cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
62157
Views
16
Helpful
16
Replies

ISE - no policy server detected

Hi. everyone.

I want "Anyconnect system scan" to work on all PCs.

However, some "WINDOW10" does not run "System scan".

PCs that do not have a "system scan" in common have a "no policy server detected" message.

Another commonality is that Security Products does not show anything.

Attach the screenshot below.

Please help me ...

 

20190702_193104.png20190702_193109.png

3 Accepted Solutions

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

Thank you for answer.

I solved this problem.

The cause of the problem was "Discovery host".

I entered the IP of the ASA in the "Discovery host" in the ISE.

The "Discovery Host" caused a redirection problem.

Using "call-home list" instead of "Discovery Host" solved the problem.

TAC recommends the use of "Call-home list".

The reason is that the client communicates directly with the ISE without going through the NAD.

View solution in original post

ALC7E83.png

 

Sorry for the late response.

Enter IP or FQDN in the call home list.

View solution in original post

16 Replies 16

Mike.Cifelli
VIP Alumni
VIP Alumni
Please share your Client Provisioning Policies so we can better assist. As well as any other information that may better assist us.

hslai
Cisco Employee
Cisco Employee

This appears a configuration issue. Please check out the following:

Thank you for answer.

I solved this problem.

The cause of the problem was "Discovery host".

I entered the IP of the ASA in the "Discovery host" in the ISE.

The "Discovery Host" caused a redirection problem.

Using "call-home list" instead of "Discovery Host" solved the problem.

TAC recommends the use of "Call-home list".

The reason is that the client communicates directly with the ISE without going through the NAD.

Hi could you shared ASA configuration call home list

ALC7E83.png

 

Sorry for the late response.

Enter IP or FQDN in the call home list.

Hi

 

We have a problem where we are still getting no policy server detected on endpoints. We do not have any proxy configured on ISE or endpoints. We have also configured Call home list but we are still facing the issue.

 

Thanks,

 

Aravind.

In your Posture Agent Profile Settings in ISE the discovery host should be set to the PSN IP Address you wish to use to scan your hosts. As by design here is where you tell the AC agent to connect to your server AKA ISE for posture checks/scan. HTH!

Hi, we used ASA to provision posture module, it work OK, but error appear saying No policy Server detected.

 

Did you left your DH empty on your solution? and only have the Call-home list with the PSN fqdn/ip address?

See the answer above.
I just attached a screenshot.

Hi Snika,

 

Your provided screenshot is not clear. So at Discovery Host which IP did you configure ?

Enter the ISE IP

Hello Snika,

 

What was the version back then when you encountered this issue  ?

 

 

2.6 patch 1

 

Are you troubled with this problem?

The method I have presented in this article can be one of many.

In my experience the problem of not finding the server was mostly anyconnect's problem.

You must delete all of the C:\ProgramData\Cisco directory after deleting AnyConnect.

Then reinstall and check the condition again.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: