then to determine the actual problem based on the expected behavior of the solution.

Assuming that all of the software has been installed and is running, when the client first tries to connect to a protected network, it should receive a pop-up message from the Cisco Trust Agent stating either that the client is healthy or that the client has been quarantined.

If no message appears, either the Cisco Trust Agent is not running on the client (check the Windows services panel for the Cisco Trust Agent) or the Network Access Device is not seeing the client. Also be sure that the host’s personal firewall and the NAD configuration allow pings. An easy way to check out this situation is to ping a host in the protected network.

￿If the pings are successful, then the client should either have received a “healthy” message or the NAD may be configured to allow clientless devices (for example, with no Cisco Trust Agent running) access.

￿If the pings time out (Request Timed Out) then the NAD is not performing correctly.

￿If the pings fail with a Destination Unreachable message, then the NAD is quarantining the host and the Cisco Trust Agent is probably not running.

If a message appears, then the NAD and the Cisco Trust Agent are communicating correctly.

If a client is quarantined, then the remediation handler (the Security Compliance Manager pop-up GUI) should display all of the violations along with the options to Rescan, Fix Now, or Close:

￿Any manual remediation actions should be followed with Rescan to cause any state changes to be detected, and the next time the network polls with a StatusQuery, the state change will cause a full PostureQuery and the evaluation process will be restarted.

￿Fix Now requests automated remediation and initiates the remediation events.

￿Close simply closes the remediation handler.

When Fix Now is clicked, the automated remediation process starts.

At this point, the remediation handler requests remediation from the Tivoli Configuration Manager Web Gateway via the SoftwarePackageServlet application that is installed on the server. The remediation information passed by the client is analyzed by this servlet and the relevant remediation objects are sent to the client. The remediation handler then manages the installation and execution of these remediation objects and then triggers a rescan of the

Appendix A. Hints and tips 449

Page 467
Image 467
IBM Tivoli and Cisco manual Appendix A. Hints and tips