Hi all,

We are using ISE 2.4. Switch C2960 and PSNs are in node group.

Posture Assessment with AnyConnect (AC) is deploying and having following error:

At 28/11/2019, 17h14’

              One PC win 7 has problem that posture status is NotApplicable.

Looking the history of AC in this machine + DART file, we note:

              At 08h00’ authC và AuthZ OK by Machine authentication (with empty field of posture status) and then user authentication with posture status=compliant.

              History shows that AC posture module running well.

              At 12h01  (4 hours later) Machine authentication passed but posture status = NotApplicable (NA)

              Looking at history of AnyConnect, we have just report of posture only at  8h00. No more activity of posture noted in the log.

              On the DART of this PC, we note that:

•               posture module was activated at 12h01.
•               But posture module could NOT get active session with error message  “Failed to find an active session” and  “failed to obtain LoggedIn user Info, aborting discovery…”

At 17h30 : we did  shut/no shut the interface connected to this PC on Switch.

AuthC by user and posture status=Compliant.

History of AC on PC noted posture module of AC running and report Posture compliant.

By looking at this situation, we remark that:

1. AnyConnect posture module is kicked off any time network changed.
2. AnyConnect could not get active session inform and stop working
3. Because AC posture stop working => ISE reports posture status as NotApplicable for this session.
4. Cause of problem is in AC posture module could not get active session from ISE.
5. But in case we shut/noshut interface, new active session is re-created and AC posture module could get active session ID without problem.

Question: why active session gone after 4 hours from ISE?

Thanks for your advice,

Minh