cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2392
Views
4
Helpful
6
Replies

ISE integration with XenMobile

joeharb
Level 5
Level 5

We are trying to leverage XenMobile with ISE and have it added and it Test successfully.  Devices have already been enrolled into MDM, we are wanting to query the MDM to determine if the device is Registered, JailBroke, etc to determine access.  In testing the reports show that that a known device in MDM is "un-registered" and all the other fields are unknown.  From ISE I can see that the endpoint id is a identifier within the XenMobile Device Manager.  I am not part of the group that does the configuration of the MDM so I have limited access to it.  I can login to the portal and check the device in question but I don't see any fields that reflect the exact definitions that are in ISE.

As I stated the "Test" comes back successful.

 

Thanks,

 

Joe

 

6 Replies 6

Tarik Admani
VIP Alumni
VIP Alumni

I have spent some time troubleshooting this in the past with other vendors, when you debug the mdm components under the logging categories for the psn that is performing the look up you can see what the MDM is sending back.

To tail the logs you can go to the cli of the ISE PSN and tail the ise-psc.log file (show logging application ise-psc.log tail).

Thanks,

2015-01-12 08:29:40,225 INFO   [Thread-42][] cisco.cpm.mdm.api.MdmBaseApi -::0a1f06840002becc54b3da2b:::- GETMDM Server URL: https://xdm.XXXX.com:443/zdm/ciscoise/dev
ices/0/macaddress/48437C7ACFA0/all
2015-01-12 08:29:41,034 INFO   [Thread-42][] cisco.cpm.mdm.api.MdmBaseApi -::0a1f06840002becc54b3da2b:::- MDM Server Response Code: 500
2015-01-12 08:29:41,035 WARN   [Thread-42][] cisco.cpm.mdm.api.MdmBaseApi -::0a1f06840002becc54b3da2b:::- Failled to connect to MDM Server 500 : Internal Server Error
2015-01-12 08:29:41,040 WARN   [MdmEventHandler-25-thread-2][] cisco.cpm.mdm.util.MDMUtil -::0a1f06840002aab854b008ad:::- Couldn't find the endpoint information for mac
 address 48:43:7c:7a:cf:a0

 

Looks like ISE isn't getting a response from the mdm server, is it possible to check the mdm api to verify it is up and running?

 

Thanks,

 

Joe

Joe,

Can you try to paste that url in your browser and see what error you get? You will be asked to authenticate so use the account that you configured in ISE to connect to the mdm.

Thanks,

Tarik

I get a This webpage is not availble.  Again I don't have access to the MDM but if anyone has any ideas of where to look on the server to verify that the api is runining, I can pass that along.

 

Thanks,

 

Joe

Ravi Singh
Level 7
Level 7
Could you please let me know what ISE 1.2 patch version you have? If you have patch 3, 4,
or 5, then I suspect that we are running into the following defect:

CSCum01290    MDM Integration Not Working With ISE 1.2 p3 and p4

Symptom:
MDM enrollment fails while running ISE 1.2 p3 or p4.  Upon redirect to the ISE MDM portal,
clients are immediately presented with an error related to "The MDM system is not
reachable at this time" even when the MDM server is reachable.  MDM logging to ise-psc.log
is missing key server response and connection failed syslog info when running the patch.

Conditions:
ISE 1.2 p3 and p4

Workaround:
Roll back to ISE 1.2.899 release

This defect has been resolved in ISE 1.2 patch 6, which is scheduled for release next
month. Until then, the only workaround I see is to roll back the patches from
Administration > Maintenance > Patches.

We are running version 1.2.1.198 with no patches installed, from what I can tell this version isn't affected, correct?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: