https://community.cisco.com/t5/network-access-control/ise-posture-pending-loop/m-p/3603448#M536549 <HTML><HEAD></HEAD><BODY><P>Could you please tell me which version you are on? What i think this is bug <A href="https://quickview.cloudapps.cisco.com/quickview/bug/CSCul66272" rel="nofollow" style="color: #4a7399; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;" target="_blank">CSCul66272</A>. See the detail below</P><P></P><P style="color: #333333; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;"></P><DIV><A name="description" style="color: #4a7399;">Description</A><P></P></DIV><P style="margin: 0 0 1.4em; color: #333333; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;">Symptom:<BR />The NAC Agent gets suck in a posture loop. The sequence of events seen for the agent is:<BR />1) An authentication entry is seen for the host and posture is set to pending.<BR />2) A CoA is sent for the host with the posture status matching the globally set default posture status.<BR />3) An authentication is again seen for the host with the posture status set to pending.</P><P></P><P>Conditions:<BR />ISE 1.2.0.899<BR />An application is installed on the end host that sends an HTTP or HTTPS packet with an unknown user-agent.<BR />Posture is configured and in use.</P><P style="color: #333333; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;"></P><DIV>Last Modified:<P></P><P>Jun 9,2014</P></DIV><P style="color: #333333; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;"></P><DIV>Status:<P></P><P>Fixed</P></DIV><P style="color: #333333; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;"></P><DIV>Severity:<P></P><P>3 Moderate</P></DIV><P style="color: #333333; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;"></P><DIV>Product:<P></P><P>Cisco Identity Services Engine (ISE) 3300 Series Appliances</P><P></P><TABLE cellpadding="0" cellspacing="0" width="100%"><TBODY><TR><TD style="border: 1px solid black; padding-left: 2px;">Known Affected Releases:</TD><TD style="border: 1px solid black;"><DIV>(1)<P></P></DIV></TD></TR></TBODY></TABLE><P></P><DIV><DIV><DIV>1.2(0.899)<P></P></DIV></DIV></DIV><P></P><DIV><DIV><TABLE cellpadding="0" cellspacing="0" width="100%"><TBODY><TR><TD style="border: 1px solid black; padding-left: 2px;">Known Fixed Releases:</TD><TD style="border: 1px solid black;"><DIV>(2)<P></P></DIV></TD></TR></TBODY></TABLE></DIV></DIV><P></P><DIV><DIV><DIV>1.2(0.907)<P></P><P>1.2(1.198)</P></DIV></DIV></DIV></DIV></BODY></HTML> Thu, 12 Jan 2017 08:49:54 GMT Ravi Singh 2017-01-12T08:49:54Z https://community.cisco.com/t5/network-access-control/ise-posture-pending-loop/m-p/3603447#M536548 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>&nbsp;&nbsp; i'm facing a strange issue while anyconnect posture running it fails in one of the requirement and the configured remediation timer is 3 min</P><P>after that it should go to non-compliant with remediation vlan. but we noticed that posture tries to re-scan again every 16 seconds hence remediation timer starts again from beginning which means that user will never hit non-compliant profile !!! he will stay in unknown state forever !!!</P><P>it like a loop</P><P>1- user gets remediation text message</P><P>2- remediation timer starts counting</P><P>3- after 16 seconds anyconnect starts scanning again</P><P>4- back to step 1</P><P></P><P>the user status in ISE always pending "unknown state" !!!&nbsp; so what do you think what is maybe the issue</P></BODY></HTML> Tue, 10 Jan 2017 13:05:00 GMT https://community.cisco.com/t5/network-access-control/ise-posture-pending-loop/m-p/3603447#M536548 kareali@cisco.com 2017-01-10T13:05:00Z https://community.cisco.com/t5/network-access-control/ise-posture-pending-loop/m-p/3603448#M536549 <HTML><HEAD></HEAD><BODY><P>Could you please tell me which version you are on? What i think this is bug <A href="https://quickview.cloudapps.cisco.com/quickview/bug/CSCul66272" rel="nofollow" style="color: #4a7399; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;" target="_blank">CSCul66272</A>. See the detail below</P><P></P><P style="color: #333333; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;"></P><DIV><A name="description" style="color: #4a7399;">Description</A><P></P></DIV><P style="margin: 0 0 1.4em; color: #333333; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;">Symptom:<BR />The NAC Agent gets suck in a posture loop. The sequence of events seen for the agent is:<BR />1) An authentication entry is seen for the host and posture is set to pending.<BR />2) A CoA is sent for the host with the posture status matching the globally set default posture status.<BR />3) An authentication is again seen for the host with the posture status set to pending.</P><P></P><P>Conditions:<BR />ISE 1.2.0.899<BR />An application is installed on the end host that sends an HTTP or HTTPS packet with an unknown user-agent.<BR />Posture is configured and in use.</P><P style="color: #333333; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;"></P><DIV>Last Modified:<P></P><P>Jun 9,2014</P></DIV><P style="color: #333333; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;"></P><DIV>Status:<P></P><P>Fixed</P></DIV><P style="color: #333333; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;"></P><DIV>Severity:<P></P><P>3 Moderate</P></DIV><P style="color: #333333; font-family: Arial, sans-serif; font-size: 14.4px; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px; background-color: #f9f9f9;"></P><DIV>Product:<P></P><P>Cisco Identity Services Engine (ISE) 3300 Series Appliances</P><P></P><TABLE cellpadding="0" cellspacing="0" width="100%"><TBODY><TR><TD style="border: 1px solid black; padding-left: 2px;">Known Affected Releases:</TD><TD style="border: 1px solid black;"><DIV>(1)<P></P></DIV></TD></TR></TBODY></TABLE><P></P><DIV><DIV><DIV>1.2(0.899)<P></P></DIV></DIV></DIV><P></P><DIV><DIV><TABLE cellpadding="0" cellspacing="0" width="100%"><TBODY><TR><TD style="border: 1px solid black; padding-left: 2px;">Known Fixed Releases:</TD><TD style="border: 1px solid black;"><DIV>(2)<P></P></DIV></TD></TR></TBODY></TABLE></DIV></DIV><P></P><DIV><DIV><DIV>1.2(0.907)<P></P><P>1.2(1.198)</P></DIV></DIV></DIV></DIV></BODY></HTML> Thu, 12 Jan 2017 08:49:54 GMT https://community.cisco.com/t5/network-access-control/ise-posture-pending-loop/m-p/3603448#M536549 Ravi Singh 2017-01-12T08:49:54Z https://community.cisco.com/t5/network-access-control/ise-posture-pending-loop/m-p/3603449#M536550 <HTML><HEAD></HEAD><BODY><P>Got the exactly the same issue here in a new solution with version 2.2.0.470-Patch1.</P><P></P><P>The client just starts reassesment and stays in a posturing state, nothing happens on ISE or switch tough so it seems like a client issue.</P></BODY></HTML> Sat, 13 May 2017 07:33:07 GMT https://community.cisco.com/t5/network-access-control/ise-posture-pending-loop/m-p/3603449#M536550 Andre Liverod 2017-05-13T07:33:07Z