- Restart the NAC appliance first
- Restart the Netsight appliance
If you are experiencing intermittent contact lost in NAC Manger to your NAC appliances and the same error is seen in the server.log regarding certificate renegotiation check to make sure there are no incorrect reverse records for the NAC/NetSight appliances in the configured DNS server. This typically occurs when more than one NAC is present
- Gather all Internal Certificate information from the NAC appliances by right clicking the NAC appliances in NAC Manager -> Webview -> Diagnostics -> Certificate Diagnostics
- Note the Server Certificate name for each appliance.
- SSH to the NetSight appliance
- Run the following command to perform a reverse DNS lookup on the NAC's IP address
- From the results shown verify that the name you have gathered in step 1 matches the result of the nslookup. If there are any other records return, remove them from the reverse DNS zone of the DNS server.
- If the FQDN returned from the nslookup is not an exact match of the CN and Domain on the NAC's internal certificate it will cause issues with NetSight/NAC communication with the above error message. Remove the reverse lookup, or correct the reverse record to reply with the correct CN and domain.