco Clean Access Agent

DOCUMENT CONTENTS:

• About Cisco Clean Access
• Using and Installing Clean Access
• Troubleshooting Common Problems with Cisco Clean Access Agent
  • The login window never pops up
  • The Clean Access Agent tells you to install Windows Updates, but when you go to the Windows Update web site it tells you there are no updates to install
  • When logging in to Clean Access Agent, you get an error message about "Security Certificate Revocation" and are unable to complete the login
  • When logging in to Clean Access Agent you get an error message about an "invalid clean access server"
  • When logging in to the Clean Access Agent I get the following error message: SSL Certificate REV failed [12057]

About Cisco Clean Access

The Cisco Clean Access Agent is a software program which ResNet subscribers who use Windows 2000, Windows XP and Windows Vista must install on their computers before they are able to access the Internet. Users of older Windows operating systems, Mac and Linux users will not be required to download and install the Cisco Clean Access Agent.

The Cisco Clean Access Agent is what you will as a user of the operating systems mentioned above use to login to the campus network. The Clean Access Agent will also scan your computer to make sure it has the latest Windows security patches (available through Windows Update). If your computer does not meet any of the previous three criteria, you will be given temporary restricted access to the network enabling you to bring your computer into compliance. Once your computer meets the requirements, you will be granted full access to the Internet.

Every other week, all users are logged out of the Cisco Clean Access system to ensure all systems are checked for the network requirements.

Using and Installing Clean Access

When you plug your computer into the network for the first time and open your web browser you will be re-directed to the Network Authentication Page. Login to the network authentication page using your NPCUID and password. If you are using one of the previous mentioned Windows operating systems, you will be directed to the Cisco Clean Access Agent download page. If you use another operating system, you will now have access to the Internet without issue.

To watch a video on the Clean Access Agent and installation process, visit WNPC-TV's website and click the ON DEMAND link at the top of any page. Then find the video named HELP YOURSELF: Getting Connected to the Internet at the bottom of the menu.

Once you download the Cisco Clean Access Agent to your computer, you will need to install it just like any other computer program you might download from the Internet. To do this, double-click the icon for the Clean Access Agent installer you just downloaded. Accept the license agreement, select a folder where to install the Clean Access Agent (the default folder is fine) and then click the Install button. The installation will only take a moment to complete.

Once installed, the Clean Access Agent will pop up the login screen momentarily. An example login screen is shown at the top of the page. Login with your NPCUID and password to login.

• If your computer meets the network requirements, you will be asked to accept the Network Usage Guidelines and then be granted full access to the Internet.
• If your computer does not meet the network requirements, you will be given temporary access. Click the Continue button to see what requirements your computer does not meet. Your computer could have failed login because of one or more of the following reasons:
  • Windows Updates: Your computer must have the latest Windows security patches installed. You can download the latest Windows Updates by going to http://www.windowsupdate.com/ with Internet Explorer. If you have trouble installing the Windows Updates, or would like assistance installing them, please contact the Student Help Desk. Our office hours, office location, telephone number and e-mail address are on the home page of our web site. Windows Updates are the most common problem users face with the Cisco Clean Access system.

Troubleshooting Common Problems with Cisco Clean Access Agent

The login window never pops up

The login window will only show up if the Clean Access Agent is running and can locate the Clean Access server on the campus network. Follow the following steps to troubleshoot this problem:

1. Make sure the Clean Access Agent is running. Double-click on the Clean Access icon on your desktop. You might see a message that says, "Clean Access Agent is already running."
2. Check for the green key icon in the "system tray" which is the group of icons next to the clock on the lower-right corner of your screen. You might have to click the left pointing arrow button on the tray to see all of the icons. The picture below shows what the icon in the system tray looks like.
   
3. Right-click on the green key icon in the system tray. The top choice should be Login and should be dark black.
   • If the top choice is Login then make sure that the second option down from login, "Popup login window" has a check mark to the left of it. If it does not, click on it. This will make sure the login window pops up whenever you need to login to the network. Now open the menu again and click on Login to login to Clean Access.
   • If the top choice is Logout then you are already logged in and do not need to login again.
   • If the top choice is grayed out then proceed to the next step.
4. Ensure your computer is properly connected to the campus network
   1. Make sure the Ethernet cable is firmly attached to your computer and to the jack on the wall in your room. Unless you live in a tripled room, the cable should go directly from your computer to the jack on the wall. It should not be plugged into a hub, router or switch. If you do live in a tripled room, make sure the hub or switch provided to you by the help desk is properly configured. If you have any questions about how to configure the hub or switch in your tripled room, please contact the Student Help Desk. Our office hours, office location, telephone number and e-mail address are on the home page of our web site.
   2. Make sure you have a valid IP address.
      For users of Windows XP:
      1. Click on the green Start menu button in the lower-left corner of the screen.
      2. Click on Run...
      3. Type in "cmd" (without the quotes) and then click OK. You will see a black box opens on the screen.
      4. In the black box, type in "ipconfig" without the quotes and then press Enter.
      5. Under the heading "Ethernet adapter Local Area Connection" you should see a line that says "IP Address" which has 4 groups of numbers seperated by periods. The first group of numbers should be 137. The second group of numbers should be 140. If the first and second group of numbers are not 137 and 140, please contact the Student Help Desk. The image below shows you what you should see in the black box if your IP Address is correct.

      

      For users of Windows Vista:
      1. Click the Windows icon at the lower-left corner of the screen.
      2. In the search box type in "cmd" (without the quotes) and press Enter.
      3. In the black box, type in "ipconfig" without the quotes and then press Enter.
      4. Under the heading "Ethernet adapter Local Area Connection" you should see a line that says "IPv4 Address" which has 4 groups of numbers seperated by periods. The first group of numbers should be 137. The second group of numbers should be 140. If the first and second group of numbers are not 137 and 140, please contact the Student Help Desk. The image below shows you what you should see in the black box if your IP Address is correct.
         
5. Ensure you do not have a firewall blocking Clean Access Agent from reaching the Internet. Programs like McAfee Personal Security, McAfee Personal Firewall, Norton Internet Security, ZoneAlarm, Comodo, PeerGuardian (just to name a few) are known to conflict with the Cisco Clean Access Agent, especially after a program update. Temporarily disable your firewall and see if the login window pops up. If it does, you have found the problem and should create a rule allowing Clean Access to reach the Internet. For assistance with disabling your firewall and creating a rule to allow Clean Access to reach the Internet, contact the Student Help Desk. Our office hours, office location, telephone number and e-mail address are on the home page of our web site.
6. If you are still unable to get the Login window to pop up, you should contact the Student Help Desk. If you have a laptop, you can bring it to our office and we will work on it while you wait. If you have a desktop, you can file a problem report and someone will come to your room to help you.

The Clean Access Agent tells you to install Windows Updates, but when you go to the Windows Update web site it tells you there are no updates to install

This problem often occurs when an update does not get installed correctly on your computer. We can see which updates you are missing and instruct you on how to download and install them manually to get you on the Internet. Please login to Clean Access Agent before calling our office. Our office hours, office location, telephone number and e-mail address are on the home page of our web site. The help desk assistant you speak to can look up which update you need and walk you through the process of downloading it from Microsoft's web site and then installing it on your computer.

When logging in to Clean Access Agent, you get an error message about "Security Certificate Revocation" and are unable to complete the login

This problem is caused by an issue with Internet Explorer. To reoslve this issue, follow these steps:

1. Open Internet Explorer.
2. From the Tools menu, select Internet Options and then click on the Advanced tab.
3. Scroll down the list of options until you reach the Security category. UNCHECK the box for "Check for server certificate revocation".
4. Click OK to save the changes. Close Internet Explorer. Restart your computer.
5. After your computer restarts, try to login again to Cisco Clean Access Agent. If your computer meets the network requirements, you should have no problem logging in.

When logging in to Clean Access Agent you get an error message about an "invalid clean access server"

This problem can be caused by several things. The most common problem is when you are connected to the network using an Ethernet cable and you are in an area with wireless connectivity and have your wireless enabled. Disable your wireless network card and then try again.

If that does not work, make sure you do not have your web browser's home page set to the Clean Access login or download pages. You should set your browser's home page to anything other than those sites (google.com or newpaltz.edu for example).

When logging in to the Clean Access Agent I get the following error message: SSL Certificate REV failed [12057]

This error is caused when the SSL functionality within the operating system is not working correctly.

1. Make sure you are able to view the Clean Access web based login page.
2. Make sure system time on the computer is correct.
3. Make sure certificates appear within Internet Explorer's preferences (Tools menu -> Internet Options menu item -> Content Tab -> Certificates button -> Trusted Root Certification Authorities tab)
4. Click "Clear SSL State" button on the Content tab on the Internet Properties window

Restart the agent and try again. If it still doesn't work try the following:

Disable checks for server certificate revocation within Internet Explorer (Tools menu -> Internet Options menu item -> Advanced tab -> Under the "Security" heading uncheck "Check for server certificate
revocation").  This option is unchecked by default.  Close the window and Internet Explorer and then restart the computer.

If the above doesn't work read Microsoft's KB822798 article on how to fix SSL services within Windows:http://support.microsoft.com/default.aspx?scid=kb;en-us;822798

Links below may open in a new window.

• •

Copyright 2008 SUNY New Paltz Student Computer Help Desk.