cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1291
Views
0
Helpful
4
Replies
Highlighted
Enthusiast

AnyConnect Compliance module error message

During compliance check the following error message pop-up. Any idea how to solve this?

 

"The requirement cannot be evaluated since you are connected to an untrusted server. Please contact your administrator"

 

Anyconnect Version = 4.7.01076

Compliance Module = 4.3.562.6144

 

Thanks

Wing Churn

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

We've figured out the issue.  It turns out that on some of the posture checks that are run on the newer AnyConnect packages as well the ISE compliance module, they require for the cert being used in ISE to be trusted.  So we exported the self-signed default cert from ISE that we were using and imported it to the endpoint's trusted root certification authorities, and the posture checks were moved forward and continued.

View solution in original post

4 REPLIES 4
Highlighted
Cisco Employee

Not a known issue with ISE.

Please gather a DART bundle from the affected system, open a TAC case if not done already, and submit it to TAC for investigation.

Highlighted
Beginner

Hi Wing Churn,

 

Were you able to find a solution to this issue?  Do we have to import a certificate from somewhere to the endpoints?

Highlighted

We've figured out the issue.  It turns out that on some of the posture checks that are run on the newer AnyConnect packages as well the ISE compliance module, they require for the cert being used in ISE to be trusted.  So we exported the self-signed default cert from ISE that we were using and imported it to the endpoint's trusted root certification authorities, and the posture checks were moved forward and continued.

View solution in original post

Highlighted


Good to hear that. We did not continue further as it was a time sensitive PoV.

 

Thanks

Wing Churn