Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
64343
Views
16
Helpful
16
Replies

ISE - no policy server detected

Go to solution
JustTakeTheFirstStep
Level 4
Level 4

‎07-02-2019 03:32 AM

Hi. everyone.

I want "Anyconnect system scan" to work on all PCs.

However, some "WINDOW10" does not run "System scan".

PCs that do not have a "system scan" in common have a "no policy server detected" message.

Another commonality is that Security Products does not show anything.

Attach the screenshot below.

Please help me ...

 

20190702_193104.png20190702_193109.png

8 people had this problem
Preview file
26 KB
0 Helpful
16 Replies 16

Go to solution
subrun.jamil
Level 1
Level 1
In response to JustTakeTheFirstStep

‎02-03-2021 01:41 PM

I have 2 PSN and Policy Service Perspective both PSN can serve for. Question is If I use ISEnode1 is Discovery Host , Posture will always be done by ISEnode1 ? 

 

And on what condition User Posture can go to ISENode2  ?

 

Yes Snika, I have this problem. settings wise I have ISEnode1 in Discovery Host and in the AnyConnect Unknown Compliant Auth Profile it has ISEnode2  as Static Host. 

Go to solution
Marcelo Morais
VIP
VIP
In response to subrun.jamil

‎02-03-2021 02:40 PM

Hi @subrun.jamil 

 a better practice is to place an URL (internal or external URL, for ex.: intranet.company, www.google.com) on the Discovery Host that will trigger the Redirect URL (do not use the PSN).

 

Note 1: AnyConnect already tries enroll.cisco.com so use a different URL.

 

Note 2: on the Call Home List you could have: a list of PSNs or Load Balance.

 

Hope this helps !!!

Customers Also Viewed These Support Documents