Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1741
Views
0
Helpful
3
Replies

How to check Windows updates using BMC Client?

Go to solution
AIN UL BADAR
Level 4
Level 4

‎02-06-2019 02:00 PM

Hello

My Customer has a BCM Client. BMC is the company and BCM(BMC Client Management) is a client, with version 12.6.

This BMC Client is used for MS Windows deployment of patches/updates etc and to keep them up to date.

My goal is to keep endpoints up-to-date using the BMC client/server. For which I created a Condition and Remediation under "Patch Management". My question is, did I configure this right? Because Posture module reports that it doesn't find the product in the system. The Error message on the Posture module is "Remediation couldn't be attempted since the required product was not found on the system. If the problem persists contact your system administrator".

How do I make sure the BMC Client on the endpoint goes to check for latest Windows updates to the local server and not the Internet. Unfortunately the Cisco Documentation for ISE doesn't have any information about how to configure and check updates of BMC Clients or how does it work in the background.

 

Attaching the screenshots for better understanding.

Thanks

Ain

Patch-Mgmt-Rem.PNGPatch-Mgmt-Condition.PNGISE Posture Result.PNG

P.S. This is a follow up question to this thread, thought to open a new once since it was resolved.

https://community.cisco.com/t5/identity-services-engine-ise/cisco-ise-and-bmc-integration/m-p/3796288#M23447

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee
In response to AIN UL BADAR

‎02-08-2019 12:29 PM

I suggest creating TAC SR regarding the missing 12.x support.

If need interim support, you can try creating custom posture condition for BMC. This assumes BMC client is (Or can be configured to) able to write certain string into registry that can allow posture agent to find out if the PC is up-to-date or not.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
howon
Cisco Employee
Cisco Employee

‎02-06-2019 03:09 PM

Your setup is correct, however AC complaint module has yet to support BMC client 12.x. It currently supports 11.x with compliance module 4.x so it is complaining that it cannot find the BMC client 11.x

https://www.cisco.com/c/en/us/td/docs/security/ise/ac_compliance_module/Cisco_AnyConnect_ISE_Posture_Win_Support_Charts_for_Compliance_Module_4_3_484_6144.html#_Toc535601557

 

0 Helpful

Go to solution
AIN UL BADAR
Level 4
Level 4
In response to howon

‎02-06-2019 03:17 PM

Thank you for your response and confirmation.

Any ideas how do we proceed from here? How can we make sure Windows patches are up-to-date and they are enforced?

Thanks

Ain

0 Helpful

Go to solution
howon
Cisco Employee
Cisco Employee
In response to AIN UL BADAR

‎02-08-2019 12:29 PM

I suggest creating TAC SR regarding the missing 12.x support.

If need interim support, you can try creating custom posture condition for BMC. This assumes BMC client is (Or can be configured to) able to write certain string into registry that can allow posture agent to find out if the PC is up-to-date or not.

0 Helpful
Customers Also Viewed These Support Documents