Solved: Re: Context visibility (applications) on ISE 2.4(357) information disappears after deleting endpoint...

Niranjani · ‎08-30-2018

Hi experts,

Plz find the below steps which describe my issue with Context visibility on ISE 2.4(357)

1) Installed VPN & ISE posture module of Anyconnect on Windows /MAC machine through web-deploy of ASA(VPN)/ISE

2)Kept conditions as Appvisibility on ISE with the required AC image & Compliance module 4.X

3) Made a dot1x /ASA(VPN)-ISE flow from Endpoint (win/MAC), System scan went to compliant & context visibility->Endpoints on ISE 2.4(357) shows the installed applications on endpoint.

4)Deleted the endpoints on ISE GUI Context Visibility-> Endpoints & again made a flow from Windows/mAC machine

5) Now, we could observe that the installed applications information of the endpoint disappears & couldn't see the installed applications info of endpoint.

Even refresh button is not helping to list the application information of the endpoints

Is there any bug for the issue?

plz find the screenshot with this post.

hslai · ‎08-31-2018

The applications could take a few moments. Please wait at least 5 minutes, after AnyConnect sends the reports. Also, certain AnyConnect and Compliant Module combinations might not work; e.g. CSCvd04207.

It's working for me on AnyConnect for Windows 4.6.02074 (latest posted at CCO) and CM 4.2.1134.0.

View solution in original post

hslai · ‎08-31-2018

The applications could take a few moments. Please wait at least 5 minutes, after AnyConnect sends the reports. Also, certain AnyConnect and Compliant Module combinations might not work; e.g. CSCvd04207.

It's working for me on AnyConnect for Windows 4.6.02074 (latest posted at CCO) and CM 4.2.1134.0.

Niranjani · ‎09-03-2018

Thanks for the reply. Is there any keyword in vcs.log which confirms that the application visibility works fine?

hslai · ‎09-03-2018

Not in vcs.log. Instead, put ISE posture component in DEBUG and look for similar to the following in ise-psc.log:

2018-03-26 00:46:49,502 DEBUG [portal-http-service1][] cisco.cpm.posture.runtime.PostureHandlerImpl -::::- Decrypted report [[ <report><version>1000</version><package><id>10</id><status>1</status><check><chk_id>Default_AppVis_Condition_Win</chk_id><diff>0</diff><application><diff>0</diff><id>104</id><name>Adobe Flash Player</name><vendor>Adobe Systems Inc.</vendor><version>28.0.0.161</version><path>C:\Windows\System32\Macromed\Flash\</path><category>Unclassified</category></application><application><diff>0</diff><id>873</id><name>BitLocker Drive Encryption</name><vendor>Microsoft Corporation</vendor><version>10.0.14393.0</version><path>C:\Windows\System32\</path><category>DiskEncryption</category></application><application><diff>0</diff><id>39</id>...

Niranjani · ‎09-03-2018

Hi,

Thanks a lot for your response. Still I am unable to see the above pattern of logs from ise_psc logs. (enabled debug on ISE for posture,provisioning) & context visibility section in ISE 2.4 shows nothing as before. May I know about logs on Anyconnect (on endclient windows/MAC) which confirms that the issue is with ISE?

hslai · ‎09-03-2018

In that case, ISE is not receiving a report from AnyConnect ISE posture. If your ISE posture policy does have it as a requirement to check Application Visibility and AnyConnect ISE posture not sending, open a case with Cisco TAC, then, and submit a DART bundle from the AnyConnect in question, so TAC may investigate.

If your ISE 2.4 is upgraded from ISE 2.2 or prior, it would not have built-in posture policy rules and elements and you would need to create on your own. Below are some screenshots from ISE 2.3 Update Lab on ISE Posture for Cisco Temporal agent:

Context visibility (applications) on ISE 2.4(357) information disappears after deleting endpoints info & repeating the flow .