https://community.cisco.com/t5/network-access-control/unable-to-connect-to-cisco-and-getting-no-policy-server-detected/m-p/3896104#M471222 <P>have you tried deleting the ISECFG.XML from your AppData and reconnecting? I am assuming you are performing posture.&nbsp;</P><P>&nbsp;</P> Tue, 23 Jul 2019 20:22:18 GMT rosalesoe 2019-07-23T20:22:18Z https://community.cisco.com/t5/network-access-control/unable-to-connect-to-cisco-and-getting-no-policy-server-detected/m-p/3895491#M471213 <P>Hi W</P><P>I try to connect Cisco to wired&nbsp; network is connected and system scan is not happening getting like no policy server detected and default network access is in effect</P><P>Can some one pls help me to resolve issue</P> Tue, 23 Jul 2019 08:59:37 GMT https://community.cisco.com/t5/network-access-control/unable-to-connect-to-cisco-and-getting-no-policy-server-detected/m-p/3895491#M471213 SravaniYerru9465 2019-07-23T08:59:37Z https://community.cisco.com/t5/network-access-control/unable-to-connect-to-cisco-and-getting-no-policy-server-detected/m-p/3896104#M471222 <P>have you tried deleting the ISECFG.XML from your AppData and reconnecting? I am assuming you are performing posture.&nbsp;</P><P>&nbsp;</P> Tue, 23 Jul 2019 20:22:18 GMT https://community.cisco.com/t5/network-access-control/unable-to-connect-to-cisco-and-getting-no-policy-server-detected/m-p/3896104#M471222 rosalesoe 2019-07-23T20:22:18Z https://community.cisco.com/t5/network-access-control/unable-to-connect-to-cisco-and-getting-no-policy-server-detected/m-p/3896408#M471229 I am not able to see ISECFG.xml in Cisco appdata Wed, 24 Jul 2019 06:35:47 GMT https://community.cisco.com/t5/network-access-control/unable-to-connect-to-cisco-and-getting-no-policy-server-detected/m-p/3896408#M471229 SravaniYerru9465 2019-07-24T06:35:47Z https://community.cisco.com/t5/network-access-control/unable-to-connect-to-cisco-and-getting-no-policy-server-detected/m-p/3896427#M471233 Go with the following steps and see where it is failing<BR /><BR /><BR /> 1. Check if you are hitting the correct policy where you would have mentioned posture status as unknown and the authorization profile would contain the redirect ACL and a downloadable ACL if using any.<BR /> 2. Check if the redirect ACL,URL,dACL(if any) have been applied on the switch when the client authenticates using the command “show authentication status ise interface <INTERFACE name="">”<BR /> 3. If yes, please check the contents of the redirect ACL and the downloadable ACL. If it is a wired connection, on the switch, in the redirect ACL, deny traffic to the ISE and allow traffic to any host on port 80 and 443. Please find a reference here <A href="https://secure-web.cisco.com/1v2zCwnxXQMD0chGYvPNuzMZO298wf2Z-4Ki4D-eMALu8VsOlKg_1SiAvT-VBk42i2FVtgrTzIkMyG36aYli2vGDEfCe_7_5zVtxIpWVaZs-aN-jL6MET02gtf9OEpQdBhVGThO2vGQ5-qJ6HEcc0EoC2k_Rb-pJHAJK0EcnIkXgVOVi8Iuyo9kbSRiuC52zVtC1yFXrQwUNg-PtGiEUypohOVMx70cEBT3Nl2iFj_KKyo90L14w-LlLKj2kohzBf/https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fsecurity%2Fidentity-services-engine%2F116143-config-cise-posture-00.html#anc24" target="_blank">https://secure-web.cisco.com/1v2zCwnxXQMD0chGYvPNuzMZO298wf2Z-4Ki4D-eMALu8VsOlKg_1SiAvT-VBk42i2FVtgrTzIkMyG36aYli2vGDEfCe_7_5zVtxIpWVaZs-aN-jL6MET02gtf9OEpQdBhVGThO2vGQ5-qJ6HEcc0EoC2k_Rb-pJHAJK0EcnIkXgVOVi8Iuyo9kbSRiuC52zVtC1yFXrQwUNg-PtGiEUypohOVMx70cEBT3Nl2iFj_KKyo90L14w-LlLKj2kohzBf/https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fsecurity%2Fidentity-services-engine%2F116143-config-cise-posture-00.html#anc24</A>&lt;&gt;<BR /> 4. If you have a dACL configured, please allow traffic to the dns,dhcp servers, discovery host configured, gateway of the client, ISE PSNs and enroll.cisco.com.