cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1407
Views
10
Helpful
5
Replies

Context visibility (applications) on ISE 2.4(357) information disappears after deleting endpoints info & repeating the flow .

Niranjani
Level 1
Level 1

Hi experts,

 

Plz find the below steps which describe my issue with Context visibility on ISE 2.4(357)

 

1) Installed VPN & ISE posture module of Anyconnect on Windows /MAC machine through web-deploy of ASA(VPN)/ISE

2)Kept conditions as Appvisibility on ISE with the required AC image & Compliance module 4.X

 

3) Made a dot1x /ASA(VPN)-ISE flow from Endpoint (win/MAC), System scan went to compliant & context visibility->Endpoints  on ISE 2.4(357) shows the installed applications on endpoint.

 

4)Deleted the endpoints on  ISE GUI Context Visibility-> Endpoints & again made a flow from Windows/mAC machine

 

5)  Now, we could observe that the installed applications  information of the endpoint disappears & couldn't see the installed applications info of endpoint.

 

Even refresh button is not helping to list the application information of the endpoints

 

Is there any bug for the issue?

 

plz find the screenshot with this post.

 

 

 

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

The applications could take a few moments. Please wait at least 5 minutes, after AnyConnect sends the reports. Also, certain AnyConnect and Compliant Module combinations might not work; e.g. CSCvd04207.

It's working for me on AnyConnect for Windows 4.6.02074 (latest posted at CCO) and CM 4.2.1134.0.

View solution in original post

5 Replies 5

hslai
Cisco Employee
Cisco Employee

The applications could take a few moments. Please wait at least 5 minutes, after AnyConnect sends the reports. Also, certain AnyConnect and Compliant Module combinations might not work; e.g. CSCvd04207.

It's working for me on AnyConnect for Windows 4.6.02074 (latest posted at CCO) and CM 4.2.1134.0.

Niranjani
Level 1
Level 1

Thanks for the reply. Is there any keyword in vcs.log which confirms that the application visibility works fine? 

Not in vcs.log. Instead, put ISE posture component in DEBUG and look for similar to the following in ise-psc.log:

2018-03-26 00:46:49,502 DEBUG  [portal-http-service1][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Decrypted report [[ <report><version>1000</version><package><id>10</id><status>1</status><check><chk_id>Default_AppVis_Condition_Win</chk_id><diff>0</diff><application><diff>0</diff><id>104</id><name>Adobe Flash Player</name><vendor>Adobe Systems Inc.</vendor><version>28.0.0.161</version><path>C:\Windows\System32\Macromed\Flash\</path><category>Unclassified</category></application><application><diff>0</diff><id>873</id><name>BitLocker Drive Encryption</name><vendor>Microsoft Corporation</vendor><version>10.0.14393.0</version><path>C:\Windows\System32\</path><category>DiskEncryption</category></application><application><diff>0</diff><id>39</id>...

Hi,

 

Thanks a lot for your response. Still I am unable to see the above pattern of logs from ise_psc logs. (enabled debug on ISE for posture,provisioning) & context visibility section in ISE 2.4 shows nothing as before. May I know about logs on Anyconnect (on endclient windows/MAC) which confirms that the issue is with ISE?

In that case, ISE is not receiving a report from AnyConnect ISE posture. If your ISE posture policy does have it as a requirement to check Application Visibility and AnyConnect ISE posture not sending, open a case with Cisco TAC, then, and submit a DART bundle from the AnyConnect in question, so TAC may investigate.

If your ISE 2.4 is upgraded from ISE 2.2 or prior, it would not have built-in posture policy rules and elements and you would need to create on your own. Below are some screenshots from ISE 2.3 Update Lab on ISE Posture for Cisco Temporal agent: