Extreme NAC connecting

[oujojo123]

My job is making me use Extreme NAC (Network Access Control) to work using my home computer. I have followed all the prerequisites and I still cannot connect. No error message or anything.

I talked to support and after many potential solutions they gave up and told me to ask my internet provider, which was also fruitless.
I looked through the NAC Assessment log and found the error:

An UnknownHostException error occurred while sending data to 'http://Enterasys_NACAppliance1:8080/Assessment/Server/'. Enterasys_NACAppliance1 (?:?-DiscoveryPhase)

An UnknownHostException error occurred while reading input from 'http://Enterasys_NACAppliance1:8080/Assessment/Server/'. Enterasys_NACAppliance1 (?:?-DiscoveryPhase)
INFO : Client will connect to master server at 'http://Enterasys_NACAppliance2:8080/Assessment/Server/'. (?:?-DiscoveryPhase)

WARN : An UnknownHostException error occurred while sending data to 'http://Enterasys_NACAppliance2:8080/Assessment/Server/'. Enterasys_NACAppliance2 (?:?-DiscoveryPhase)

WARN : An UnknownHostException error occurred while reading input from 'http://Enterasys_NACAppliance2:8080/Assessment/Server/'. Enterasys_NACAppliance2 (?:?-DiscoveryPh

 

[COLGeek]

As part of your config, were you required to adjust any settings on your router/firewall, like open certain ports?

 

[oujojo123]

As part of your config, were you required to adjust any settings on your router/firewall, like open certain ports?

No. Just to disable ipv6

 

[COLGeek]

This sounds more like a port issue and not really a question for your ISP. Check with your tech support folks to see what ports you may have to open for their config to work. Worth a shot.

 

[oujojo123]

This sounds more like a port issue and not really a question for your ISP. Check with your tech support folks to see what ports you may have to open for their config to work. Worth a shot.

They have told me that NAC does not require any special port to be open or forwarded. They said it might be because my internet is a bonded DSL line.

 

[COLGeek]

I am not sure what difference that should make. Are you using a desktop or a laptop? If a laptop, can you go elsewhere and successfully connect (like from a library, coffee shop wireless, etc)?

Also, does your tech support need to add your system to a whitelist/authorized devices list? If so, have they verified your info with you?

 

[bill001g]

Just guessing but if you look at the messages and the URL it is attempting to use "Enterasys_NACAppliance1" as the site. This would have to somehow resolve to a ip address if it really is using https. It is saying it can't resolve that name. Then again this may a configuration issue. But again this is a guess I know nothing about this product and didn't even know extreme networks still existed, figure cisco and hp killed them off.

 

[oujojo123]

I am not sure what difference that should make. Are you using a desktop or a laptop? If a laptop, can you go elsewhere and successfully connect (like from a library, coffee shop wireless, etc)?

Also, does your tech support need to add your system to a whitelist/authorized devices list? If so, have they verified your info with you?

I am using a desktop. I tried again using a mobile hotspot on my phone and still no good. There is no authorized device list that I need to be on. I tried to connect using 2 different computers so I and support assumed it was a network problem, but now I am not entirely sure.

 

[COLGeek]

I assume then that you have a client app installed on your system. Is that correct?

 

[oujojo123]

I assume then that you have a client app installed on your system. Is that correct?

I am not sure what a "client app" is

 

[COLGeek]

Did you have to install anything on your desktop to access the company network? If so, does it have an entry to configure the IP address of the NAC device (bill001g may be on to something here).

 

[oujojo123]

Did you have to install anything on your desktop to access the company network? If so, does it have an entry to configure the IP address of the NAC device (bill001g may be on to something here).

I have to connect to a VPN first before connecting to NAC which I have no trouble connecting too.

 

[COLGeek]

Are you the only user having this issue?

 

[oujojo123]

Are you the only user having this issue?

Yes I am. Out of the hundreds of employees that use it

 

[COLGeek]

What version of Windows are you using? Is it fully up to date?

Are your network drivers updated as well?

What anti-virus program are you using? Any additional firewalls installed?

 

[oujojo123]

What version of Windows are you using? Is it fully up to date?

Are your network drivers updated as well?

What anti-virus program are you using? Any additional firewalls installed?

W10/Yes
Yes
AVG. No.

 

[COLGeek]

You using the "full" or the free version of AVG? If you disable AVG, can you connect?

 

[oujojo123]

You using the "full" or the free version of AVG? If you disable AVG, can you connect?

Free Trial. No. I have tried multiple AV as well.

 

[COLGeek]

Remove AVG altogether and any other anti-virus apps you may have installed. Enable Windows Defender, update, and try again.

 

[oujojo123]

Remove AVG altogether and any other anti-virus apps you may have installed. Enable Windows Defender, update, and try again.

No good.

 

[COLGeek]

I am baffled then. This doesn't seem to be a network issue, but some config on your end. This is especially odd since you can connect to the VPN (as previously mentioned) with no issues.

Can the tech folks see you trying to connect to the device? Anything in the log on their end?