This article describes basic steps to troubleshoot Persistent Agent.
Define what is not working:
- Sending a message to the host (Host View -> Send message in Administrative UI).
- Agent prompting for user credentials.
- Scanning hosts.
If none of the functions is working.
- Verify agent is installed on the host.
- If installed, restart the Persistent Agent service. Does this clear the behavior?
- Verify the date and time are correct on the host.
- Troubleshoot communication between the agent and NAC.
- Verify that the MAC address of the device is known as Vendor OUI by NAC.
Causes for Communication Failure:
- The ports required for agent/server communications are blocked. Check network firewalls as well as endstation firewalls. Refer to the related KB article below.
- SSL Certificate authentication problems (presumes the Persistent Agent Security Setting is enabled).
- There is no SSL Certificate installed or it has expired (this assumes the agent does not have Security disabled). Refer to the related KB article below.
- Names used for communicating with NAC and the Name on the Certificate do not match. Refer to the related KB article below.
- NAC Vendor OUI repository should have the vendor OUI of the device MAC address listed. Refer to the related KB article below.
- Agent code-related issues. Refer to the related KB article below.
If specific functions do not work:
- Credential Window does not appear for hosts required to either register or authenticate.
Refer to related KB articles below.
- Host is not scanning.
In Host view, 'right-click' on the host and select 'Scan Now'. Note the message that appears. Refer to the related KB article below if an error displays.
If unable to determine the cause of the issue, gather the agent logs from the affected computer and consult Product Support. Refer to the related KB article below.