<BR /> 5. Make sure your DNS server can resolve ISE PSNs FQDNs and enroll.cisco.com.<BR /> 6. Make sure you have “ip http server”, “ip http secure-server” and device tracking configured on the switch.<BR /> 7. Redirection can be tested from the client machine by navigating to a browser on the end client say windows PC. Type <A href="http://secure-web.cisco.com/14cOEH-IW0DPLfB48LktX0i7qXAYnjuucduFEcQKjVP-1fS62naZK2em2X7bLo_ZtOv4h6Ov4MOs6u8jaZXGQkwdyKvk0nYW3Sz_ywSeLL-VysTl8H3ftmkSd1U9vV6IcwcB2rp4MeZtn6G0Wq5fiFHauN1z8WiAvFcVdVlA1akGhzWG4bfEM0gQEP9GcyojKBQZOk_7y7IBu8KIB1tkqr8Q0X94HsPthqHvL5Sah7nsRA9UhZdhX5b7PSqhmCSpr/http%3A%2F%2F1.1.1.1" target="_blank">http://secure-web.cisco.com/14cOEH-IW0DPLfB48LktX0i7qXAYnjuucduFEcQKjVP-1fS62naZK2em2X7bLo_ZtOv4h6Ov4MOs6u8jaZXGQkwdyKvk0nYW3Sz_ywSeLL-VysTl8H3ftmkSd1U9vV6IcwcB2rp4MeZtn6G0Wq5fiFHauN1z8WiAvFcVdVlA1akGhzWG4bfEM0gQEP9GcyojKBQZOk_7y7IBu8KIB1tkqr8Q0X94HsPthqHvL5Sah7nsRA9UhZdhX5b7PSqhmCSpr/http%3A%2F%2F1.1.1.1</A> and see if it gets redirected to the client provisioning portal and the portal opens.<BR /> 8. If the redirection URL is not seen then it would mean that the redirection itself did not work. In this case, please check if the SVI is configured on the access switched or somewhere in the upper layers. Please refer this <A href="https://secure-web.cisco.com/1id02xRLgi_4gMLcI8hETkBpjAlpPy-sgHHkFtwioB7J5BDwmdgcoEOTKRthId8GDKeTpaXD3WzZZ6mx5LOEkN0vX3YnmC3Utl-xE2LQ5JFOusoOzKlZWYMsRqnRjPPxzIa9PPX8KRDL-qPBTCIUH1wDeAYaPlntLRvESLrTW8-AtXdoEHUpS4HECRhGIZzWjSoeLjWekS5sQKXwVmK-haL1c0RBViwEQ6kBNDLtRxjSv3wE3i9Brz-VglLEl7NEU/https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fsecurity%2Fidentity-services-engine%2F117278-troubleshoot-ise-00.html" target="_blank">https://secure-web.cisco.com/1id02xRLgi_4gMLcI8hETkBpjAlpPy-sgHHkFtwioB7J5BDwmdgcoEOTKRthId8GDKeTpaXD3WzZZ6mx5LOEkN0vX3YnmC3Utl-xE2LQ5JFOusoOzKlZWYMsRqnRjPPxzIa9PPX8KRDL-qPBTCIUH1wDeAYaPlntLRvESLrTW8-AtXdoEHUpS4HECRhGIZzWjSoeLjWekS5sQKXwVmK-haL1c0RBViwEQ6kBNDLtRxjSv3wE3i9Brz-VglLEl7NEU/https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fsecurity%2Fidentity-services-engine%2F117278-troubleshoot-ise-00.html</A> for more information on how redirection works in different scenarios.<BR /> 9. If the redirection URL is seen in the browser but the page isn’t opening, please check if the DNS resolution to ISE FQDN in the URL works, please check if you can telnet to port 8443 from the end machine. Please take a packet capture from ISE (PSN seen in the redirect URL) and see if you see the client traffic reaching it. If the traffic is reaching ISE, please run the command “show ports | in 8443” to see if that specific PSN is listening on 8443.<BR /> 10. If you are successfully redirected to the client provisioning portal and you can see the portal, then redirection is not the issue and something is wrong on the client side, in which case, you would need to collect a DART bundle.<BR /> 11. Open up the DART bundle and check for logs with lines containing “http” “error” “fatal” “severe”.<BR /><BR /></INTERFACE> Wed, 24 Jul 2019 07:13:53 GMT https://community.cisco.com/t5/network-access-control/unable-to-connect-to-cisco-and-getting-no-policy-server-detected/m-p/3896427#M471233 Surendra 2019-07-24T07:13:53Z