Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4697
Views
0
Helpful
3
Replies

Failed to contact policy server Contact your system administrator

Go to solution
moorthyt,t
Level 1
Level 1

‎09-10-2018 07:49 AM - edited ‎03-11-2019 01:49 AM

Hi,

 

I have integrated my cisco controller with ISE server 2.3 with Patch4 for AAA and Posture Scan, the issues when i connect new machine with SSID, the client provisioning is happening successfully, but the posture scan is not running as is is stuck on 10%, after some time getting below message. 

 

 "Failed to contact policy server Contact your system administrator"

 

Please help.

 

Regards,

Moorthy.T

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎09-10-2018 12:32 PM

Moorthy,

 

Is this wired or VPN?

Please check your DNS to make sure the endpoint resolves the URL of the PSN.

Check the connection data xml file at the endpoint to see if has the PSN's.

Make sure you have ports 8905 open pre-posture as ACL.

Finally, you can use client provisioning profile to configure call home parameters to list the PSN's Anyconnect should talk to for posture.

Anyconnect uses different methods to discover PSN's. Look at the Anyconnect logs to make sure where the problem is.

 

Thanks

Krishnan

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎09-10-2018 12:32 PM

Moorthy,

 

Is this wired or VPN?

Please check your DNS to make sure the endpoint resolves the URL of the PSN.

Check the connection data xml file at the endpoint to see if has the PSN's.

Make sure you have ports 8905 open pre-posture as ACL.

Finally, you can use client provisioning profile to configure call home parameters to list the PSN's Anyconnect should talk to for posture.

Anyconnect uses different methods to discover PSN's. Look at the Anyconnect logs to make sure where the problem is.

 

Thanks

Krishnan

 

 

0 Helpful

Go to solution
moorthyt,t
Level 1
Level 1
In response to kthiruve

‎09-10-2018 08:48 PM

Hi Krishnan,

 

Thanks for your information,

 

This issue we are facing in cisco wireless network, I have already checked all the reachability and Client provisioning is happening. when agent kick start the scan its stucks @ 10% and giving the below error.

 

     4:22:13 PM    Searching for policy server.
     4:22:16 PM    Checking for product updates...
     4:22:16 PM    The AnyConnect Downloader is performing update checks...
     4:22:17 PM    Checking for profile updates...
     4:22:17 PM    Checking for product updates...
     4:22:17 PM    Checking for customization updates...
     4:22:17 PM    Performing any required updates...
     4:22:17 PM    The AnyConnect Downloader updates have been completed.
     4:22:17 PM    Update complete.
     4:22:17 PM    Scanning system ...
     4:22:36 PM    Failed to contact policy server Contact your system administrator.

 

 

Regards,

Moorthy.T

0 Helpful

Go to solution
kthiruve
Cisco Employee
Cisco Employee
In response to moorthyt,t

‎09-11-2018 09:03 AM

Please work with TAC to resolve this issue if it is impacting your network.

 

-Krishnan

0 Helpful
Customers Also Viewed These Support Documents