Anyconnect is not triggering scan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2022 08:05 AM
Hi,
I have a machine when I restart the anyconnect doesnt perfom rescan
Machine A (Problematic)
- Machine restart
- AnyConnect shows compliant (Policy server detected shows Node2)
- There is no COA (as per my policy if the PC is compliant the COA will occur)
- I need to run the scan manually
- It scans and shows compliant again (this time is goes to Node1)
- COA works
Machine B (ideal)
- Restart the machine
- Scan will trigger(Policy server is Node1)
- COA will occur
Sometimes Machine A also works (Policy server stays Node 2) by re-scanning. Is there anything to check on node 2?
I cannot diagnose the issue. Machine B is working ideally.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2022 09:38 PM
Hi @osman869 ,
at Work Centers > Posture > Client Provisioning > Client Provisioning Policy double check the Rule that your Machine A is hitting, check if it is the same Rule as Machine B.
Also double check if Machine A has the correct ISEPostureCFG.XML (at C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\ISE Posture\).
Hope this helps !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2022 05:29 PM
The problematic client machine A is switching from one PSN to another during compliance checks and such is indicating that the AnyConnect has not discovered the correct PSN initially. Take a look at https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215419-ise-session-management-and-posture.html
