https://community.cisco.com/t5/network-access-control/no-policy-server-detected/m-p/3583998#M517136 <HTML><HEAD></HEAD><BODY><P>As you mentioned this issue happening randomly, please engage Cisco TAC to troubleshoot.</P></BODY></HTML> Sat, 05 May 2018 08:24:41 GMT hslai 2018-05-05T08:24:41Z https://community.cisco.com/t5/network-access-control/no-policy-server-detected/m-p/3583996#M517134 <HTML><HEAD></HEAD><BODY><P>Hello Community,</P><P></P><P>Running with ISE 2.1 with patch 5 and Any Connect 4.5</P><P></P><P>We are facing some issue on the random endpoints with <STRONG><EM>No Policy Server Detected</EM></STRONG> message in Any Connect and on <STRONG>ISE Live logs</STRONG> its showing <STRONG><EM>Posture Unknown</EM>.</STRONG></P><P>Endpoint are able to Ping ISE Server as well host name, also able to resolve <STRONG>enroll.cisco.com</STRONG></P><P>Dot1x is is successfully happening for endpoint, redirection is also working, posture status is showing <STRONG><EM>Pending</EM></STRONG> under<STRONG> Live Session</STRONG> on ISE.</P><P></P><P>Does any thing i nee to look why Posture is not working ?</P><P></P><P><SPAN style="color: #3d3d3d; font-family: arial; font-size: 12px;">Appreciate your Inputs here.</SPAN></P><P><SPAN style="color: #3d3d3d; font-family: arial; font-size: 12px;"><BR /></SPAN></P></BODY></HTML> Fri, 04 May 2018 07:27:04 GMT https://community.cisco.com/t5/network-access-control/no-policy-server-detected/m-p/3583996#M517134 Ali 2018-05-04T07:27:04Z https://community.cisco.com/t5/network-access-control/no-policy-server-detected/m-p/3583997#M517135 <HTML><HEAD></HEAD><BODY><P>With ISE 2.1, you must rely on URL redirect for client to discover PSN, and it needs to be the PSN that authenticated client.&nbsp; One exception is the attempt to connect to previous PSN, but let's stick to new connection case.&nbsp;&nbsp; Therefore, you Discovery Host or resolution of enroll.cisco.com must resolve to a target <EM>beyond </EM>the redirection point and be a routeable target.&nbsp; If DH or enroll.cisco.com resolved to PSN, it will not work.</P></BODY></HTML> Sat, 05 May 2018 01:51:43 GMT https://community.cisco.com/t5/network-access-control/no-policy-server-detected/m-p/3583997#M517135 Craig Hyps 2018-05-05T01:51:43Z https://community.cisco.com/t5/network-access-control/no-policy-server-detected/m-p/3583998#M517136 <HTML><HEAD></HEAD><BODY><P>As you mentioned this issue happening randomly, please engage Cisco TAC to troubleshoot.</P></BODY></HTML> Sat, 05 May 2018 08:24:41 GMT https://community.cisco.com/t5/network-access-control/no-policy-server-detected/m-p/3583998#M517136 hslai 2018-05-05T08:24:41Z https://community.cisco.com/t5/network-access-control/no-policy-server-detected/m-p/3583999#M517137 <HTML><HEAD></HEAD><BODY><P><A href="https://community.cisco.com//u1/38995">hslai</A><A href="https://community.cisco.com//u1/28477">chyps</A>&nbsp; Thanks for the Input</P><P></P><P>I have taken TAC Support.</P><P></P><P>More about the issue is, when user logged on one PC posture scan is working and getting C<STRONG>omplaint status</STRONG>, when the same user is logging on different PC AnyConnect after scan showing <STRONG>No Policy Server Detected.</STRONG></P><P><STRONG><BR /></STRONG></P><P>After packet capture, we found that AnyConnect reaches the ISE and ISE was redirecting the AnyConnect to port 8905. When AnyConnect goes to that port ISE was sending <STRONG>Reset</STRONG>, on ISE we confirmed the port was Open. This is something weird why ISE was giving Reset.</P><P></P><P>TAC Engineer gone through support bundle and found some bugs along with high load average and suggested either Reload the Server or Upgrade to Patch 7.</P><P></P><P>As Temporary workaround we reloaded the box and after reload the issue got resolved of NO Policy Server.</P><P></P><P>Is there anything we need to look to resolve the Reset instead of going for Patch 7.</P></BODY></HTML> Sun, 06 May 2018 10:32:09 GMT https://community.cisco.com/t5/network-access-control/no-policy-server-detected/m-p/3583999#M517137 Ali 2018-05-06T10:32:09Z https://community.cisco.com/t5/network-access-control/no-policy-server-detected/m-p/3584000#M517138 <HTML><HEAD></HEAD><BODY><P>Please take the tac advice as they are tasked with troubleshooting and resolving break fix issues</P></BODY></HTML> Sun, 06 May 2018 11:42:12 GMT https://community.cisco.com/t5/network-access-control/no-policy-server-detected/m-p/3584000#M517138 Jason Kunst 2018-05-06T11:42:12Z https://community.cisco.com/t5/network-access-control/no-policy-server-detected/m-p/3584001#M517139 <HTML><HEAD></HEAD><BODY><P>I suspect it is a case where posture request sent to PSN that was no longer owner.&nbsp; If a specific defect flagged as being the fix, as we have added some logic to address such out of sync cases, then that would be the path to prevent future occurrences, else rely on ISE 2.2+ feature to provide Phase 2 discovery.</P></BODY></HTML> Sun, 06 May 2018 21:06:14 GMT https://community.cisco.com/t5/network-access-control/no-policy-server-detected/m-p/3584001#M517139 Craig Hyps 2018-05-06T21:06:14Z