cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

215
Views
0
Helpful
4
Replies
Highlighted
Cisco Employee

AnyConnect Compliance module error message

During compliance check the following error message pop-up. Any idea how to solve this?

 

"The requirement cannot be evaluated since you are connected to an untrusted server. Please contact your administrator"

 

Anyconnect Version = 4.7.01076

Compliance Module = 4.3.562.6144

 

Thanks

Wing Churn

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: AnyConnect Compliance module error message

We've figured out the issue.  It turns out that on some of the posture checks that are run on the newer AnyConnect packages as well the ISE compliance module, they require for the cert being used in ISE to be trusted.  So we exported the self-signed default cert from ISE that we were using and imported it to the endpoint's trusted root certification authorities, and the posture checks were moved forward and continued.

4 REPLIES 4
Cisco Employee

Re: AnyConnect Compliance module error message

Not a known issue with ISE.

Please gather a DART bundle from the affected system, open a TAC case if not done already, and submit it to TAC for investigation.

Beginner

Re: AnyConnect Compliance module error message

Hi Wing Churn,

 

Were you able to find a solution to this issue?  Do we have to import a certificate from somewhere to the endpoints?

Beginner

Re: AnyConnect Compliance module error message

We've figured out the issue.  It turns out that on some of the posture checks that are run on the newer AnyConnect packages as well the ISE compliance module, they require for the cert being used in ISE to be trusted.  So we exported the self-signed default cert from ISE that we were using and imported it to the endpoint's trusted root certification authorities, and the posture checks were moved forward and continued.

Cisco Employee

Re: AnyConnect Compliance module error message


Good to hear that. We did not continue further as it was a time sensitive PoV.

 

Thanks

Wing Churn