We are in the process of deploying ISE 2.6 Patch 3 and are using Cisco AnyConnect Network Access Manager for EAP Chaining. We have ran into a a situation where whenever no user is logged into the machine it becomes unreachable (no ping, VNC, etc.). I have attached screenshots of our NAM configuration from the AnyConnect Profile Editor. Are there additional settings in ISE that could be causing this behavior? We currently have a rule in our Policy in ISE that is Temp Roll Out rule that basically allows anything that is profiled as a Workstation, etc. to connect. I have a TAC case open as well but they aren't being very responsive.