Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1034
Views
5
Helpful
2
Replies

Anyconnect is not triggering scan

osman869
Level 1
Level 1

‎08-26-2022 08:05 AM

Hi,

I have a machine when I restart the anyconnect doesnt perfom rescan

Machine A (Problematic)

  1. Machine restart
  2. AnyConnect shows compliant (Policy server detected shows Node2)
  3. There is no COA (as per my policy if the PC is compliant the COA will occur)
  4. I need to run the scan manually
  5. It scans and shows compliant again (this time is goes to Node1)
  6. COA works

Machine B (ideal)

  1. Restart the machine
  2. Scan will trigger(Policy server is Node1)
  3. COA will occur

Sometimes Machine A also works (Policy server stays Node 2) by re-scanning. Is there anything to check on node 2?

I cannot diagnose the issue. Machine B is working ideally.

Thanks

 

 

 

0 Helpful
2 Replies 2

Marcelo Morais
VIP
VIP

‎08-26-2022 09:38 PM

Hi @osman869 ,

 at Work Centers > Posture > Client Provisioning > Client Provisioning Policy double check the Rule that your Machine A is hitting, check if it is the same Rule as Machine B.

 Also double check if Machine A has the correct ISEPostureCFG.XML (at C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\ISE Posture\).

Hope this helps !!!

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎08-29-2022 05:29 PM

The problematic client machine A is switching from one PSN to another during compliance checks and such is indicating that the AnyConnect has not discovered the correct PSN initially. Take a look at https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215419-ise-session-management-and-posture.html

Customers Also Viewed These Support Documents