If single sign-on (SSO) is not working for a Layer 2 out-of-band (OOB) virtual gateway implementation, which two of these can you check to troubleshoot the issue? (Choose two.)
A.
The clock between the NAC server and the Active Directory server is synchronized.
B.
The KTPass.exe command was executed on the domain controller with the /RC4Only option.
C.
The adkernel.exe process on the domain controller is accepting requests from the Cisco Clean Access Server.
D.
The Active Directory domain definition was defined in upper case on the Cisco Clean Access Manager.
E.
The ports are open to the appropriate domain controller in the guest role on Cisco Clean Access Manager.
You have the same question #44 but with different answer B and E. This time it is A and D. Therefore, which is the correct answer.
=================================================================
A. The clock between the NAC server and the Active Directory server is synchronized.
=================================================================
B. The KTPass.exe command was executed on the domain controller with the /RC4Only option.
=================================================================
C. The adkernel.exe process on the domain controller is accepting requests from the Cisco Clean Access Server.
=================================================================
D. The Active Directory domain definition was defined in upper case on the Cisco Clean Access Manager.
=================================================================
E. The ports are open to the appropriate domain controller in the guest role on Cisco Clean Access Manager.
The correct answers are A and D. The answers of B and E on question 44 are wrong.
Looking at troubleshooting info in http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/461/cas/s_adsso.html#wp1156402, clock synchronization is very important, so A is almost certainly one of the two correct choices. It also says the AD configuration must have the domain in UPPERCASE, as is mentioned in option D.
Option B is incorrect, as the ktpass info in http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/461/cas/s_adsso.html#wp1203180 says RC4 is not supported. And while ports being open are important, the first URL (above) mentions them in the context of the unauthenticated role. Option E specifies the guest role which makes that selection incorrect.