Solved: Can ISE upgrade AnyConnect and keep the xml files in place?

Eric Pineda · ‎06-22-2016

Hello,

Trying to upgrade AnyConnect in ISE from a 4.1 to a 4.2 without losing the .xml profiles. Doing wired 802.1x so during the upgrade, the NAM XML file is removed and the endpoint is left in a broken state as it no longer has the settings from the XML file. It now has the default XML.

We are specifying the AnyConnect NAM .xml file through the ISE AnyConnect Configuration in provisioning but still it does not get pushed during the update process.

Is this possible? What could be missing?

pcarco · ‎07-12-2016

Hi Eric,

Verified with one of the escalation engineers that work on NAM. There is no way we can automate it natively

"Configuration.xml files are loaded anytime a network is not in the connected state. Network repair, service restart, unplug/plug will all trigger the file to be loaded"

Sorry I don't have better news for you.

Best regards,

Paul

View solution in original post

pcarco · ‎06-23-2016

Hello,

when you uploaded the Nam profile to ISE - did you keep the name 'configuration.xml'

This sounds odd I will look into this and see if this has been reported before. @stsargen

Eric Pineda · ‎06-27-2016

Hello,

We tested this, same issue, config is lost after upgrade or not pushed during upgrade.

pcarco · ‎06-28-2016

Hello Eric,

You said you tested the same issue - do you mean that you were ensured the profile name was correct ?

What version of ISE are you testing with ? What version of Windows ?

I will try to reproduce and can you run the DART tool on the endpoint and email it to me directly please pcarco@cisco.com

I just tested ISE 2.1.0.474 with AnyConnect 4.3.0748 on Windows 7 and no issues having the configuration.xml file updated So we will definitely need to see logs

Best regards,

Paul

Eric Pineda · ‎07-05-2016

Hello Paul,

Thanks for the response, yes, we ensured the AC NAM profile was configuration.xml

ISE 1.4 p6

Win 7

Will email you directly.

pcarco · ‎07-08-2016

Hello Eric,

I have been out on Vacation. I did look for your email but haven't seen it yet. If you did send can you please resend.

Thank you

Best regards,
Paul

Eric Pineda · ‎07-11-2016

Hello Paul,

Actually I didn't have the need to send you the email, the xml has been pushed properly after further testing. However there is one additional question.

After it is upgraded, it does not prompt us to restart, but we must manually choose network repair option in AnyConnect NAM.

Is there a way to automate this repair after upgrade? Currently this won't scale too well as the end user would have to either manually restart or do the network repair.

pcarco · ‎07-12-2016

Hi Eric,

Verified with one of the escalation engineers that work on NAM. There is no way we can automate it natively

"Configuration.xml files are loaded anytime a network is not in the connected state. Network repair, service restart, unplug/plug will all trigger the file to be loaded"

Sorry I don't have better news for you.

Best regards,

Paul

Eric Pineda · ‎07-12-2016

Hello Paul,

I understand, thanks for the information.

pcarco · ‎07-12-2016

You are welcome Eric

If you have any further questions please let me know or mark the current thread answered if you don't mind.

Best regards,

Paul